Microsoft Subnet An independent Microsoft community View more

Huge demand for NSA-proof email: ProtonMail uses a month's server capacity in 3 days

Demand for a free and easy-to-use NSA-proof email service is so high that ProtonMail ran out of a month's worth of server capacity in 3 days.

There's a huge demand for private and secure email that is as easy to use as Gmail or Outlook, just ask the Harvard and MIT students who created a Swiss-based end-to-end encrypted email service called ProtonMail. You can request a beta signup and even reserve your ProtonMail username now, but you can't access a new account right now unless you previously signed up as a beta user. ProtonMail had resources to support over one month of user signups, but demand for the NSA-proof email was so high that the limit was used up in about 60 hours.

ProtonMail promised to ignore law enforcement requests, according to FreedomHacker, "unless they are accompanied by an enforceable Swiss court order. These court orders are extremely difficult to obtain as the case must first work its way through the Swiss legal system which has strong privacy protections. And even then, we do not have access to user encryption keys so any data we do turn over would be encrypted."

You can get a look at the service via screen captures on Cryptocoins News, where ProtonMail systems admin Andy Yen said, "From the start, we've worked closely with security experts at CERN and MIT to ensure we're providing our users the highest possible level of security." Developer Jason Stockeman added, "It's just like using Gmail, but way more secure."

Today, ProtonMail published its threat model, describing what it is and is not designed to guard against. There are "more secure" methods to build an email service, but those can make it too complicated for the average person to use. The ProtonMail blog explained:

At ProtonMail, our goal is to guard against mass surveillance and we feel the best way to do that is to give encryption to everybody. The only way to do that, is to make encryption easy to use. This is why ProtonMail works out of any modern web browser, and why we went to great lengths to make the cryptography completely invisible to the user. However, this approach does come with certain shortcomings.

If a user is compromised, such as by using a machine infected with a keylogger, then ProtonMail naturally cannot guard that user's privacy. It might still be possible for a powerful attacker, like a government entity, to target a specific user with a man-in-the-middle attack; yet it's very difficult for MITM attacks to "be used on a large scale to perform mass surveillance." Another potential attack vector might be an unauthorized backdoor, but the odds of such a backdoor being successfully executed are "quite low."

Risk analysis indicates ProtonMail offers good enough security to protect most users. Although the service might have been born after Edward Snowden blew the whistle on NSA surveillance, it's not meant for him. "In case Mr. Snowden was foolish enough to try, we have already blocked the username snowden@protonmail.ch."

There are always people who point at privacy- and security-enhancing services while claiming they work great for criminals to evade authorities. "There is no denying that ProtonMail provides a high level of security and privacy for criminals," but it also provides privacy and security for dissidents and "law-abiding private citizens who simply want control over our online data."

We can either chose to live in a world where everybody is under surveillance, or a world where everybody (criminals included) have privacy. We feel that the right to privacy is a fundamental human right, and we are willing to fight and work towards protecting that right.

ProtonMail creators described it as "perfect" for private citizens or corporations that do "NOT want the government to have access to all of their emails at any time," and do "not like Google or Microsoft constantly scanning and archiving all conversations. With ProtonMail, the barrier of entry for mass surveillance is high enough that mass surveillance simply is not practical. This is an example where 'good privacy' can act as a meaningful substitute to 'perfect privacy'."

By all means, read more about its security and then give it a try. Go request a beta signup and reserve your ProtonMail username now.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.