Looking for “NSA-proof” email? Swiss-based ProtonMail has your back
Privacy laws and user agreements aside, no one reliably expect true privacy when surfing the internet on their phone, tablet, or computer. It is like walking outside – people are going to see you and know you are there.
The NSA stuff got everyone ruffled because it went beyond the “public profile” and used overt twists in written law (and arguably beyond) to gain access to user data en masse, up to, and including email data, and phone call data.
That is where a small team of developers and system administrators from MIT, Harvard, CERN (European Organization for Nuclear Research), and other institutions had a meeting of the minds and designed ProtonMail.
Founded in 2013, ProtonMail was developed in a private beta environment while the team worked on the encryption and other security protocols to make the service as private as possible. ProtonMail is now in public beta.
What makes ProtonMail so secure? First, the company is incorporated in Switzerland where privacy laws for individuals and businesses are very strong. Then there is the end-to-end encryption, and dual authentication that is required to log into your account. The authentication and encryption is segregated, so ProtonMail claims that even they cannot get to your data. If you forget your decryption password, no one can help you get to your mail.
Since even ProtonMail cannot get to your stuff, the company is incapable of responding to a would-be government demand. The company maintains that everyone is granted 100% anonymity, no IP tracking, and no user log-in data. The home page does use Google Analytics though, which ProtonMail admits to, but we find that to be a strange bedfellow given the mission of this service.
Even though ProtonMail is encrypted, you can send and receive messages to your lesser email friends that use Gmail, or Yahoo! and the like. You can also send symmetrically encrypted messages which gives the receiving party a link to the encrypted message using a pre-arranged passphrase.
Perhaps the three coolest features of ProtonMail are its self-destruction of messages, you can set up an expiration time et voila, the message is gone, like SnapChat. Another cool angle is that the site is mobile friendly, no app needed. Finally, ProtonMail is free and available everywhere (though we imagine that places like China, Iran and a few other friendly countries might find ways to block access).
The free accounts allow for 100MB of storage and 500 messages per month. There will be paid options introduced in the future which will provide more storage space, but those pricing options are not available yet. Set-up is simple. If you go all-in, just get used to having a “protonmail.ch” domain extension for your email.
1. james1 (Posts: 78; Member since: 16 Mar 2013)
It's nice to see services like that, ones that actually protect the people. I don't want to start anything but I'm starting to feel that terrorism is the government's excuse to infringe on people's privacy without consent. It's ironic because our OWN government is violating the 4th Amendment.
2. PhoneArenaUser (Posts: 5478; Member since: 05 Aug 2011)
"I'm starting to feel that terrorism is the government's excuse to infringe on people's privacy without consent."
It is sad that you started to feel that only now, but it is still good that you started. :)
5. networkdood (Posts: 6267; Member since: 31 Mar 2010)
Well, you are now starting to wake up - that is important as the United States is a land full zombies, or people just walking through life not realizing just what is truly going on. BTW, the govt violating the 54th amendment is not the only amendment it is violating - look up the PATRIOT ACT and the latest NDAA.
3. wilsong17 (Posts: 883; Member since: 10 Mar 2013)
is on the internet is not safe who are the idiots that everything you do on the internet is safe
4. 0xFFFF (Posts: 2962; Member since: 16 Apr 2014)
I remain skeptical of browser-based "secure" email. Hopefully ProtonMail will be revealing their secure protocols/APIs which would allow for desktop clients and validation of their security.
As it is now, it looks more like a metadata honeypot than a real secure email offering.
7. Gawain (Posts: 353; Member since: 15 Apr 2010)
Yes yes...you figured them out! And so quickly too. Surely you have defenses against all the black helicopters that orbit your residence. The security model seems sound. Of course, they're probably not using OpenSSL anywhere... ;-P
8. 0xFFFF (Posts: 2962; Member since: 16 Apr 2014)
You are quick with the ridicule, but many secury experts are skeptical of any security that is browser based. For a company to offer so-called secure email that has a weak security foundation, well, this doesn't make much sense.
Unless you pride yourself on being some sort of "Knight of Blunder and Ignorance", I would suggest you do some reading and learn how to analyze and think before shooting your blunderbuss off.
9. Gawain (Posts: 353; Member since: 15 Apr 2010)
I'm reasonably well versed in PGP, and I also know, having read through their architecture, that they go well beyond anything I've seen for the consumer. NSA proof? I don't know, I'm not Snowden. The security is clearly not browswer based.
What I'm also well versed in is that you have been posting here for a month, and it's been pretty much 1,000 posts of you taking a sh!t on every article, so don your armor of "Blunder and Ignorance" yourself.
Meanwhile, I was really just ribbing you (hence the :-P) but if you're too sensitive I'll bring wipes for you to use next time.
6. JMartin22 (limited) (Posts: 973; Member since: 30 Apr 2013)
More government hysteria bullcrap. Companies are taking this trend and are trying to market their products around it