ProtonMail promises NSA-proof, encrypted communications with any email provider

Jos

Posts: 3,073   +97

Last year’s revelations about the NSA’s widespread snooping practices sparked plenty of debate over privacy, but also a number of initiatives to up online security. The latest to join the cause is an encrypted email service from researchers at Harvard, MIT and CERN called ProtonMail.

Encrypted email services are nothing new, of course, but the people behind ProtonMail believe they’ve successfully gotten around the different shortcomings of services like Lavabit and SilentMail -- both of which were forced to shutdown in the aftermath of Snowden’s revelations. 

For one thing ProtonMail’s servers are in Switzerland and the company is incorporated there, which should place it outside the scope of both U.S. and E.U. regulations and help protect against government-ordered seizures.

Even if a case was to work its way through the Swiss legal system, which has strong privacy protections, the way the system is set up means encryption happens locally on users’ browsers so any data that they do turn over would be encrypted. ProtonMail won’t have access to encryption keys and they won’t log personally identifiable information such as IP addresses.

Messages are fully encrypted end-to-end with “only the most secure implementations of AES, RSA and OpenPGP,” the company promises.

Another common shortcoming of secure email providers is that once you email users outside of their network -- say, anyone using Gmail or Outlook -- they’re no longer able to guarantee the content will be kept safe from prying eyes. ProtonMail gets around this using symmetric encryption. When an encrypted message is sent to an non-ProtonMail user, the recipient gets a link to load the encrypted message in their browser after entering a pre-shared passphrase.

ProtonMail users can also opt to send self-destructing messages.

Lastly, what ProtonMail believes will set the service apart is how easy it is to use. They claim to have completely abstracted away the complex cryptography to make encryption and decryption complete invisible to the user. There’s no software to install and no keys to generate.

A public beta launched on Friday but new signups were halted on Monday due to the growing demand. The service is “free for life”, and the company plans to offer paid accounts at around $5/month for more storage or extra features. They’ll eventually accept Bitcoin and cash to help users remain anonymous.

Permalink to story.

 
As much as I support software and services that attempt to secure the privacy of communications, I welcome the day when people stop selling these things as "-proof". Nothing is that secure.
 
It would be nice if I ever needed some form of secure mail but I don't (I think). I wonder if Al Qaeda knows about it yet...
 
"It would be nice if I ever needed some form of secure mail but I don't (I think). I wonder if Al Qaeda knows about it yet..."

Probably NSA did the Swiss incorporation, Anyone signing up for this MUST have something to hide and is therefore a target.
 
Who is to say the NSA did not covertly establish this service? Who is to say the NSA has not already hacked every bit of security code that these guys use or that the NSA does not have someone working on the inside as we speak to get into the system?

Privacy on the net is merely a myth.
 
I have a pet peeve about headlines that suggest there’s anything the NSA can’t access. There’s always a way.
 
Nevertheless, Harvard, MIT & CERN involvement is a decent start for confidence...

School prestige counts for little where this is concerned. The NSA et. al. recruit from these same institutions. If an MIT nerd writes up a nice encryption algo, it's only a matter of time before the NSA hires (a) another MIT nerd or (b) someone of equivalent intelligence to defeat it.
 
School prestige counts for little where this is concerned. The NSA et. al. recruit from these same institutions. If an MIT nerd writes up a nice encryption algo, it's only a matter of time before the NSA hires (a) another MIT nerd or (b) someone of equivalent intelligence to defeat it.
They are researchers. Not undergrads. If you have research quals (I.e. PhD), you have already proven to been thorough enough for peer reviewed work.

I'd take that any day over some private company's snake oil commercially driven rubbish. These are people who have not led a life driven purely by commercial interests.

You are right that it is a big claim for anyone to say something is bulletproof. To be honest, I can't wait for the day of quantum communications. Instant, uninterceptable, unlimited range. Maybe then we'd be worrying about nano-sized surveillance devices...
 
Last edited:
ProtonMail is saying they use end to end encryption and all email is encrypted on there servers. They use web browsers as the client and everything is baked in. If I'm the NSA or anyone who wants access to the emails, I don't bother attacking ProntonMail, I just go after the browser or OS the browser is running on. It's the weakest point. I can simply monitor who makes a connection to ProntonMail. Yes, ProntonMail is doing the right things however security is like a chain, go after the weakest link.
 
They have secured there end to the best of there abilities but nothing is "Hack Proof", someone could still get into there end of the service. But as others have pointed out hackers go after the easy entrance if your using pretty much any mainstream OS or web browser you have given them a pretty open door. I don't really understand where people got the idea that the internet had any privacy, their strive to achieve privacy over the internet is futile imo.
 
Back