Bitcoin users are no strangers to cryptography. After all, Bitcoin wouldn’t even exist without it, since cryptography prevents double spending and allows the network to verify ownership of coins. Of course, the primary purpose of cryptography has always been secret communication, and a new service called ProtonMail is offering exactly that. ProtonMail is an email service offering full end-to-end encryption. The service is currently free, and the company plans to offer premium accounts that’ll accept bitcoin payments in the near future. I had the opportunity to try out the ProtonMail beta, and I also got to talk to the team behind the service. Here’s my take on ProtonMail:
Ease of Use
Neil: “I suppose the first obvious question would be, what sets ProtonMail apart? Similar secure email services already exist, and new services like Lavaboom are under development.”
Jason Stockman (front-end developer): “What really sets ProtonMail apart is how easy it is to use. Unlike existing solutions, we have completely abstracted away the complex cryptography to make the encryption and decryption complete invisible to user. There’s no software to install and no keys to generate – it’s just like using Gmail, but way more secure.”
Andy Yen (systems administrator): “We made an early design decision to prioritize ease of use because the most secure system in the world is not useful if it’s so complex that nobody can use it. That’s not to say we have sacrificed security either. From the start, we’ve worked closely with security experts at CERN and MIT to ensure we’re providing our users the highest possible level of security.”
Setting up my new ProtonMail account was a simple, two-step process. On the first page, I was greeted with this overview of the sign up steps:
After creating two passwords, this message popped up:
Despite the warning, my account was set up within 10 seconds.
I really liked ProtonMail’s intuitive interface. Despite being a totally new service, the UI is familiar and easy to pick up. There is no need to manage public/private keys and ProtonMail works on most devices with no installation necessary. However, I found that the site doesn’t scale too well on smaller screens.
Of course, it’s important to note that the service is in beta, so bugs like these will probably be fixed in the near future.
Neil: “Cross-platform support is great, but why not make native mobile apps? Web apps tend to not perform as well as native apps since they don’t have access to a lot of the device’s hardware. Native apps would also allow for push notifications, something that many email users require.”
Andy: “We’re actually already working on a mobile version and will have it released later this year. However, we’re prioritizing the web version first because that lets us reach a larger initial audience.”
Jason: “We also have some security concerns with native apps because the iPhone and Android app stores are controlled by Apple and Google and we can’t be sure that the NSA doesn’t compel Google or Apple to quietly backdoor those apps without us knowing. There is already a history of such activity, and it’s hard to prevent once we hand over the code to Apple and Google. That said, we’ll be releasing hashes of our apps to try and ensure what you download is not tampered with.”
Wei Sun (back-end developer): “A quick note about performance, we’ve developed an innovative mixed cryptography system that allows us to use better performing symmetric encryption for most encryption/decryption so the browser version actually performs quite well.”
Another great thing about ProtonMail is that users can communicate with all email providers. ProtonMail to ProtonMail emails are automatically encrypted. ProtonMail to non-ProtonMail emails are encrypted via symmetric encryption.
Privacy and Security
Now this is where ProtonMail really shines.
Neil: “Why should people care about encrypted email? So what if the government can see what I’m up to? I’m not doing anything illegal, and since I have nothing to hide, I have nothing to fear, right?”
Jason: “The problem is that’s simply not true. It would be like saying only criminals have curtains over their windows. It’s not a question of having something to hide – it’s a question of whether or not you believe privacy is a fundamental human right and whether it’s worth having at all. Nowadays, every aspect of our digital lives is saved, archived, and ultimately out of our control. What we’re trying to do is return control of email data back to the user.”
Wei: “Just to add on to that – another point that is often overlooked is that there are still many totalitarian regimes in power today around the world which are engaged in mass surveillance of citizens. ProtonMail can provide citizens in these countries a safe online venue to organize and even voice criticism about the authorities. This is a fundamental human right that we wish to protect.”
ProtonMail doesn’t log personally identifiable information such as IP addresses, allowing users to remain anonymous. All emails use end-to-end encryption, making them impossible to intercept and decipher. The company’s servers are also encrypted with multiple password layers, and no single person knows all the passwords. All these security measures ensure that ProtonMail has zero access to user data.
Neil: “You say you have zero access to user data, but is there any way you can really prove that? How can users be sure that ProtonMail isn’t actually in cahoots with the NSA, GCHQ, and other government intelligence agencies?”
Jason: “All of our encryption and decryption code is viewable to anyone in their web browser by doing a simple “View Source” click. Nothing is compressed, which means it will take an extra half second to load, but on the upside it’s fully viewable and auditable in real-time! Also, we plan to open-source key parts of our code as well later on.”
Andy: “Also, unlike many of our competitors, we are fully transparent about who we are on our website. You can actually look us up on the online directories at CERN, MIT, Harvard, and the other institutions we come from. We aren’t some shadowy group which may be working with intelligence agencies. We’re also based in Switzerland which has a long history of neutrality and a strong tradition of personal privacy.”
The service also lets users send self-destructing messages for sensitive data. However, ProtonMail is currently missing a vital security measure – two-factor authentication. But Jason informed me that this will be implemented in the coming months.
Neil: “Are there plans to support 2-step verification? After all, even the securest of passwords is ineffective if a user’s computer is infected with a keylogger.”
Jason: “Yes, this is a feature we will be supporting when we release paid versions of ProtonMail. We will be using a software based system for 2 factor authentication to ensure that we can preserve user’s anonymity.”
Another thing that bothered me was the captcha on the login page. It seems way too simple and it could easily be read by any decent OCR program, defeating the captcha’s purpose and making the login page subject to a “brute-force” attack. Hopefully this will be changed. Fortunately, ProtonMail requires two passwords to reach the inbox, which should slow down any brute-force attempt.
Pricing and Availability
ProtonMail is currently free and in public beta.
Neil: “How can you afford to keep ProtonMail free?”
Andy: “ProtonMail will operate on the freemium model, so there will also be paid accounts with premium features which will help us cover the cost of offering free accounts.”
Jason: “We’ll be supporting bitcoin payments and even cash at our Swiss P.O. Box so paying users can stay anonymous.”
Wei: “We didn’t create ProtonMail for monetary gain, in fact none of us are getting any salaries right now – we’re building ProtonMail because we think everybody deserves to have internet privacy. Our goal is to always be able to offer ProtonMail accounts for free.”
In terms of general availability,
Wei: “ProtonMail is already available to the general public, you can sign up right now at our website. There is a waiting list as we have been experiencing overwhelming demand for the service, but we typically approve accounts with in 1 or 2 days. We’re working to get additional servers installed in Switzerland this month to meet demand and enable instant account approval.”
Andy: “We anticipate that ProtonMail will be in beta until around August. At that time, we will introduce paid accounts with additional space and new features like the two factor authentication Wei mentioned earlier. We also have a couple secret features that we will be unveiling shortly so stay tuned!”
All in all, I was quite impressed by ProtonMail. The service doesn’t sacrifice simplicity for the sake of security. However, there are some pretty jarring visual bugs that will hopefully be fixed by the time the service is out of beta. It would also be great to have native mobile apps for ProtonMail. But after the NSA scandals, if you care about your privacy, you should definitely check out ProtonMail.