Security

Fundraiser to support ‘NSA-proof’ email gets off to a roaring start

Above: ProtonMail founders Jason Stockman, Wei Sun, and Andy Yen.

Image Credit: ProtonMail

ProtonMail, an encrypted email service that advertises itself as “NSA-proof,” launched to much acclaim about a month ago.

Since then, the company says it has signed up 200,000 users — and it just launched a fundraising campaign on Indiegogo because, co-founder Andy Yen says, “that is the best way to get financing and also keep ProtonMail independent.”

Three days after the Indiegogo campaign kicked off, the team has already raised $160,000 — 60 percent more than its initial goal.

“We could be on track to become one of the largest software crowdfunding campaigns ever,” Yen boasted.

Accounts on ProtonMail are free (though at the moment you have to sign up for a waiting list before you can create an account). Yen said basic accounts would always be free, but that in the future the company would charge power users a “modest monthly fee” for additional storage, in order to make ProtonMail into a self-sustaining business.

End-to-end encryption is one of the few ways to ensure true privacy in any communications channel. The trouble is that setting up encrypted email has generally been a difficult matter. Encrypted chats have, until recently, been almost as problematic.

(One notable exception: Many chat clients, including Adium — but not Google Talk — offer an off-the-record (OTR) chat mode that is extremely simple to set up and offers “perfect forward secrecy,” meaning each chat session is encrypted with a unique key. If you want to chat securely with me, ask me for my AIM account.)

Other attempts to simplify the process of secure chat or secure email have occasionally been curtailed either by doubts about their technical security. CryptoCat, for example, is quite controversial among security experts because of a vulnerability an an earlier version of the chat tool. Security can also be compromised if the companies don’t have legal jurisdiction to ensure true privacy in the event of a subpoena — HushMail, for instance, has said that it will hand over your emails if subpoenaed; Lavabit shut down rather than do the same.

So we asked Yen: Why should anyone trust ProtonMail?

“The main idea is to encrypt data before it even comes to our servers, using an encryption password that we do not have access to, so we don’t have the ability to decrypt the encrypted data on our servers,” Yen told us.

In other words, even if the NSA got hold of emails cached on ProtonMail’s servers, they would not be able to decrypt them — and ProtonMail won’t have the keys either.

Yen added that the team — which is comprised of CERN and MIT computer scientists — is being careful to get its technology vetted by security experts. “We’ve had constant input from the computer security team at CERN and hundreds of computer scientists on the staff there,” Yen said.

“We believe in crowdsourcing security and we have a growing list of experts helping us to perform security cross checks and make improvements throughout the beta. We will get even more of the community involved by open sourcing the relevant parts of the codebase when the code becomes more mature and changes less often.”

In addition, the company is headquartered in Switzerland, which — so far — has a pretty good record of independence from other governments’ intrusions.

“ProtonMail, like any other security system, is not a magic bullet, as there is no such thing as 100 percent secure,” Yen said, pointing to the company’s threat model for details on what attacks ProtonMail is — and is not — meant to counter.

The fact that 200,000 people have signed up for ProtonMail already is a sign that there’s a small but significant number of people who care enough about their privacy to use encrypted email systems. And other encrypted messaging services, such as SilentCircle and Wickr, have seen some traction — though they haven’t come close to rivaling the giants, like WhatsApp, Tango, or the big email services.

Maybe that’s because people don’t care much about privacy. Or maybe it’s because encryption is still too hard to use, or too mysterious of a concept.

“We feel the security community has an obligation to lower the entry barrier so people can get used to the idea of encryption and we can begin to educate them about encryption,” Yen said.

“That is how you get a user base that you can then gradually transition to more and more secure systems over time. “

More about the companies and people from this article:

Powered by VBProfiles

10 comments
Thomas Chenhall
Thomas Chenhall

Here, try this one: Soggy gauge hvui nth uv. Gosh. UFC bi him. HF n. I. BG. H. Can. Ben. HF VHS. JFK. Hdtv. Given. TV. Fun BBC. FB. Verb. Sign unsubscribing. Th. n.

Thomas Chenhall
Thomas Chenhall

I figured out how to NSA proof you comms. Example: Suggs hj busting. L cyber n BG. Joh bib by. Can. J. J. I. In hz I. The G. Be Bub. MB. He ghost. BG. Vh. FB. H. Bigwig. HF. C&C g. Gym. C&C. In. I driving. FCC bubble b. g. H . June VHS.

Alex Redman
Alex Redman

and NO ONE who has commented EVER on venturebeats facebook page has ever had their email viewed by the NSA... NOT ONE. EVER :) if you disagree, PROVE IT. LOL FOOLS

Alex Redman
Alex Redman

here's a fact for all of you. NOT ONE PERSON WHO WORKS FOR VENTUREBEAT HAS EVER HAD THEIR EMAIL VIEWED BY THE NSA.. NOT ONCE :)

Alex Redman
Alex Redman

all email is NSA-proof :) they dont have enough manpower or bandwidth or storage capability OR interest in your email. GROW UP AND STOP SUCKING UP NSA/SNOWDEN TEAM LIES

Mads Olsen
Mads Olsen

I guess their lines is already being tapped and the NSA has already broken the encryption. Becoming a user at their service is a guarantee that your emails will be scanned and analyzed. Knowing that NSA already is or pretty soon probably use the D wave chip with success does not sound too promising for such services.

Max Walter
Max Walter

Somehow schedule it for deletion after 180 days, call your provider.

Van Mendoza
Van Mendoza

these "NSA-proof"/"secure" communication platforms come up a dime-a-dozen. next.