These Harvard And MIT Kids Say They’ve Made NSA-Proof Email
Those who worry that Gmail or the National Security Agency may be rifling through their emails now have a new alternative: ProtonMail, a super-secure email service created by students from Harvard and the Massachusetts Institute of Technology.
“It was the Snowden leaks that got us started,” ProtonMail founder and front-end developer Jason Stockman told The Huffington Post. “A lot of us at the time were working at CERN, the nuclear research facility in Switzerland, and we started hearing about all this and we really freaked out. We ended up posting on Facebook about privacy issues, and it just grew from there.”
ProtonMail’s open beta launched on Saturday, and its security measures are intense: end-to-end encryption and user authentication protocols so rigorous even the creators can’t read user emails. “If we can’t read it, we obviously can’t turn it over to any government agencies,” one of ProtonMail’s creators, Andy Yen, explained to BostInnoin an interview.
Those who want to put ProtonMail’s code to the test can have at it: Anyone using the Web version of ProtonMail can right-click the page and hit “View Source” for a peek at the encryption and decryption protocols.
“Nothing is compressed, which means it will take an extra half second to load,”Stockman told CryptoCoinsNews. “But on the upside, it’s fully viewable and auditable in real time.”
But for all that sophistication, ProtonMail’s developers are also quick to emphasize the service’s ease of use.
“There’s a few people who tried to start this kind of service in the past and they’ve all had really steep learning curves — you had to configure a lot of things, you had to install extra software,” Stockman told HuffPost. “We thought it was really important to make an easy user interface, so we’ve abstracted out all the encryption […] Literally, if you can use Gmail, you can use ProtonMail. It’s exactly the same. A lot of our users are coming from other services and they’re just blown away by how easy it is to use.”
Last summer, at the height of anti-Snowden investigations, the U.S. government shut down several secure email services similar to ProtonMail. As a result, ProtonMail has chosen to incorporate in Switzerland, a country with some of the most stringent privacy protections in the world (it’s the home of the legendary Swiss Bank accounts, after all). The .ch domain name makes it unlikely that ProtonMail will go the way of SilentMail or LavaBit.
“This is an inevitable result of the recent news about government surveillance or other forms of email monitoring,” Ben Johnson, chief evangelist at server and endpoint security vendor Bit9, told HuffPost in an email. “Because the encryption is point-to-point, the middleman — the ProtonMail service — never receives the decrypted data. The way these messages could be compromised are really limited to two things: weaknesses in encryption implementation, and endpoint compromise.”
However, Johnson warned, the very qualities that set ProtonMail apart could also make it attractive to the wrong kind of user.
“One of the challenges with systems like this, in addition to folks who just want more privacy and peace of mind, is that this is the kind of service that criminals will flock to,” he said.
When asked about such concerns, Stockman’s response was succinct.
“You can either have a world where you’ve got private communications or not,” he told HuffPost. “There’s not a middle ground.”
ProtonMail is currently free, and the creators have told HuffPost they aim to keep it that way.
“We’re going to be following a model similar to Dropbox, where we have a free account for life and then if you’re a power user, if you want more storage, if you have a lot of attachments or if you want some of the additional features we’re going to roll out, you can upgrade to a premium account for $5 per month,” said Stockman.
Interested parties can sign up here, although as of Monday there’s a waiting list.
Written by: Betsy Isaacson