Don’t Read Our Mail: CERN Scientists Launch Encrypted Email Service
Scientists at CERN, the European Organization for Nuclear Research, have launched a new email service featuring end-to-end encryption to ensure complete privacy for users.
Dubbed ProtonMail, the service claims to be fully anonymous. “Because of our end-to-end encryption, your data is already encrypted by the time it reaches our servers,” the site says. “We have no access to your messages, and since we cannot decrypt them, we cannot share them with third parties.”
According to Jason Stockman, a co-developer of ProtonMail, the service was inspired by the revelations of the massive citizen surveillance programs by the US National Security Agency (NSA) made public by former NSA contractor Edward Snowden last year.
“A lot of people were upset with those revelations, and that coalesced into this effort,” Stockman told AFP.
Developed by scientists both at CERN and the Massachusetts Institute of Technology (MIT), the ProtonMail project made it to the semifinal round of the MIT 100K Entrepreneurship Competition, an annual business plan contest that gives money to startups based on the strength of the team’s technology, business plan and presentation.
Though ProtonMail didn’t win this year’s competition, its beta launch earlier this month has been wildly successful. New users are being asked to sign up for a waiting list while the team adds additional servers.
“Your overwhelming response to our open beta has maxed our server capacity,” reads the site’s signup page. “We’ll send you an invitation as soon as possible.” ProtonMail’s immediate popularity isn’t surprising: the service is clearly attractive to personal privacy lovers, with a number of features aimed at making email-sending as anonymous and easy as possible.
Among the security features highlighted on the ProtonMail site are:
ProtonMail’s servers are based in Geneva, Switzerland.
User data is protected by Swiss law, outside the jurisdiction of the US and EU.
“[Swiss laws] offer some of the strongest privacy protection in the world for both individuals and entities,” the site says. “Only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited information we have.”
ProtonMail admins have zero access to user data.
Mail accounts have two passwords. The first logs you in to the correct account, to which you receive encrypted data. The second password is a decryption password, which is never used to decrypt the data inside the browser. This way, the admins never have access to either your data or your decryption password. On the downside, this means they can’t do password recovery – so if you forget yours, you’re out of luck.
Messages are stored and transmitted in completely encrypted form and never leave the ProtonMail environment, so there is no possibility to intercept encrypted messages.
100 percent anonymous.
ProtonMail says it doesn’t save any metadata or information on user activity.
Users can optionally set an expiration time on sent messages so that they’re deleted automatically from the recipient’s inbox after they expire.
“This way, there are no ‘trails’ of sent messages,” the site explains.
ProtonMail is not based on an app or a program – it’s simply a website, meaning it works on anything with an internet browser.
More than anything, it seems, ProtonMail’s service is based on the idea of freedom: from governments, from interception, from fear of spying. Freedom to communicate freely, freedom that’s…free.
Though it offers a tiered pricing system with various additional security features available for each level, there is also a free version available for everyone.
No word on how long the ProtonMail waiting list is at the moment, but sign up anyway here.