Security. Privacy. Encryption. Three buzzwords at the heart of online debate at the moment due to the battle between Apple and the FBI over a locked iPhone. As the threat of our individual privacy comes under increasing pressure more end-user systems are being developed such as Ghostmail and Whisply from the people behind Boxcryptor, my encrypted storage service of choice.
ProtonMail, until recently under beta testing with a select number of users, has now gone public and is available on the web and on Android and IoS devices. Putting technology aside for a minute, ProtonMail’s physical and virtual security is impressive as the data centre is buried more than 1000 metres under the Swiss mountainside ands legally protected by the Swiss privacy laws, some of the strictest in the world.
Released as open source software, the service operates under a freemium system with two paid for levels sitting on top of the free version. On signing up you are asked for your choice of name for the email address and a password. Once completed you are asked to authenticate the choices through one of your existing emails and then asked to create a second password for your encryption keys. Forget this and you are screwed! When accessing your ProtonMail inbox you have to provide not only your username and password but also your encryption password.
ProtonMail Encryption Explained
Security levels are explained on the service’s web site which states: “Messages are stored on ProtonMail servers in encrypted format. They are also transmitted in encrypted format between our servers and user devices. Messages between ProtonMail users are also transmitted in encrypted form within our secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated.
“Messages between ProtonMail users are also transmitted in encrypted form within our secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated.
“ProtonMail’s segregated authentication and decryption system means logging into a ProtonMail private email account requires two passwords. The first password is used to verify the identity of the user. After that, encrypted data can be retrieved. The second password is a decryption password which is never sent to us. It is used to decrypt data on your device so we do not have access to the decrypted data, or the decryption password. This means we cannot hand over your data to third parties. For this reason, we are also unable to do decryption password recovery. If you forget your decryption password, we cannot recover your data.
“This means we cannot hand over your data to third parties. For this reason, we are also unable to do decryption password recovery. If you forget your decryption password, we cannot recover your data.
“We use only secure implementations of AES, RSA, along with OpenPGP. Furthermore, all of the cryptographic libraries we use are open source. By using open source libraries, we can guarantee that the encryption algorithms we are using do not have clandestinely built in back doors. ProtonMail’s open source software has been thoroughly vetted by security experts from around the world to ensure the highest levels of protection.”
During its beta phase ProtonMail gained notoriety for being ISIS’s email program of choice. The company commented at the time: “”Unfortunately, technology does not distinguish between good and bad, so the same technology that protects democracy activists and dissidents can unfortunately also protect terrorists.” I suspect most terrorist groups are using publically available encrypted services so why demonise ProtonMail?
The GUI on the web and my Android devices is attractive and functional without setting the world on fire. On mobile devices there are the now commonplace options of being able to swipe left or right to allow a limited number of pre-set actions to kick in such as archiving or sending to trash. On the free version you can create up to 20 labels, On the $48 a year level you can have 200 labels and for the top of the range package for big businesses.
All told, ProtonMail is easy on the eye and is easy to set up and operate. Give it a whirl.