ProtonMail, an encrypted email service that advertises itself as “NSA-proof,” launched to much acclaim about a month ago.
Since then, the company says it has signed up 200,000 users — and it just launched a fundraising campaign on Indiegogo because, co-founder Andy Yen says, “that is the best way to get financing and also keep ProtonMail independent.”
Three days after the Indiegogo campaign kicked off, the team has already raised $160,000 — 60 percent more than its initial goal.
“We could be on track to become one of the largest software crowdfunding campaigns ever,” Yen boasted.
Accounts on ProtonMail are free (though at the moment you have to sign up for a waiting list before you can create an account). Yen said basic accounts would always be free, but that in the future the company would charge power users a “modest monthly fee” for additional storage, in order to make ProtonMail into a self-sustaining business.
End-to-end encryption is one of the few ways to ensure true privacy in any communications channel. The trouble is that setting up encrypted email has generally been a difficult matter. Encrypted chats have, until recently, been almost as problematic.
(One notable exception: Many chat clients, including Adium — but not Google Talk — offer an off-the-record (OTR) chat mode that is extremely simple to set up and offers “perfect forward secrecy,” meaning each chat session is encrypted with a unique key. If you want to chat securely with me, ask me for my AIM account.)
Other attempts to simplify the process of secure chat or secure email have occasionally been curtailed either by doubts about their technical security. CryptoCat, for example, is quite controversial among security experts because of a vulnerability an an earlier version of the chat tool. Security can also be compromised if the companies don’t have legal jurisdiction to ensure true privacy in the event of a subpoena — HushMail, for instance, has said that it will hand over your emails if subpoenaed; Lavabit shut down rather than do the same.
So we asked Yen: Why should anyone trust ProtonMail?
“The main idea is to encrypt data before it even comes to our servers, using an encryption password that we do not have access to, so we don’t have the ability to decrypt the encrypted data on our servers,” Yen told us.
In other words, even if the NSA got hold of emails cached on ProtonMail’s servers, they would not be able to decrypt them — and ProtonMail won’t have the keys either.
Yen added that the team — which is comprised of CERN and MIT computer scientists — is being careful to get its technology vetted by security experts. “We’ve had constant input from the computer security team at CERN and hundreds of computer scientists on the staff there,” Yen said.
“We believe in crowdsourcing security and we have a growing list of experts helping us to perform security cross checks and make improvements throughout the beta. We will get even more of the community involved by open sourcing the relevant parts of the codebase when the code becomes more mature and changes less often.”
In addition, the company is headquartered in Switzerland, which — so far — has a pretty good record of independence from other governments’ intrusions.
“ProtonMail, like any other security system, is not a magic bullet, as there is no such thing as 100 percent secure,” Yen said, pointing to the company’s threat model for details on what attacks ProtonMail is — and is not — meant to counter.
The fact that 200,000 people have signed up for ProtonMail already is a sign that there’s a small but significant number of people who care enough about their privacy to use encrypted email systems. And other encrypted messaging services, such as SilentCircle and Wickr, have seen some traction — though they haven’t come close to rivaling the giants, like WhatsApp, Tango, or the big email services.
Maybe that’s because people don’t care much about privacy. Or maybe it’s because encryption is still too hard to use, or too mysterious of a concept.
“We feel the security community has an obligation to lower the entry barrier so people can get used to the idea of encryption and we can begin to educate them about encryption,” Yen said.
“That is how you get a user base that you can then gradually transition to more and more secure systems over time. ”