Scientists from CERN and MIT launch encrypted email service
By Stu Robarts
May 29, 2014
The privacy of the data that we put online has been a hot topic over the last year. In order to protect against unwanted snooping, a group of scientists has created a new secure email service. ProtonMail provides end-to-end encryption, meaning that even the company itself can't even see the content of your messages.
The service started being developed in 2013 by a group of CERN scientists who wanted a more secure and private internet, in part as a response to the Edward Snowden leaks. "We began thinking about this problem long before the Snowden leaks, but the leaks were what drove us to take action, as they truly demonstrated how much online privacy had eroded," company co-founder Andy Yen told Gizmag.
The company is advised by the MIT Venture Mentoring Service and is developed, in part at MIT. Earlier this year, ProtonMail was a semi-finalist in the 2014 MIT 100K Startup Launch competition. The initial team, however, was formed via a CERN Facebook group made-up of scientists from CERN that, in some way, wanted to help improve society.
The group held "hackathons" to work on the idea, and much time was spent identifying the problems with existing means encrypting email and trying to find solutions. "What we quickly found out was that existing solutions were much too complicated to be used by the general public and this led us on the path towards creating an easy-to-use solution," explained Yen.
One of the other difficulties the group encountered was getting web browsers to manage the encryption process. The team found that its approach to the encryption of data required a lot of processing power and that web browsers tended not to be "high performance" enough to carry it out. As such, a great deal of work was undertaken to ensure that the encryption process could be made to work on all types of devices, and on older browsers.
ProtonMail uses end-to-end encryption. "End-to-end encryption basically means the user's data is encrypted before it leaves their computer and can only be decrypted by the recipient," says Yen. "With this system, the ProtonMail servers never have access to unencrypted user data and cannot actually read any of our users' emails."
ProtonMail touts a number of other features that are used to improve its security. The company is incorporated in Switzerland and has all of its servers based there too, allowing its users to benefit from that country's strict privacy laws. IP addresses are not logged and no personal information is required in order to sign up for an account. For paid accounts, users can pay with Bitcoin, and even cash.
The term "NSA proof" has been used widely elsewhere to describe ProtonMail, but it's a term that Yen is not keen on. "We don't like the term because our goal is not to guard against only the NSA," he points out. "There are many other organizations we also want to protect against. People often ask us if ProtonMail is 100 percent secure, and our answer is that it is impossible to have 100 percent security. What ProtonMail does is makes mass surveillance by organizations, such as the NSA, so difficult that it is no longer practical."