There's a huge demand for private and secure email that is as easy to use as Gmail or Outlook, just ask the Harvard and MIT students who created a Swiss-based end-to-end encrypted email service called ProtonMail. You can request a beta signup and even reserve your ProtonMail username now, but you can't access a new account right now unless you previously signed up as a beta user. ProtonMail had resources to support over one month of user signups, but demand for the NSA-proof email was so high that the limit was used up in about 60 hours.
ProtonMail promised to ignore law enforcement requests, according to FreedomHacker, "unless they are accompanied by an enforceable Swiss court order. These court orders are extremely difficult to obtain as the case must first work its way through the Swiss legal system which has strong privacy protections. And even then, we do not have access to user encryption keys so any data we do turn over would be encrypted."
You can get a look at the service via screen captures on Cryptocoins News, where ProtonMail systems admin Andy Yen said, "From the start, we've worked closely with security experts at CERN and MIT to ensure we're providing our users the highest possible level of security." Developer Jason Stockeman added, "It's just like using Gmail, but way more secure."
Today, ProtonMail published its threat model, describing what it is and is not designed to guard against. There are "more secure" methods to build an email service, but those can make it too complicated for the average person to use. The ProtonMail blog explained:
At ProtonMail, our goal is to guard against mass surveillance and we feel the best way to do that is to give encryption to everybody. The only way to do that, is to make encryption easy to use. This is why ProtonMail works out of any modern web browser, and why we went to great lengths to make the cryptography completely invisible to the user. However, this approach does come with certain shortcomings.
If a user is compromised, such as by using a machine infected with a keylogger, then ProtonMail naturally cannot guard that user's privacy. It might still be possible for a powerful attacker, like a government entity, to target a specific user with a man-in-the-middle attack; yet it's very difficult for MITM attacks to "be used on a large scale to perform mass surveillance." Another potential attack vector might be an unauthorized backdoor, but the odds of such a backdoor being successfully executed are "quite low."
Risk analysis indicates ProtonMail offers good enough security to protect most users. Although the service might have been born after Edward Snowden blew the whistle on NSA surveillance, it's not meant for him. "In case Mr. Snowden was foolish enough to try, we have already blocked the username email@example.com."
There are always people who point at privacy- and security-enhancing services while claiming they work great for criminals to evade authorities. "There is no denying that ProtonMail provides a high level of security and privacy for criminals," but it also provides privacy and security for dissidents and "law-abiding private citizens who simply want control over our online data."
We can either chose to live in a world where everybody is under surveillance, or a world where everybody (criminals included) have privacy. We feel that the right to privacy is a fundamental human right, and we are willing to fight and work towards protecting that right.
ProtonMail creators described it as "perfect" for private citizens or corporations that do "NOT want the government to have access to all of their emails at any time," and do "not like Google or Microsoft constantly scanning and archiving all conversations. With ProtonMail, the barrier of entry for mass surveillance is high enough that mass surveillance simply is not practical. This is an example where 'good privacy' can act as a meaningful substitute to 'perfect privacy'."
Like this? Here's more posts:
- Hacking hotels, shells, cellphones, cars and more mischief coming to Black Hat
- Judge to Microsoft: Hand over cloud data no matter where in the world it is stored
- Targeted ads that track how and where you drive are coming to connected cars
- New NSA Chief expects attacks attempting to damage, destroy critical infrastructure
- Record and rewind: Cops quietly test aerial surveillance to track crime
- Smart toilet spying on health is a hoax, but is there privacy in a public potty?
- No reasonable expectation of privacy when third parties cross the creepy line?
- USA world rankings: #1 for sending spam, #8 for Netflix streaming speeds
- Microsoft shares 2 cybersecurity papers to protect infrastructure and supply chain
Follow me on Twitter @PrivacyFanatic