ProtonMail promises NSA-proof, encrypted communications with any email providerBy Jose Vilches 14 comments
Last year's revelations about the NSA's widespread snooping practices sparked plenty of debate over privacy, but also a number of initiatives to up online security. The latest to join the cause is an encrypted email service from researchers at Harvard, MIT and CERN called ProtonMail.
Encrypted email services are nothing new, of course, but the people behind ProtonMail believe they've successfully gotten around the different shortcomings of services like Lavabit and SilentMail – both of which were forced to shutdown in the aftermath of Snowden's revelations.
For one thing ProtonMail's servers are in Switzerland and the company is incorporated there, which should place it outside the scope of both U.S. and E.U. regulations and help protect against government-ordered seizures.
Even if a case was to work its way through the Swiss legal system, which has strong privacy protections, the way the system is set up means encryption happens locally on users' browsers so any data that they do turn over would be encrypted. ProtonMail won't have access to encryption keys and they won't log personally identifiable information such as IP addresses.
Messages are fully encrypted end-to-end with "only the most secure implementations of AES, RSA and OpenPGP," the company promises.
Another common shortcoming of secure email providers is that once you email users outside of their network – say, anyone using Gmail or Outlook – they're no longer able to guarantee the content will be kept safe from prying eyes. ProtonMail gets around this using symmetric encryption. When an encrypted message is sent to an non-ProtonMail user, the recipient gets a link to load the encrypted message in their browser after entering a pre-shared passphrase.
ProtonMail users can also opt to send self-destructing messages.
Lastly, what ProtonMail believes will set the service apart is how easy it is to use. They claim to have completely abstracted away the complex cryptography to make encryption and decryption complete invisible to the user. There's no software to install and no keys to generate.
A public beta launched on Friday but new signups were halted on Monday due to the growing demand. The service is "free for life", and the company plans to offer paid accounts at around $5/month for more storage or extra features. They'll eventually accept Bitcoin and cash to help users remain anonymous.