For once, we'll move away from the marketing theme for this article. Don't worry, we'll stay in the email theme!
If you follow the news, you haven't missed the stories of eavesdropping and surveillance between governments. The trend is therefore towards computer security, even for individuals. And as such, ProtonMail offers a secure email box.
A geographical security...
First of all, the choice of server location. If the popular belief is that European laws are more protective of the user than American laws, in reality the difference is not so important. Switzerland, on the other hand, which is outside the EU, has stricter laws regarding data protection according to ProtonMail.
In Switzerland, the email client cannot be forced by court order to allow secret monitoring of a user's emails, it has to go through the Swiss courts. Moreover, as a secure email provider, ProtonMail does not hold the decryption keys for the data it stores, which in fact go through your password. So even in the event that webmail has its data monitored, it always remains encrypted. However, since ProtonMail does not store your password, it is vital that you do not misplace it, otherwise you can forget your emails.
...As well as in the hardware
At the hardware level, ProtonMail owns the servers on which the data is stored, in order to avoid an external party. The servers have several levels of redundancy and are located in two separate geographical locations (both on Swiss territory), in order to minimize the risks of loss and attacks on the servers.
And of course, encryption
Two possibilities at this level:
- End-to-end encryption, where the message is encrypted by ProtonMail from end to end. This requires either two ProtonMail addresses that communicate with each other, or an option that, when sending an email from ProtonMail to another email client, will send a link to the recipient that points to ProtonMail so that the email can be read with a password. The process is tedious, but does not require any software download and ensures end-to-end encryption of the discussion.
- Partial encryption, where the email is encrypted in ProtonMail, but not in the other email client (Gmail, Yahoo, ...) and is therefore likely to be delivered and read by a third party on that side.
So, is it useful?
This is obviously a personal issue. Some will argue that they have nothing to hide and don't need an encrypted email box, others will argue that privacy is a right, not a loophole, etc.
The issues of security and privacy are widely debated on the internet and in parliaments, and there is still no clear answer that has emerged on this debate. Other email services have in the past tried to implement data encryption, such as Lavabit, which became known through the Snowden affair; but the company stopped its activities after the US government ordered it to hand over all its encryption keys and data access.
In any case, with the news highlighting data surveillance, solutions like ProtonMail are likely to multiply. What about you? Will you opt for an encrypted email solution?