People are becoming more and more wary of big tech companies mining your data to sell to advertisers–but it’s hard to find alternatives to services that tech titans have spent years streamlining. Almost exactly a year ago, Swiss-based ProtonMail unveiled a solution for privacy-minded people who want their email so secure that even ProtonMail’s team can’t get into their inboxes. But have they gotten any closer to getting everyone to leave the convenience of Gmail?
The key isn’t to develop the same amount of features as Gmail–it’s to focus on a service and promote the idea that privacy should be a right, ProtonMail cofounder Andy Yen said during his TEDGlobal presentation last October. ProtonMail stands with Tor, DuckDuckGo, and other privacy-minded companies and organizations in that regard. ProtonMail’s end-to-end encryption security process is based on a tried-and-trusted decades-old method called PGP, but the the service itself and all of the infrastructure is built by ProtonMail’s team of CERN scientists. Yes, that CERN, the one with the world’s biggest particle smasher. Immediately after the Snowden documents were unleashed in 2012, the CERN cafeteria was abuzz with privacy concerns and Yen rallied several of his CERN pals to start building a truly private email service. But to keep an email truly private, you need to encrypt it from the moment you hit “send” to the moment your intended recipient (and only your intended recipient) opens it. That’s end-to-end encryption.
ProtonMail’s brand of end-to-end RSA encryption works like this: Your computer uses ProtonMail’s algorithms to generate a public key linked to a private key, you send your public key to your friend, and when your friend wants to send you a message they encrypt it using your public key–but only your personal private key can decrypt the message. Since those algorithms automatically build personalized, unique keys for everyone who opens an account (and only for that account’s owner), ProtonMail employees don’t have access to your email. Even if a government demanded ProtonMail hand over its users’ emails, as happened to U.S.-based encrypted email provider Lavabit, which shut down rather than hand the emails over, ProtonMail couldn’t break into its users’ accounts if they tried. Just in case, ProtonMail doubled down on the sovereignty of its user data by hosting all data in Swiss data centers (in former nuclear bunkers formerly used by the Swiss government, no less). That means the weakest security link is the user: as long as your password is secure, so is your email data.
To be fair to encryption purists, the PGP data encryption method was invented in 1991 and has provided encryption via downloadable programs and encryption key generation since then. ProtonMail does all that for you behind the scenes, making the encrypting and decrypting process completely invisible to the user, ProtonMail cofounder Jason Stockman told CryptoCoinNews: Using ProtonMail is just like using Gmail, but secure. ProtonMail’s quest has been to bring down that barrier to entry for encrypted email, and the trick is to get it closer to Gmail so the transition to encrypted email is less jarring.
ProtonMail officially launched at the end of May 2014 as a simple, spartan email service trumpeting privacy over features. Since then it has introduced its own versions of a good chunk of Gmail’s features, including labels and themes, but they also beefed up security by encrypting attachments and encrypting replies from non-ProtonMail accounts. Yen says that Google could make Gmail end-to-end encrypted–they have the technology–but Google needs access to your emails to mine your data, which is part of their funding model. People are becoming increasingly uncomfortable with tech titans pilfering your data to repackage into sellable chunks, and Yen thinks the data-mining model will die in the next decade.
In a year, ProtonMail has signed up 500,000 users–many of whom are passionate about ProtonMail’s cause and became passionate members of ProtonMail’s community, says Yen. ProtonMail’s earned goodwill by open-sourcing all of its encryption methods, which have allowed similar end-to-end encryption services like Lavaboom to use their code libraries to get started quickly. But people also trust ProtonMail because its cryptography is open source: people have been tinkering with PGP for 20 years, so they know and trust how ProtonMail is encrypting its users’ email. But if PGP encryption has been around for 20 years, what’s the chance a hacker could figure out how you’re scrambling your data?
“It’s practically impossible with current computing power,” says Yen. “Just because you know how the data is scrambled doesn’t mean you know how to descramble it. It has to do with how the algorithms are created.”
Those algorithms happen to be built by ProtonMail’s team of CERN and MIT physicists—and believe it or not, slamming particles together in the Large Hadron Collider has a lot to do with privacy. For one, particles collide 600 million times per second in the LHC and each collision is recorded, producing about 30 petabytes of data annually for physicists to sift through—so the scientists are experienced in data processing. Physics and math are close kin, so ProtonMail’s team of physicists took to the advanced mathematics of encryption quickly, but programing prowess isn’t the only part of CERN in ProtonMail’s DNA. CERN also birthed the World Wide Web in 1989, and it continues to draw brilliant and forward-thinking scientists. It was just a matter of time before their idle cafeteria chat turned into serious conversation about how they could apply their dynamic problem-solving skills to get privacy back for their email—and remove the hurdles that prevent people from accessing privacy solutions.
Barring a hacker unscrambling your key in a Hollywood-level miracle, your email’s security depends on how secure your password is. Many think passwords are so 20th century, but in the interim, ProtonMail can put privacy in your hands.
[Full disclosure: ProtonMail cofounders Andy Yen and Jason Stockman were classmates of mine in high school.]