VentureBeat

Fundraiser to support ‘NSA-proof’ email gets off to a roaring start

Above: ProtonMail founders Jason Stockman, Wei Sun, and Andy Yen. Image Credit: ProtonMail ProtonMail, an encrypted email service that advertises itself as “NSA-proof,” launched to much acclaim about a month ago. Since then, the company says it has signed up 200,000 users – and it just launched a fu
Dylan Tweney 3 min read
Fundraiser to support ‘NSA-proof’ email gets off to a roaring start

Above: ProtonMail founders Jason Stockman, Wei Sun, and Andy Yen.

Image Credit: ProtonMail

ProtonMail, an encrypted email service that advertises itself as “NSA-proof,” launched to much acclaim about a month ago.

Since then, the company says it has signed up 200,000 users – and it just launched a fundraising campaign on Indiegogo because, co-founder Andy Yen says, “that is the best way to get financing and also keep ProtonMail independent.”

Three days after the Indiegogo campaign kicked off, the team has already raised $160,000 — 60 percent more than its initial goal.

“We could be on track to become one of the largest software crowdfunding campaigns ever,” Yen boasted.

Accounts on ProtonMail are free (though at the moment you have to sign up for a waiting list before you can create an account). Yen said basic accounts would always be free, but that in the future the company would charge power users a “modest monthly fee” for additional storage, in order to make ProtonMail into a self-sustaining business.

End-to-end encryption is one of the few ways to ensure true privacy in any communications channel. The trouble is that setting up encrypted email has generally been a difficult matter. Encrypted chats have, until recently, been almost as problematic.

(One notable exception: Many chat clients, including Adium — but not Google Talk — offer an off-the-record (OTR) chat mode that is extremely simple to set up and offers “perfect forward secrecy,” meaning each chat session is encrypted with a unique key. If you want to chat securely with me, ask me for my AIM account.)

Other attempts to simplify the process of secure chat or secure email have occasionally been curtailed either by doubts about their technical security. CryptoCat, for example, is quite controversial among security experts because of a vulnerability an an earlier version of the chat tool. Security can also be compromised if the companies don’t have legal jurisdiction to ensure true privacy in the event of a subpoena — HushMail, for instance, has said that it will hand over your emails if subpoenaed.

So we asked Yen: Why should anyone trust ProtonMail?

“The main idea is to encrypt data before it even comes to our servers, using an encryption password that we do not have access to, so we don’t have the ability to decrypt the encrypted data on our servers,” Yen told us.

In other words, even if the NSA got hold of emails cached on ProtonMail’s servers, they would not be able to decrypt them — and ProtonMail won’t have the keys either.

Yen added that the team — which is comprised of CERN and MIT computer scientists — is being careful to get its technology vetted by security experts. “We’ve had constant input from the computer security team at CERN and hundreds of computer scientists on the staff there,” Yen said.

“We believe in crowdsourcing security and we have a growing list of experts helping us to perform security cross checks and make improvements throughout the beta. We will get even more of the community involved by open sourcing the relevant parts of the codebase when the code becomes more mature and changes less often.”

In addition, the company is headquartered in Switzerland, which — so far — has a pretty good record of independence from other governments’ intrusions.

The fact that 200,000 people have signed up for ProtonMail already is a sign that there’s a small but significant number of people who care enough about their privacy to use encrypted email systems. And other encrypted messaging services, such as SilentCircle and Wickr, have seen some traction — though they haven’t come close to rivaling the giants, like WhatsApp, Tango, or the big email services.

Maybe that’s because people don’t care much about privacy. Or maybe it’s because encryption is still too hard to use, or too mysterious of a concept.

“We feel the security community has an obligation to lower the entry barrier so people can get used to the idea of encryption and we can begin to educate them about encryption,” Yen said.

“That is how you get an installed user base that you can then gradually transition to more and more secure systems over time.”

Published on VentureBeat, June 21, 2014

Share
Comments
More from Dylan Tweney - Storylines
VentureBeat

Overstock.com could begin first Bitcoin-based stock trades

I’m a stringer for VentureBeat this week at the #Money2020 conference, looking for good stories about blockchain. Here’s one about how Overstock.com is about to offer stock (in itself) via T0, its Bitcoin-based equities trading platform. (Just don’t call it an exchange, even though it is.) Official
Dylan Tweney 3 min read

Storylines

Subscribe to my newsletter on writing & storytelling

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Dylan Tweney - Storylines.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.