Домой United States USA — software How ProtonMail is pushing email privacy standards

How ProtonMail is pushing email privacy standards


Rumors of email’s demise have been greatly exaggerated. While the “age-old” communication conduit may have new rivals, it is showing little sign of letting up.
Rumors of email’s demise have been greatly exaggerated. While the “age-old” communication conduit may have new rivals, it is showing little sign of letting up.
In 2017, active email users stood at 3.7 billion globally, a figure that’s expected to hit 4.1 billion by 2021, according to research firm Radicati. Last year, nearly 270 million emails were sent each day, and this is expected to grow 4.5 percent to 280 million in 2018. Messaging and VoIP apps may be popular, but email still has a crucial role to play, particularly in longer-form communications and in the B2B and B2C realm.
SendGrid, a well-funded email delivery performance platform, went public on the New York Stock Exchange (NYSE) in November at $16 per share, and its shares have been riding at around 75 percent over its IPO price in the months since.
Venture capitalists continue to bet on email startups, as well. Front recently raised $66 million from big-name backers such as Sequoia and DFJ to grow its email collaboration platform, while Sigstr raised $5 million for a tool that lets companies transform email signatures into advertisements.
Elsewhere, Google gave Gmail a major upgrade a few weeks back with a big focus on security and productivity, while at its I/O developers conference this week the company announced a new AI-powered Smart Compose feature for faster emailing. Microsoft followed suit with a bunch of new features for Outlook.
People may moan about email and wish it consigned to the fieriest of fires, but all signs suggest it’s here to stay. That’s not to say the technology won’t continue to evolve, however.
Against this backdrop, one Swiss company has been making inroads into the email realm over the past few years by putting privacy front and center.
Founded out of Geneva, Switzerland in 2013, ProtonMail was the brainchild of Andy Yen, Jason Stockman, and Wei Sun, academic researchers working on various particle physics projects at CERN — where Tim Berners-Lee created the World Wide Web a quarter of a century earlier.
ProtonMail promises its users full privacy via client-side encryption, which means nobody can intercept and read your emails. Not even ProtonMail itself.
ProtonMail first came to attention in May 2014 with its official public beta launch on the web . (Incidentally, it had to close sign-ups soon after due to high demand.)
The following month, the company launched an Indiegogo crowdfunding campaign with the goal of raising $100,000. Shortly into the campaign, however, PayPal cut off funding after raising questions about whether ProtonMail was legal and had “government approval to encrypt emails,” according to Yen. After a minor public furor, the restrictions were lifted and the company went on to crowdfund more than $500,000. Several months later, ProtonMail received an additional $2 million cash injection from Charles River Ventures (CRV) and the Fondation Genevoise pour l’Innovation Technologique (FONGIT).
Following a series of iterative launches, ProtonMail officially shed its beta tag in March 2016, launching to the world with Android and iOS mobile apps in tow.
Yen, who serves as CEO, is the only member of the early founding team who is still active in the leadership of the company.
A curious facet to the ProtonMail backstory is that the product is often associated with CERN because, well, CERN is where the founders met and developed the product. But it wasn’t a direct result of any particular project that they were working on at the time.
“I was actually a researcher working on supersymmetry at the ATLAS experiment at the Large Hadron Collider,” Yen told VentureBeat in an interview. “Thus, ProtonMail was actually not at all related to my PhD topic. However, some concepts such as software design, mathematics, and large scale computing did carry over.”
CERN is perhaps better known for its work in the physics realm, with the Higgs boson particle discovery garnering global headlines and the Nobel prize in recent years. But as the birthplace of the web, computer science also plays a big part in its research curriculum. So in that respect, ProtonMail was very much a product of its environment.
“CERN actually does significant research in the field of computing, so my natural curiosity into the topic, plus the large number of experts in the vicinity that I could discuss with, gave birth to the idea,” Yen added. “Building ProtonMail was initially just building a tool that I myself wanted, and it just happened to turn out that — after it was built — millions of others also wanted something like this.”
The genesis of ProtonMail was a culmination of factors rather than a specific “ a-ha ” moment for Yen et al., and the company’s founding came at a time when the words “hacking” and “surveillance” were rarely out of global newspaper headlines. This was largely due to whistleblower Edward Snowden’s NSA revelations, which gave prominence to an encrypted email service called Lavabit that Snowden had used. Lavabit was soon forced to shutter following pressure by U. S. authorities to grant them deeper access to Lavabit’s systems.
Lavabit relaunched a few years later, shortly after Donald Trump entered the White House, but the technological landscape had shifted. People were more savvy to surveillance, and companies had taken note — both Facebook Messenger and Facebook-owned WhatsApp had introduced encryption in mid-2016. And a year later, Google announced it would no longer target users with advertisements based on the content of their Gmail accounts. That didn’t concern encryption, but it was a tacit acknowledgement that people were becoming increasingly sensitive about their privacy.
Lavabit’s closure in 2013 was preceded by gag-orders, search warrants, and subpoenas, prompting owner and operator Ladar Levison to state [emphasis ours]:
And this was the world that ProtonMail entered back in 2013, except it held a trump card over its predecessors and rivals: ProtonMail’s data centers are based in Switzerland, and Swiss privacy law is considered among the strongest in the world, which is a big selling point to prospective customers. But over and above all that, ProtonMail was positioning itself as the ultimate privacy-focused email platform.
“The idea of making end-to-end encryption completely automated and widespread really hadn’t been attempted before in a serious way, so it was quite exciting to try and attempt that,” Yen said. “There was also the realization that the world wide web itself had transformed into something quite different from what its creators intended. With the information superhighway came a massive surveillance apparatus built by private companies, and misused by governments, that was posing an existential threat to democracy, and nothing was being done to reverse this trend.”
Back in March, ProtonMail was briefly elevated into the Cambridge Analytica data scandal that had engulfed Facebook — it transpired that Cambridge Analytica had used ProtonMail due to another of its core security features.
You see, encrypted email platforms are only useful when emails are in transit between accounts. There is nothing stopping sensitive information from leaking through scrupulous phishing techniques or good ol’ fashioned poor password hygiene. As such, ProtonMail offers an email expiry feature that lets the sender dictate how long an email is visible to the recipient.
It’s like Snapchat for email users: ephemeral messages that the sender controls. But ProtonMail goes one step further by allowing encrypted messages with expiry dates to non-ProtonMail users too. So if you send an email to a Gmail user, for example, you can hit the encryption button and require the recipient to enter a password to view the message.
The recipient can guess at the password based on a hint you provide them with, or you can send them the full password via another means, such as SMS.
Google unveiled a major revamp of Gmail a few weeks back, and one of the new features leans heavily on this concept. “Confidential mode” will allow Gmail users to send emails that automatically expire after a set period of time, while an optional two-factor authentication (2FA) feature requires the recipient to enter a passcode to read it.
Some might argue that ProtonMail is setting the standard for email privacy, and as its name becomes increasingly entwined in major news stories, it will likely gather more users too. In the wake of Donald Trump’s victory in the U. S. election in 2016, a number of VPN and encrypted messaging services reported a spike in downloads, including ProtonMail. So did the Cambridge Analytica association have any positive impact this time around?
“As we become more popular, we also end up with more prominent users,” Yen said.

Continue reading...