Three years after the Snowden revelations, the proliferation of privacy-focused messaging apps, email clients, and other encryption services hasn’t yet managed to make the use of crypto less of a pain.
Today, one service that aims to change that left its beta stage. Switzerland-based ProtonMail wants to make encrypted emails easier to send, and after being invite-only for years, it’s now allowing open registrations. The company is also launching free iOS and Android apps.
“The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them,” Andy Yen, co-founder and CEO of ProtonMail, said in a statement. “This way, we put the choice in the hands of the consumer, and not government regulators.”
“Do people want to pay for privacy? We'll know in a month or two what the outcome of that is.”
The company claims that 1 million people have participated in its beta program, which was apparently spurred on by an “overwhelming demand” for the service when it first launched in 2014. Yen told Motherboard in a phone call that the company has now shifted from a Wikipedia-style donations model to one that offers paid, premium accounts to members for additional features.
“Do people want to pay for privacy?” Yen said. “We'll know in a month or two what the outcome of that is.”
ProtonMail allows users to send end-to-end encrypted emails to people without having to deal with things such as private and public encryption keys. The encryption and decryption of messages works in the same way as traditional PGP but happens automatically in the client's browser, rather than requiring them to download any software. It may not provide stronger protection than other ways of writing encrypted emails, but by doing this ProtonMail attempts to make the process fluid and seamless. The client-side code for the website is open-source, and the company plans to release the code for the apps too.
Unlike traditional PGP, ProtonMail also allows users to easily send protected messages to people who don’t use the system. When a ProtonMail user emails someone who uses, say, Gmail, the email includes a link to an encrypted, password-protected message. Typically, users should share this password over some other means of secure communication, such as the smartphone app Signal, to allow the intended recipient to securely access the message.
It hasn’t all been plain sailing for ProtonMail so far: In November the company relented to a DDoS extortion scheme, paying attackers a $6,000 ransom, only to be pummeled with malicious traffic anyway. But the company is clearly looking forward.
“Right now, we're focusing on email, but you have an entire space of different applications that can go to the end-to-end encrypted model,” Yen told Motherboard. He gave the examples of cloud storage or calender apps.