A few years ago, two software engineers took a look at the state of privacy online. Edward Snowden had recently revealed that the NSA was reading the emails of American citizens. A small group of companies controlled the majority of the internet, as they do now, by offering free services as they gathered data about the people using them. The engineers, who had just helped take a security company called Rapid7 public, decided to leave their jobs to work on a better way to protect privacy; three years later, they’ve launched a new product in an attempt to address the problem. Called Helm, it’s a private email server that you can use in your home–an alternative to free cloud-based services, like Gmail, that make it impossible to control your own data.
“One of the things that became really evident to us was how the vast majority of people were living more and more of their lives online, and as we live our lives online, we didn’t really have much of a choice but to trust a handful of very large and powerful tech companies,” says Giri Sreenivas, cofounder and CEO of Helm. “All of that data and all of those online behaviors were being centralized in a way that made it very easy for governments to conduct this type of surveillance.”
The new server is a small device that stores email, calendar entries, and contacts, and can be used with an ordinary email app on a desktop computer or a phone. The data, which is backed up offsite, is encrypted, and only the user can decrypt it. It takes three minutes to set up, the designers say, and automatically updates itself to stay secure.
“It creates a different paradigm,” says Sreenivas. If the government wants to read all of your emails, they’ll need a warrant to come inside your home. “They need to go through the customer to get access to that data.” Google’s lawyers might stand a better chance of stopping a government warrant for your emails, but at least you’d know that your emails weren’t secure.
The server is designed to protect users both from government surveillance but also the more mundane but equally invasive threat of companies mining data to sell to marketers. First, Sreenivas says, email addresses tend to be linked to everything else you do online, from banking to dating; if you control your own email, it’s harder for companies to see the full picture of your digital life. Second, they can’t easily scour what you’ve written. For instance, Google says no one reads your emails, but there have been some lapses, and your email is still associated with things you’ve watched on YouTube, which still allows for targeted ads. Other email services, like Yahoo and AOL, still do scan your email. It’s true that if you’re sending an email to your grandmother’s Yahoo account, Yahoo could still potentially gather data from that exchange. But “for an organization to build a profile of you as an individual based on who you communicate with, it’s much more difficult, if not impossible, in comparison to a centralized store of information like your actual email account,” he says.
“If you don’t want data to end up in the hands of marketers, then I think you do have some reason to be a bit concerned about some free services that are used…if you have your data, then you have a lot more control over it,” says Justin Cappos, a cybersecurity expert and computer science professor at New York University. “For most people, the bargain you get with something like Gmail is they manage all of the storage, you don’t have to worry about something like a hardware failure.” The new server has 120 gigabytes of storage; if something happens to the server, Helm will overnight a new one, though that might mean being without new emails for half a day.
One challenge to adoption may be price: The Helm server is launching at $499, and after a year, users will have to pay a $99 subscription fee. And there are obvious benefits to having a major corporation fixing bugs, blocking spam, and otherwise maintaining your email server for you. So Sreenivas says that the company will initially target engineers and security and gadget enthusiasts in particular, but he believes that the market is wide. “We think people are understanding more and more that there is no such thing as ‘free,’ that ‘free’ email services rely on profiting off your personal data with third parties, with all the associated risks,” he says. “As more and more data breaches occur, people will want their personal information closer to home, especially as the convenience of doing that increases.”
If people do move away from free services, it could change marketing. “We believe that there’s an opportunity where people have control to make much more selective decisions about how their personal information and how their online behavior can be exposed,” he says. “We’re not against people being able to trade information about them in exchange for some sorts of benefits. In many ways this has contributed to how the internet has grown as fast as it has.”
Someone might visit a website, be asked to answer a few questions about themselves, and then be able to read five articles in exchange, for example. The fundamental difference from today’s system is that users would be actively consenting to share their data. “We feel the pendulum swung too far,” he says. “So I envision a future where advertisers actually come to individuals who have control over the data.”
“I don’t know if that’s a future that’s three years from now or five years from now or 10 years from now,” he says. “But I do believe that what we’re building is a fundamental building block to be able to get there.”