Big Demand for Encrypted Email Service

Tuesday, May 27, 2014 @ 06:05 PM gHale

A beta release of an encrypted, secure email service was so popular and interest so great, its developers had to temporarily close the signups.

The name of the service is ProtonMail, and the creators are CERN researcher Andy Yen (the service’s system administrator), designer Jason Stockman (the front-end developer), and MIT graduate/CERN software developer/resident cryptography expert Wei Sun, who tackled the development of the service’s back-end.

Encryption Woes with Android Email Apps
Apps Take Photos with No One Knowing
iPhone Hack Attack Spreading
Siri Allows iPhone Break-in

“ProtonMail was founded in summer 2013 at CERN by scientists who were drawn together by a shared vision of a more secure and private Internet,” it said on the project’s official website.

“ProtonMail is developed both at CERN and MIT and is headquartered in Geneva, Switzerland. We were semifinalists in 2014 MIT 100K startup launch competition and are advised by the MIT Venture Mentoring Service.”

The service offers end-to-end encryption, which means the data ends up encrypted on the users’ computer before going to the company servers. “We have no access to your messages, and since we cannot decrypt them, we cannot share them with third parties,” the creators said.

The company does not log IP addresses or require any personal information to sign up, and accepts bitcoin and cash payments for paid accounts to ensure user anonymity. There are also free accounts and the company only charges for extra storage.

Since ProtonMail’s headquarters is in Switzerland, its servers are also in the country.

“All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and entities,” they pointed out. “Only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.”

The service apparently checks another box that is crucial for a successful encrypted email offering: It’s easy to use. Users will only have to remember/store two passwords: One to authenticate themselves, and another to decrypt the user’s data in the browser. The latter never ends up shared with the company, so if you forget or lose it, you cannot recover the data stored in your account.

The service uses secure implementations of AES, RSA, along with OpenPGP, and open source cryptographic libraries in order to guarantee that there are no hidden backdoors. It’s also interesting to note that even non-ProtonMail users can receive the encrypted messages sent by a user – they will receive the decryption passphrase along with the message.

The beta version of the service launched last Friday, and less than three days later they reached full server capacity.

“Over the next couple days, we will work on expanding our server capacity, and further improving our security. Since our launch, we have had several offers to help us with a full security audit and as those results come in, we will also be taking steps to further improve the security of ProtonMail,” Yen said on the company blog. “Because of the overwhelming demand for ProtonMail, we are also looking for additional developers to help us build ProtonMail.”

While waiting for them to reopen the gates, users can reserve their ProtonMail username.

Leave a Reply

You must be logged in to post a comment.