In the wake of the Lavabit’s demise and increased interest in secure mail services, Switzerland-based ProtonMail is looking to zap a little life into the old PGP mail server market. Currently crowdfunded far past its goal of $100,000, the service wants to make it cheap and easy to get a secure email account with just enough paranoia built in to keep you safe.
I asked one of the creators, co-founder Andy Yen, why we should trust them. He said we didn’t have to.
“One of our goals is actually to build a system that does not require trusting us,” he said. “We’ve taken the first step with our zero access architecture which means we cannot actually read any of our users’ encrypted messages. When the code base becomes more mature, we also plan to open source the ProtonMail software.”
The service works by encrypting all the messages in the user’s web browser before it even reaches the ProtonMail servers. This means ProtonMail doesn’t hold the password and can never decrypt user messages. It’s this unique proposition — that there is no way to get everyone’s email if the server is compromised — that seems to have struck a chord with backers.
The co-founders envisioned the service over dinners at CERN’s Restaurant 1 last summer. The team then congealed over Facebook and began plotting out a secure email system for the masses.
“The CERN scientific community has always been very attuned to Internet-related issues so when the NSA spying story broke, many of us were outraged that mass surveillance was also so prevalent in the U.S. and Europe,” said Yen. “This was something that really drove us to take action because if we realised if we don’t fight for privacy, nobody is going to do it for us.”
The team has covered all its bases. For example, they chose Switzerland, because, according to the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT), the company cannot be compelled to expose their system to any government authority. “This means that under Swiss law, ProtonMail CANNOT be compelled to backdoor our secure email system. Furthermore, any attempt to extend the SPTT will inevitably fail because the Swiss public is strongly opposed to any extension and an extension could be subject to a public referendum.”
The creators are physicists, designers, and economists (many of them studied multiple fields) and it’s clear they’ve crossed their T’s and encrypted their I’s. Interestingly, they’re planning on releasing the service as an open-source product when it is complete, ensuring an auditable system.
Instant access to the services costs $37, and $149 gets you a year of ProtonMail+, a storage service that offers 1GB of mail space. The team is also taking pledges in bitcoin, if you’re so inclined.
“At ProtonMail, our goal is to guard against mass surveillance and we feel the best way to do that is to give encryption to everybody. The only way to do that, is to make encryption easy to use. By lowering the entry barrier to using encryption, we hope to convince people to adopt and use encryption in their everyday lives, one email at a time,” said Yen.
The service is actually almost live now and for a pledge of $37 you can reserve your username. Usernames are going fast – I created a random one, just for kicks, because there were enough johnbiggs@ email address out there – and it looks like these CERN lads are going to have a real hit on their hands.