ProtonMail: A Survivors Tale

Beginning November 3rd, encrypted email service provider, ProtonMail, came under a DDOS attack by blackmailers. Here is my experience, as a supporter and subscriber, watching from the sidelines. It’s a survival story with many heroes that reads like a Mr. Robot script.

Why Encrypt Your Email?

ProtonMail is an encrypted email service that I just love. It overcomes the problems with email providers’ harvesting your personal data for resale, the pitfalls of these databases falling into criminal hands and just plain weirdness you feel when every word, attachment and contact is shared to whomever.

To make my point on why everyone should use encrypted email, like ProtonMail, consider this experience: I recently had to fill out an affidavit confirming my identity but did not have all the particulars with me, such as past addresses, etc. No problem, I just logged into my 12 year old Gmail account and did some searching. In no time, I had all the personal info the affidavit required to prove my identity.

It’s not that I purposely saved all this information in there. It just accumulates over the years organically.

Imagine if that data fell into the wrong hands.

ProtonMail is a crowd-funded, free email service that comes out of the CERN laboratories in Switzerland and MIT. The engineers at these research facilities were inspired by the revelations of Edward Snowdon about back doors into email servers and the general collection of data by governments, so they built ProtonMail.

The service is simple, elegant and super secure. The encryption happens through the use of a client-side password, so theoretically, nobody, not even ProtonMail, can decrypt your emails and read them.

ProtonMail Taken Down

The recent Distributed Denial of Service (DDOS) attack began on November 3rd when a group held for ransom access to ProtonMail’s email service. This was a very sophisticated attack that flooded their servers with requests, but also their ISP. The result was that ProtonMail and several other sites, including e-commerce and banking sites, were unreachable. After failing to successfully fight back, the ISP and other firms put enormous pressure on ProtonMail to pay off the cyber gang. They did so and the attack stopped…momentarily.

Less than half a day later, the attack re-commenced. This time it was even more sophisticated and destructive. And, things got even weirder. The original blackmailers actually contacted ProtonMail to let them know they were not involved in the new attack. ProtonMail is pretty certain that the second attack was likely a state entity.

You can read all the details on their blog post on the incident.

Over this past weekend, November 7-8th, ProtonMail launched a response to the ongoing attack, deploying new defensive technologies used by large Internet firms, funded through a GoFundeMe campaign. As of this writing nearly 1,500 individuals donated $50,000 in just 3 days to help in this regard.

Those would be the first, rather large, set of heroes. Thanks to you guys!

Click here to add to the fund.

Social Networks Get the Word Out

The media was really late to this story. It was not until the end of the week that the first news reports came out about the blackmail story made sexier by the fact that the ransom was paid with bitcoins.

Most of the breaking news, however, was only available on ProtonMail’s Twitter feed and their Sub-Reddit.

It was on their Twitter page that they first disclosed the moment-by-moment details of their fight to restore access and their ultimate attempt to fund new defensive technologies. It was on Reddit that the controversy and pain was aired such as reactions to their payment of the ransom and frustration of everyday users at not being able to access their email.

People really gave them a lot of credit, however. And it was heartening that, despite some rather single-minded rants, most people rallied around ProtonMail.

Lessons Learned

One thing I was surprised about were some of the complaints from business people that were using ProtonMail as their exclusive business email. They were losing money during the attack so they were often the most irate. But you have to wonder about someone using an emerging tool like ProtonMail for something so critical as company email. Obviously, new Internet services take time, especially when they are not backed by seasoned VCs who are risk adverse.

I personally had not made the switch to ProtonMail entirely. Part of this was because they don’t have an iPhone app yet, which is where I do about 50% of my emailing. But I was getting close.

So, yes, I had a few important emails get bounced back to the senders. And perhaps one or two have been lost permanently (I may never know). But it does go to show that, for the foreseeable future, ProtonMail is not a reliable sole-email solution. However, given the work they are doing in response to the latest attack, this event may be the turning point that makes them a truly stable email service.

Just this morning, they came under another attack, but unlike previous days over the past week, they were back online very quickly. Hopefully this means their new defenses are paying off.

Bottom Line

ProtonMail rocks. I really love it. The recent DDOS attack only confirms that the good team at CERN and MIT are dedicated to doing what it takes to keep this alive. I can think of other such services that have folded when they came under similar pressure. In fact, the user community around ProtonMail is as serious as ever, shelling out the money required to safeguard encrypted email just when it counted.

There will likely be further trouble ahead. The British government has suggested it might ban encrypted email services. And who knows how the US will respond long term. So, there could be more chop ahead. But for the time being, it seems that ProtonMail may have survived a very critical test of its resilience.

Stay tuned!

Private Email to Foil the Snoops – ProtonMail Review

As we’ve been learning over the past few years, privacy has been getting the thousand cuts treatment. Everyone’s been in the act. Et tu Google? You betcha.

Fortunately, you can stop inadvertently BCC’ing Google, the NSA, the Chinese government, hackers, marketers and other creepers of your personal content. That’s thanks to some good people who actually live by the mantra to “Do No Evil” who have created ways for email users everywhere to keep their messages between them and their recipients.

Over the past week, I’ve been exploring one of these, ProtonMail.

The True Cost of Free Email

Most email services are profitable because they sell everything that you type and attach in your emails to marketing companies. Vast profiles about you are generated from this content. Think about it: what diseases you talk to your relatives about, your political and religious beliefs, who you spend your time with, even documents you attach from tax info to intimate photos. It’s all in there, and it’s all for sale.

You might immediately wonder why your email provider is collecting all this. It’s none of their business, right? Well, it is because you made it their business when you agreed to the terms of service. Even down to the attachments, by using services like Gmail and Yahoo! Mail, you are granting that company to access and sell the content to ad companies and beyond.

Now imagine that this database on you was to be hacked. Can’t happen? It has. The Chinese government hacked Gmail and has likely gleaned a ton of information on the world’s Gmail users. Most likely, they were interested in what their own citizens were writing, but if you ever wrote anything critical of China or work for a company with exposure to China, they might find that interesting too. Who knows!

The US Government has also hacked into Google (and just about every other Western tech firm) as well.

And if these entities can do it, so can criminals and the mischievous. So, again, why are we letting these firms put our information at risk in the first place?

Good news: you don’t have to anymore…

Private and Secure Email

Alternatives to Gmail and other market intelligence-based email services include:

HushMail and StartMail were early services that took your privacy seriously. Both promised not to ever sell your data, but their business model made up the difference by charging you for the pleasure of living privately and secure.

Tutanota and ProtonMail, on the other hand, are free. Both use similar end-to-end encryption techniques and are quite similar in most respects. When I weighed which one to go with, I ended up choosing ProtonMail, only because their servers are based in Switzerland, a country that has outlawed the seizure of private computer content.

My ProtonMail Experience

ProtonMail was created by developers working at the CERN lab in Switzerland who were inspired by Edward Snowden and who were shocked at how weak online security was becoming, thanks to very aggressive and dangerous actions by global intelligence services.

ProtonMail uses encryption that is unlocked locally, on your machine, so even if anyone broke into ProtonMail’s servers, they would need a few more years than the age of the Universe to decrypt your content. Translation: it’s pretty damn secure, despite claims that the NSA can decrypt encrypted data. They would still need a lot of time and effort to do so, so it’s unlikely they’ll go to such an effort unless you’re an active terrorist (or the leader of Germany).

Best of all, you can send securely encrypted emails even to people using Gmail or Hotmail. You do this by checking a box, creating a password and an optional password hint for the recipient. They then receive an email with a link to ProtonMail. By following that link, they are taken to a secure web page inside ProtonMail where they can read and reply to your message by using the password. Or, if it’s nothing you’re worried about sending, you can just send it as regular, unsecured email to your Gmail friends, in which case it works as normal…but can be gleaned for any info you might have carelessly included.

Here’s how ProtonMail pans out.

UI and Functionality

This is more than just a bare bones email service. ProtonMail comes with a secure Contacts manager, email search and many other features you would expect in a modern email service.

The UI is clean and very straightforward.

Probably the hardest thing about using ProtonMail is the encryption, but not because it’s complicated…it’s drop dead simple…but only because it adds a step to your email creation if you plan on sending encrypted emails to people on Gmail, for example. In this case, you just have to come up with a good password and hint that your friends can figure out. It can actually be a little hard to come up with something that isn’t as easily hacked as “The city we met in.”

The other complication is that you have two passwords. One is used to access your mailbox and the other is used to decrypt the messages. So you have to enter two of these. In my case, I use KeePass password manager, so I just create super crazy, long, gibberish-based passwords for both of these and store them in the manager. Then it’s just a copy and paste action that I need to do twice when I log in…slightly easier, in fact, than using the two-factor authentication I use with Google, compounded by my non-use of cookies.

The Mom Test

I tested the recipient experience with my Mom (very non-technical) and some friends (generally non-technical) to see if any of this would keep people from reading and replying to me. So far, ProtonMail only snagged my mom, because she didn’t think of using caps on a name I was using for the password.

My mom also didn’t understand that she had to reply from within the browser window. Some caveats here: I believe she still thinks of email as something that she has to do in AOL.

My friends fared much better with no reports of trouble. So overall, I’d say there is a small learning curve for some recipients.

The Private Future

The hope here is that most people will gravitate over to ProtonMail or services like them, so that everyone’s on the same, private page. As I mentioned above, there are some extra steps with using ProtonMail with non-ProtonMail recipients. But if you’re communicating with friends that also use ProtonMail, the encryption is already there and you can relax…so obviously, I hope you all join ProtonMail.

The People Wide Web

The debate around Net Neutrality has taken an interesting spin of late. Just as foes to Net Neutrality have gotten closer to their goal of setting up tollways and traffic controls on the information superhighway, some drivers are beginning to build their own transportation system altogether.

Net Neutrality is a concept that has been the norm on the Internet since its inception: the idea that every website gets equal treatment by Internet Service Providers (ISPs). But of course, media companies and the ISPs could conceivably benefit greatly if surcharges for access to higher bandwidth were allowed on the Net. For example, let’s say that Cable Company A offers priority bandwidth to Media Company X, allowing it to serve super high-def streaming video to users at lightning speed. However, Startup Company Z will then be obligated to compete against Media Company X for that bandwidth in order to provide the same quality service. Same goes for Blogger Y.

Fat chance of that. Indeed, given the pace at which media consolidation continues to go unchecked by regulators, were Net Neutrality abandoned, the Internet would quickly resemble something akin to how Network Television dominated communication in the years before high-speed Internet arrived.

And this is what concerns many people since a free, open web has so clearly promoted innovation. So far, the battle is not lost and Net Neutrality is still the norm. Nevertheless, some are creating back up plans.

This past week, BitTorrent, the people behind the popular torrent app uTorrent, announced they are exploring the creation of a new Internet which takes back control of the web and distributes access to websites across peer-to-peer networks.

Called Project Maelstrom, this torrent-based Internet would be powered by a new browser which would effectively rework the Internet into a much freer network with pretty much no gatekeepers.

Details are sparse at the moment, but essentially access to websites would be served as torrents, and thus not served from a single server. Instead, the sites would exist across the peer-to-peer network, in small, redundant bits living on people’s computers. Essentially, its the same technique used for torrent-based file sharing. When you try to access a site, your computer queries the torrent network and dozens of computers begin sending you the packets you need to rebuild the web page in question on your browser. And even as the web page is partially assembled, your computer then begins sharing what it already has with other people trying to access the site.

The result could likely be a much faster Internet, with much greater assurances of privacy. But technical questions remain and this does sound like it could take some time. But wow, what a revolution it would be.

Of course, this could get tricky to pull off. As you may have heard this week, the infamous torrent website Pirate Bay was taken down by authorities in Sweden this week. Pirate Bay serves up links to torrents allowing people to download everything from freeware applications to Hollywood movies that haven’t even been released yet and so has been targeted by law enforcement for years now. Even on today’s Internet, Pirate Bay could conceivably come back online at any time. But if the BitTorrent’s peer-to-peer Internet were realized, Pirate Bay would be back up instantaneously. Indeed, it would probably never come down in the first place. Same goes for Dark Net sites that sell everything from drugs to human beings, which have also been recently taken offline.

Bottom line is: Project Maelstrom is another example of how a free and open Internet is unlikely to ever go away. Question is, how much freedom is a good thing?

My own personal take is that taking back control of the Internet from media companies and ISPs would, on balance, be a great thing. Bad people do bad things in the physical world and that’s why we have never defeated crime 100%. As long as there is an Internet, there will be those that abuse it.

But even more importantly, innovation, freedom of speech and freedom to access information are core to advancing society. So I welcome Project Maelstrom.

So here’s a toast to the People-wide Web!

Is Apple Pay Really Private?

Apply Pay, the new payment system unveiled by Apple yesterday was an intriguing alternative to using Debit and Credit Cards. But how private, and how secure, is this new payment system going to really be?

Tim Cook, Apple CEO, made it very clear that Apple intends to never collect data on you or what you purchase via Apple Pay. The service, in fact, adds a few new layers of security to transactions. But you have to wonder.

A typical model for data collection business models is to promise robust privacy assurances in their service agreements and marketing even though the long-term strategy is to leverage that data for profit. Anyone who was with Facebook early on knows how quickly these terms can change.

So, when we’re assured that our purchases will remain wholly private and marketing firms will never have access to them, how can we really be confident that this will always remain the case? We can’t. So, as users, we should approach such services with skepticism.

As with anything related to personal data, we should assume that enterprising hackers or government agents can and will figure out a way to access and exploit our information. Just last week, celebrities using Apple’s iCloud had their accounts compromised and embarrassing photos were made public. And while Apple has done a pretty good job at securing Apple Pay, it’s still possible someone could figure out a way in…and then you’re not just dealing with incriminating photos, you’ve got your financial history exposed.

So ask yourself:

  1. Can you think of things you buy that could prove embarrassing or might give people with malign intent a way to blackmail or do financial damage to me?
  2. If my most embarrassing purchases were to become permanently public, can I live with that?
  3. How would such public exposure impact my reputation, professionally and personally?
  4. Does the convenience of purchasing something with my phone outweigh the risks to my financial security?

Depending on how you answer this, you may want to stick with your credit card.

Or just go the analog route and use the most anonymous medium of exchange: cash.

Private Google Search Alternatives

Google NSA skin using Stylish Browser PluginA few weeks back, I dropped Google search in favor of DuckDuckGo, an alternative search engine that does not log your searches. Today, I’m here to report on that experience and suggest two even better secure search tools: StartPage and Ixquick.

The probelm with DuckDuckGo

As I outlined in my initial blog post, DuckDuckGo falls down probably as a consequence of its emphasis on privacy. Whereas Google results are based on an array of personal variables that tie specific result sets to your social graph…a complex web of data points collected on you through your Chrome Browser, Android apps, browser cookies, location data, possibly even the contents of your documents and emails stored on Google’s servers (that’s a guess, but totally within the scope of reason). This is a considerable handicap for DuckDuckGo.

But moreover, Google’s algorithm remains superior to everything else out there.

The benefits of using DuckDuckGo, of course, are that you are far more anonymous, especially if you are searching in private browser mode, accessing the Internet through a VPN or Tor, etc.

Again, given the explosive revelations about aggressive NSA data collection and even of government programs that hack such social graphs, and the potential leaking of that data to even worse parties, many people may decide that, on balance, they are better off dealing with poor search precision rather than setting themselves up for a cataclysmic breach of their data.

I’m one such person, but to be quite honest, I was constantly turning back to Google because DuckDuckGo just wouldn’t get me what I knew was out there.

Fortunately, I found something better: StartPage and Ixquick.

Google but without all the evil

StartPage is a US version of the Dutch-based search engine Ixquick.

There are two important things to understand about StartPage and Ixquick:

  1. Like DuckDuckGo, StartPage and Ixquick are totally private. They don’t collect any data on you, don’t share any data with third parties and don’t use cookies. They also use HTTPS (and no Heartbleed vulnerabilities) for all transactions.
  2. Both StartPage and Ixquick use proxy services to query other search engines. In the case of Ixquick, they query multiple search engines and then return the results with the highest average rank. StartPage only queries Google, but via the proxy service, making your search private and free of the data mining intrigue that plagues the major search engines.

Still some shortcomings remain

But, like DuckDuckGo, neither Ixquick or StartPage are able to source your social graph, so they will never get results as closely tailored to you as Google. By design, they are not looking at your cookies or building their own database of you, so they won’t be able to guess your location or political views, and therefore, will never skew results around those variables. Then again, your results will be more broadly relevant and serendipitous, saving you from the personal echo-chamber that you may have found in Google.

Happily private

It’s been over a month since I switched from DuckDuckGo to StartPage and so far it’s been quite good. StartPage even has a passable image and video search. I almost never go to Google anymore. In fact, I’ve used a browser plugin called Stylish to re-skin Google’s search interface with the NSA logo just as a humorous reminder that every search is being collected by multiple parties.

For that matter, I’ve used the same plugin to re-skin StartPage since where they get high marks for privacy and search results, they’re interface design needs major work…but I’m just picky that way.

So, with my current setup, I’ve got StartPage as my default browser, set in my omnibar in Firefox. Works like a charm!

Ed Sez – Tips from Edward Snowden on Foiling the Snoopers

At the recent SXSW conference, Edward Snowden supplied people with tips to complicate the lives, if not totally block, those that stick their noses in your online business.

Not to be confused with trying to ruin the chances of the NSA averting a nuclear strike by terrorists on my own country, I do feel there are some well-reasoned limits to what the US government should be doing, especially when it comes to figuring out ways to undermine secure Internet protocols. After all, when, as purported by Snowden, the NSA begins devising backdoor hacks into our web browsers, you can be certain that this only makes it easier for others (perhaps dangerous) individuals from doing the same.

In other words, in the name of the War on Terror, the NSA might actually be planting the seeds for the death of the Internet…or at least a 9/11 style assault on the world’s computer infrastructure. Students of the origins of Bin Laden and his connections with the US War on Communism might be right to feel a little déjà vu.

A related threat, of course, is that criminals might stand on the shoulders of the NSA’s good work and do some very bad work against you and your bank account and your identity.

Anyway, that’ my soap box speech on this.

But back to my recent spat of blogs on privacy and how to cover your virtual butts. Snowden did hand out a few treats for the kids at SXSW: two browser plugins that he regards as good ways to enhance your privacy against NSA or NSA-inspired hackers.

The first is Ghostery, which allows you to view what web services are collecting data on you when you visit a given web page. It goes further by letting you (Ad Block style) block, pause or allow such collection.

I’ve been using it for a few days and have found it fascinating just how many scripts are gathering info on me when I land on a given page. Right now, I have everything turned off, so that should take care of that.

I did experience one problem watching an embedded video on a website. In these cases, you can pause all of Ghostery or try to figure out which one of the dozen or so scripts it’s blocking is the required one for the video and then decide if it’s worth it.

The other plugin is called NoScript, which simply shuts down all scripts, including JavaScript, Flash, etc. I haven’t tried this out, but I’m expecting it be something I will only use sparingly given the amount of jQuery and other useful bits embedded in many web interfaces.


This Too Shall Pass – Deleting My Facebook Account

Screen Shot 2014-03-15 at 10.18.57 AMI’m killing my Facebook account.

And with it, I’m severing that company’s ability to collect data on my web habits, whereabouts, social connections (including off-Facebook connections) and financial transactions.

Apparently, I’ll also be reducing my exposure to NSA malware, as Mark Zuckerberg revealed in a public thrashing of Obama and the intelligence services that have been spreading malware through imposter Facebook sites.

This really won’t be that hard. Last year, I began experimenting with not using the social network, just to see how that was. This impulse was born from a general annoyance about FB’s murky privacy policies and the general tone of content on FB which had became increasingly irrelevant to my real social connections with people. (Remember when people started to appreciate that group emails were rude and began with the lines, “sorry for the group email!”…That’s how Facebook seems to me now, without the apologetic preface.)

BTW, if you’ve got your own suspicions about Facebook, the Electronic Frontier Foundation has put together a great timeline of Facebook’s shifting privacy policies. Reading their timeline is a great way to get your head around how free Internet services (FB, Gmail, etc.) are really about hooking you in with very clear and considered privacy policies that are planned to be revoked once they’ve got you dependent on them…or at least that’s how the timeline suggests this business model works.

Of course, deleting my Facebook account won’t be without costs.

If you’ve been a rolling stone like me, you have friends in many far-flung places. Facebook did make those connections feel stronger, so that aspect will be missed. But I’m online and quite findable, so if my pals from Japan or Europe want to find me, they only need know my name.

It turns out that completely deleting your account is a two-week process, described quite well on Digital Trends. The trick is that once you delete your account, you cannot log in for two weeks, or your account will be reactivated. That means you should first delete all apps from phones, tablets, etc. before deleting your account. You should probably delete your cookies too, just to be sure you don’t inadvertently reactivate it by triggering all those FB web beacons that mine the Interwebs.

Anyway, I’ll give my FB contacts a few days to run across my post and then I’ll zap it for good.

Better living through anonymity!