As we’ve been learning over the past few years, privacy has been getting the thousand cuts treatment. Everyone’s been in the act. Et tu Google? You betcha.
Fortunately, you can stop inadvertently BCC’ing Google, the NSA, the Chinese government, hackers, marketers and other creepers of your personal content. That’s thanks to some good people who actually live by the mantra to “Do No Evil” who have created ways for email users everywhere to keep their messages between them and their recipients.
Over the past week, I’ve been exploring one of these, ProtonMail.
The True Cost of Free Email
Most email services are profitable because they sell everything that you type and attach in your emails to marketing companies. Vast profiles about you are generated from this content. Think about it: what diseases you talk to your relatives about, your political and religious beliefs, who you spend your time with, even documents you attach from tax info to intimate photos. It’s all in there, and it’s all for sale.
You might immediately wonder why your email provider is collecting all this. It’s none of their business, right? Well, it is because you made it their business when you agreed to the terms of service. Even down to the attachments, by using services like Gmail and Yahoo! Mail, you are granting that company to access and sell the content to ad companies and beyond.
Now imagine that this database on you was to be hacked. Can’t happen? It has. The Chinese government hacked Gmail and has likely gleaned a ton of information on the world’s Gmail users. Most likely, they were interested in what their own citizens were writing, but if you ever wrote anything critical of China or work for a company with exposure to China, they might find that interesting too. Who knows!
The US Government has also hacked into Google (and just about every other Western tech firm) as well.
And if these entities can do it, so can criminals and the mischievous. So, again, why are we letting these firms put our information at risk in the first place?
Good news: you don’t have to anymore…
Private and Secure Email
Alternatives to Gmail and other market intelligence-based email services include:
HushMail and StartMail were early services that took your privacy seriously. Both promised not to ever sell your data, but their business model made up the difference by charging you for the pleasure of living privately and secure.
Tutanota and ProtonMail, on the other hand, are free. Both use similar end-to-end encryption techniques and are quite similar in most respects. When I weighed which one to go with, I ended up choosing ProtonMail, only because their servers are based in Switzerland, a country that has outlawed the seizure of private computer content.
My ProtonMail Experience
ProtonMail was created by developers working at the CERN lab in Switzerland who were inspired by Edward Snowden and who were shocked at how weak online security was becoming, thanks to very aggressive and dangerous actions by global intelligence services.
ProtonMail uses encryption that is unlocked locally, on your machine, so even if anyone broke into ProtonMail’s servers, they would need a few more years than the age of the Universe to decrypt your content. Translation: it’s pretty damn secure, despite claims that the NSA can decrypt encrypted data. They would still need a lot of time and effort to do so, so it’s unlikely they’ll go to such an effort unless you’re an active terrorist (or the leader of Germany).
Best of all, you can send securely encrypted emails even to people using Gmail or Hotmail. You do this by checking a box, creating a password and an optional password hint for the recipient. They then receive an email with a link to ProtonMail. By following that link, they are taken to a secure web page inside ProtonMail where they can read and reply to your message by using the password. Or, if it’s nothing you’re worried about sending, you can just send it as regular, unsecured email to your Gmail friends, in which case it works as normal…but can be gleaned for any info you might have carelessly included.
Here’s how ProtonMail pans out.
UI and Functionality
This is more than just a bare bones email service. ProtonMail comes with a secure Contacts manager, email search and many other features you would expect in a modern email service.
The UI is clean and very straightforward.
Probably the hardest thing about using ProtonMail is the encryption, but not because it’s complicated…it’s drop dead simple…but only because it adds a step to your email creation if you plan on sending encrypted emails to people on Gmail, for example. In this case, you just have to come up with a good password and hint that your friends can figure out. It can actually be a little hard to come up with something that isn’t as easily hacked as “The city we met in.”
The other complication is that you have two passwords. One is used to access your mailbox and the other is used to decrypt the messages. So you have to enter two of these. In my case, I use KeePass password manager, so I just create super crazy, long, gibberish-based passwords for both of these and store them in the manager. Then it’s just a copy and paste action that I need to do twice when I log in…slightly easier, in fact, than using the two-factor authentication I use with Google, compounded by my non-use of cookies.
The Mom Test
I tested the recipient experience with my Mom (very non-technical) and some friends (generally non-technical) to see if any of this would keep people from reading and replying to me. So far, ProtonMail only snagged my mom, because she didn’t think of using caps on a name I was using for the password.
My mom also didn’t understand that she had to reply from within the browser window. Some caveats here: I believe she still thinks of email as something that she has to do in AOL.
My friends fared much better with no reports of trouble. So overall, I’d say there is a small learning curve for some recipients.
The Private Future
The hope here is that most people will gravitate over to ProtonMail or services like them, so that everyone’s on the same, private page. As I mentioned above, there are some extra steps with using ProtonMail with non-ProtonMail recipients. But if you’re communicating with friends that also use ProtonMail, the encryption is already there and you can relax…so obviously, I hope you all join ProtonMail.