For Proton CEO and cofounder Andy Yen, building an encrypted email service is no longer enough.
Although ProtonMail has been around since 2014, lately the company has started setting its sights more broadly. In April, Proton launched its own calendar as a public beta, and earlier this month it expanded the beta version of its cloud storage service, called Proton Drive, to all paid subscribers. A recent redesign helped tie all those products together into one interface.
Squint hard enough, and you can see the beginnings of a more private alternative to Big Tech productivity tools, most notably Google Workspace (formerly G Suite). Yen says that’s the ultimate goal, hinting at other services like video chat on the horizon.
“Everything that Google does is uniformly not done in the most privacy-protecting way,” he says. “Over the long term, I would like to do everything that they do, but do it properly, with privacy first instead of as an afterthought.”
Yen isn’t alone. Other companies like Skiff, Vivaldi, Brave, and DuckDuckGo are all trying to pick away at the kind of all-encompassing tools that Google offers, but with privacy as a core value. In doing so, they’re taking advantage of both a broader privacy awakening in the tech industry and improvements in the technology that protects user data.
But while their goals seem noble, they also face the same fundamental challenge: Beating the likes of Google on features other than privacy is harder than it looks.
The private software boom
Consider these other examples of privacy-centric upstarts broadening their horizons:
- Skiff, an online document editor that features end-to-end encryption, has launched in private beta and raised a $3.7 million seed round in May. CEO and cofounder Andrew Milich says the startup is already prototyping other elements of Google Workspace, such as spreadsheets. (It sounds like the company wants to support the kind of dynamic, interlinked documents popularized by Notion, which Google itself is now trying to replicate.)
- The web browser Vivaldi recently launched its own mail client, calendar, translation tool, and news feed reader to complement its existing notes service. CEO Jon von Tetzchner says the company collects no usage data on these products, and hopes they’ll help users transition away from Big Tech. (The mail client, for instance, lets users easily toggle among email providers, including Vivaldi’s own offering.)
- According to Wired, DuckDuckGo plans to launch its own desktop web browser later this year to complement its existing search engine and mobile browser. It’s also working on an anti-tracking app for Android and a way to block trackers in email.
- The private-browser maker Brave, meanwhile, is moving in the opposite direction with its own search engine.
Proton’s Yen says that all of these companies are having the same revelation: To truly take on the likes of Google, they need to build ecosystems instead of just one unique service.
“The reason Google is so powerful and attractive to consumers is because they do offer an entire suite of products,” he says.
Building more private web services is also becoming easier as more companies create encrypted products and publicly share the technical details of their work. To support end-to-end encryption in Skiff, for instance, Milich says the startup drew heavily on existing white papers and technical documentation from other encrypted services, including WhatsApp, Signal, 1Password, and even Proton.
“All of those just make it better to build products like ours,” he says.
Milich also points out that end-to-end encrypted products can be faster now than they used to be. Skiff, for instance, uses a concept called the conflict-free replicated data type, or CRDT, to encrypt documents even when multiple people are collaborating in real time. CDRT used to be “outrageously slow” for something like a document editor, Milich says, but that’s not the case anymore.
“We’re living in this time where there are better technical reasons why you could build products to be more private,” he says.
Solving the trust problem
Some of the privacy concerns around services like Gmail and Google Docs can get overblown. While Google used to mine the content of your emails for targeted advertising, it abandoned that practice for all users in 2017. The company also promises not to data mine other apps where you store personal content, such as Google Drive and Google Photos, and users can delete the data that the company does collect at any time.
“I don’t want to be harsh, but they either put in privacy policies that stab users in the back, or they put in default security settings that are far lower than people would expect in other products,” Milich says. “There’s little things like that on trust and implementation that make me think Big Tech doesn’t really have a future in privacy.”
And while those companies could pivot toward more private products, Milich says that won’t be easy unless they start from scratch. Facebook, for instance, announced back in 2019 that it was working on end-to-end encryption for Facebook Messenger, but acknowledged in April that it won’t do so until 2022 at the earliest.
“It’s basically turning the hat inside out, where you have exabytes of consumer data, and now you need to make all of that data private,” he says. “For a legacy product that has a billion users, it’s a huge technical hurdle.”
Filling the feature gaps
That’s not to say Google’s private alternatives are without hurdles of their own. Most of them are still a long way from reaching feature parity with products like Google Docs or Google Drive, and in some cases their aversion to data collection puts them at a disadvantage.
With the web version of ProtonMail, for instance, users can’t search for text in the body of an email because that data is encrypted. (Only subject lines, which are unencrypted, are searchable.) Proton allows full search only for downloaded emails, either through its mobile app or through a “Bridge” application that connects to desktop email clients like Microsoft Outlook or Apple Mail. Even in those cases, Proton doesn’t support the kind of email intelligence that Google offers, like the ability to recognize a flight confirmation email and add it to your calendar.
Proton’s Yen believes those limitations will fade away as devices become more powerful, allowing them to process more data offline. He notes that the ability to add calendar appointments based on email content is coming later this year.
“The benefit of having faster phones and devices today is you can actually do much more sophisticated computations on the device side,” he says. “That allows you to build all these features today in a privacy-protected way.”
Vivaldi has some similar limitations with its mail client, as the company collects no data on how people are using the product. While the service has some ability to filter emails from mailing lists into their own folder, it’s far less accurate than Google’s “Categories” system, which automatically hides social and promotional emails from your inbox. The interface is also pretty dense compared to what you’d get from other modern email apps.
Still, CEO von Tetzchner says Vivaldi built its products to be opinionated and doesn’t care about catering to everyone. “What you end up with when you collect information about how people are using software, you end up with some indecision, because it’s the average, and then you optimize for the average,” he says. “The average is not a person.”
There’s also the nagging issue of business models. Both Skiff’s Milich and Proton’s Yen say they’re focused on freemium business models, though their free versions will likely never match what Google offers at no charge. ProtonMail provides only 500 MB of storage space on its free plan, and Skiff may ultimately have storage limits as well. Even Proton’s paid subscribers get only 5 GB of storage, less than what Google offers for free.
Still, both founders believe users are becoming more willing to pay for private services. Yen says that for those customers, Proton’s storage plans will scale over time to become closer to what Google offers, while also being a sustainable business for Proton.
“This business model that we’re pursuing is never going to be as lucrative or as profitable as the alternative model of invading user privacy and exploiting data,” he says. “But that doesn’t mean it’s not profitable, and that doesn’t mean it’s not a good business.”