Do you value personal security, privacy, and trade secrets? Do you believe that not having anything illegal to hide shouldn’t entitle third parties to freely pore over your data? Well, there’s an app for that; not really an app, per say, but an end-to-end encrypted e-mail service based in Switzerland called ProtonMail. It’s the e-mail service created by five ex-researchers from the European Organization for Nuclear Research (CERN) for the purpose of delivering PGP-level security with the ease of setting up a Gmail account.
PGP, short for Pretty Good Privacy, was the complex system of e-mail encryption used to hide communications between Glen Greenwald and Edward Snowden, when the pair first sat down and talked. In a sense, the system is what permitted the entire NSA-leak fiasco to take place, as Snowden only agreed to leak documents under the pretense that Greenwald set this baby up. Establishing PGP is no small task; it involves installing three separate programs, struggling with a non-intuitive user interface, and doing some back-end networking tweaks. In short, PGP is outside the hands of mere commoners.
ProtonMail was established as a means of providing an encrypted e-mail system simple enough for anyone to use. ‟I think we have struck the right combination of security and ease of use,” co-founder Andy Yen told the Daily Dot. ‟The most secure system in the world is not useful if it is so complex nobody can use it. With ProtonMail, I think we have the ability to make encrypted communications mainstream instead of a niche market.”
Features
ProtonMail takes anonymity and zero access very, very seriously, so much so that no personal information is required to sign up for an account, nor are any logs kept of the IP addresses accessing its servers. Users have the option of selecting a free basic account, or upgrading to a $5 a month subscription model for increased storage. Payments can also be made with Bitcoin to further maintain anonymity.
ProtonMail hosts its servers in Switzerland, where it is incorporated, placing the service outside U.S. and EU jurisdiction. Furthermore, the end-to-end encryption method ensures that e-mails are already encrypted by before they reach the servers. Since ProtonMail cannot decrypt them, they cannot be shared.
Lastly, ProtonMail is browser-based and requires no plug-in or app installations to set up on all your devices: desktop, laptops, tablets, and smartphones. Andy Yen agrees that a browser-based model isn’t as secure as an application like PGP, but switching to a software model would contradict the ease of access at the heart of the service. ‟It is possible to do more secure implementations of PGP,” he says, ‟but you would lose a lot of the ease of use.”
As long as users don’t have key-loggers infecting their computers, browsers are perfectly safe. Regardless, the best practices of inputting a password on any online account dictate that an on-screen keyboard should always be used. The application-based model was further avoided because mobile devices require applications to be downloaded and installed from app stores, and the level of cooperation between Google and the NSA is uncertain. Some evidence suggests that the company allows the NSA to backdoor into apps on the Play Store without public knowledge.
How to use ProtonMail
Two passwords are required to access one’s ProtonMail account. The first logs you onto the system, and the second descrambles all the information in your inbox. E-mailing other ProtonMail users is as simple as clicking “send”; encryption occurs automatically. But sending an encrypted e-mail to a non-ProtonMail user is a bit trickier. The sender must first tick a box labeled “Encrypt for Outside Users,” create a password that deciphers the encryption, and provide an optional password hint.
Image courtesy of DailyDot
The e-mail that arrives in the recipient’s inbox will contain the encrypted message from the ProtonMail user and a link to where the password can be retrieved.
Image courtesy of DailyDot
Once the link is clicked, a prompt will demand the password that decrypts the e-mail’s content.
Image courtesy of DailyDot
Requiring all the parties involved in the e-mail exchange to pre-emptively know the password is a bit risqué, and can potentially compromise the password, depending on how it’s exchanged. Ironically, the practice of exchanging via analog communications ciphers harkens back to older generations of cryptography.
Sound valuable? Then visit the ProtonMail’s website to set up an inbox.
Via DailyDot
Advertisement
Learn more about Electronic Products Magazine
