With a colossal escalation of interest in secure-impregnable open-source encryption email services, Jackson Stockman, Andy Yen and Wei Sun collaborated together colliding their thoughts and expertise in the cafeteria of the CERN research facility and not before long founding ProtonMail in 2013. With the vision and joint expertise of the ProtonMail’s team they have contemporaneously set the bar firmly for the safety and transference of our personal data, setting out to crucially fill the much-necessary void in lack of security and encryption and in doing so coherently masking the complexity of the cryptography. Serving a fully integrated platform designed to be intuitively merged with unparalleled ease of use and privacy. Which in turn is a highly functional anonymously secure end to end encrypted-free of cost email service for the entire global populations use, whom may not be as technologically adapted as the average savvy cryptanalyst.
Stationed in Switzerland the team at ProtonMail has revitalized the old PGP mail server market. With success & aspiration of their concept becoming a reality due to the launching of their project on a crowd funding site Indiegogo. Through doing so is far from a guaranteed success for many projects. The Success of this campaign is strapping evidence that ProtonMail’s social mission of safeguarding online privacy resonates strongly with the people around the world. Andy Yen knew of the possibilities of crowdfunding stating firmly “Do not underestimate the power of the crowd” and with over 10.000 people donating and raising well over $500.000 dollars, well and truly far passing its original goal of $100.000 which is affirmation of record breaking numbers, Andy was equitable in saying so. Things did not go so smoothly with the retrieval of the funds – On 31 July 2014 PayPal froze ProtonMail’s PayPal account, thereby preventing the withdrawal of US$251.721 worth of donations. PayPal stated that the account was frozen due to doubts of the legality of encryption, statements that opponents said were unfounded, and subsequently the constraints were lifted the following day. Only if Bitcoin was as widespread, Andy Yen would have done the entire campaign through the alternative.
Finances emerged, cascading in from many foundations, notably from the Charles River Ventures and the Foundation Genevoise pour L’Innovation Technologigue ( Fongit) amassing a benevolent donating of US$2Million. The service is constructed in such a way it delivers on all aspects which it promises– with enough paranoia instilled in its framework to keep predacious eyes away. On a system level, their servers utilize fully encrypted hard disks with multiple password layers so data security is preserved even if their hardware is seized, not to mention its primary datacenter being buried under 1000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack! On a lighter note all user data is protected by the (DPA) and the (DPO) which offers some of the strongest privacy protection in the world for individuals and corporations. As ProtonMail is outside of the US and EU jurisdiction, only a court from the cantonal court of Geneva or the Swiss Federal Supreme Court can compel them to release the extremely limited user information which they have.
The backdoors to security structures and voids in the technology where shown by disclosures from whistleblowers such as Edward Snowden, Such disclosures such as “Global surveillance and interception of email by the NSA “inspired ProtonMail at its foundation.
In further detail of ProtonMail’s firm and impassible security structure, they operate by using a combination of symmetric encryption protocols and public-key cryptography to offer end-to-end encryption. On formation of a ProtonMail account, your web-browser will generate a combination of public and confidential RSA keys. The public key is used to encrypt all of the users’ data such as email address & all other associated data developed by the user. The confidential key, which is capable of decrypting the user’s data, is symmetrically encrypted with the user’s mailbox password in the user’s web browser using AES-256. The public key and the encrypted private keys are then both stored on ProtonMail servers. Thus, ProtonMail stores decryption keys only in their encrypted form, so ProtonMail developers are incapable to retrieve user emails, do not record any metadata such as IP addresses.
An email sent from one ProtonMail account to an additional ProtonMail account is automatically encrypted with the public key of the recipient. Once encrypted, only the private key of the recipient can decrypt the email. When the recipient logs in, their mailbox password decrypts their private key and unlocks their inbox. Emails transmitted from ProtonMail to non-ProtonMail email addresses may be sent with or without encryption. With encryption, the email is encrypted with AES and can only be decrypted with a separate password. This password has to be set by the sender and be given to the recipient through other channels. The recipient only receives a link to the ProtonMail website on which they can enter the password and read the decrypted email.
**With the state-of-the-art architecture of a ProtonMail datacenter, ProtonMail administrators maintain and own their own server hardware and network to avoid trusting a third party. In response to overwhelmed servers, in mid-2014 ProtonMail founders began expanding and developing server architecture. The service is currently powered by two redundant datacenters in central and western Switzerland. Each datacenter uses load balancing across web, mail and SQL servers, redundant power supply, hard drives with full disk encryption, and exclusive use of Lunix and other open-source software. ProtonMail also joined the RIPE NCC in an effort to have more direct control over the surrounding internet infrastructure. The use of (TLS) to secure and encrypt all internet traffic between users and ProtonMail servers. Protonmail.com currently holds an “A+” Rating from Qualys SSL Labs.
Super-encrypted email ProtonMail is just getting started to say the least, with over 500 thousand members in such a short period of time, ProtonMail has triggered an abundance of people to leave the comforts of providers they were previously using, with the various benefits of ProtonMail overwhelmingly over shadowing relevant competitors. One benefit being integrated with ProtonMail is that now you don’t have to be weary of big tech companies mining your data in order to sell and auction off to advertisers. ProtonMail focuses on the constitutional interests of its users. Not how many savvy features they can integrate, but focusing on the status that privacy should be a right, standing firmly with organizations whom share the same vision such as Tor, l2p, Freenet. Their goal is simple: They want to protect people around the world from the mass surveillance that is currently being perpetrated by governments and corporations around the world.
ProtonMail is not 100% foolproof, it is not intended for the next Edward Snowden, is certainly not NSA-proof, ProtonMail do not make these claims. ProtonMail is intended for the large cooperation’s or small businesses who wants to send communications and private documents more securely , for the average users data to be protected, the activist to protect his privacy rights. No email service will ever be 100 % safeguarded, With the use of malicious key loggers and other pernicious like Trojans , or the use of JavaScript programming language leaves it open to certain attacks that can infiltrate in other ways your data which ProtonMail has no control over. As time goes on, Patches and subsequent updates will be frequent and a lot of new features will be included (such as: Manual Key verification) to ensure optimal protection of data.
One distinguished feature ProtonMail have integrated is the Destruction of messages, you can now set an optional expiration time on encrypted emails, so they will be consequently deleted from the recipient’s inbox once they have expired. This technology works for both emails sent to other ProtonMail users, and encrypted emails sent to non-ProtonMail email addresses. Similar to SnapChat, They have added a way for you to have ephemeral communication.
ProtonMail was primitively conceived by PhD student Andy Yen, who collocated and called on fellow CERN scientists to examine the problem of online privacy, or rather the scarcity of it, and see if they could come up with a solution.
Andy Yen took to CERN’s Facebook group and the response was overwhelming. Within days, dozens of people decided to join the effort and more than 40 individuals took part in the dialogue. And has now catapulted to where its standpoint is today with a very diverse range of people throughout the team.
The Snowden leak demonstrated what many technologists suspected and questioned for years, that the NSA was collectively obtaining access to commonly used technology to snoop on people – but many were taken aback by the sheer scale of the operation exposed by the whistleblower. There has been a huge upsurge within the internet community resorting to encrypted communications in light of the Snowden Affair. According to Canadian broadband management company Sandvine, the volume of encrypted internet traffic has skyrocketed in recent months. With the percentage of encrypted internet traffic in Europe quadrupled over the course of 2014 ‘Global Internet Phenomena Report the first half of 2014’, ProtonMail is looking to reach this relatively large volume of internet goers who would like to keep their communications private.
ProtonMail’s team is comprised of a devoted team of developers, Scientists, Researchers from the European Organization for Nuclear Research (CERN) in Geneva and other high-level educational institutions such as(Harvard) (MIT) (USC)whom all have a wide range of experience and qualifications to match their titles at ProtonMail, You can view the entire team below. This team has taken on a huge responsibility to protect your civil liberties & email privacy and security against cyber-attacks for today and for the remaining future. They believe privacy is a fundamental human right that must be protected at any cost. What better of a group of people to do it than these guys! It is worth noting that – they all support Bitcoin!
ProtonMail is currently in public beta and the team (Dino Kadrikj, Yangfeng Zhang) is actively working on Android and iOS apps (beta). These should be fully launched in the near future, if all goes according to plan, the service will move out of beta at around the same time. The team has decided to adopt a freemium model to make the service pay, since the service is encrypted and, thus, cannot be used to serve targeted ads, such as Google AdSense, the team has decided to embrace this model. There is a chance that the data-mining model used by mass cooperation’s will die out in the next decade.
Since ProtonMail is all about the preservation of security and privacy, it does not track its users or gather any personally identifiable information. Of course, an additional level of security and anonymity is provided by one of the payment methods – bitcoin. Additional features and storage will be available. Full pricing tiers have not yet been announced, but the basic paid account will provide 1GB of storage for $5.
**Andy Yen delivered a profound and comprehensive thought-provoking ‘Ted Talk’, argued the point that encryption can be made simple to the point of becoming the default option, providing true email privacy to all.
**Andy Yen a physicist and economist by training, since 2010 Andy has been part of the ATLAS experiment at CERN, where his research and analysis focus has been on the search for supersymmetric particles. He is translating his experience in large-scale computing to build the infrastructure that is used to run ProtonMail. Andy stated “It’s clear that we are under observation by both governments and corporations, and we can’t just sit on the sidelines — privacy is too important for democracy. We are computer scientists, we can do something, so we decided to try.” He has a very impressive resume within education & research, has been awarded various awards such as the George W. Housner award ( Awared to a caltech senior for an outstanding piece of original scientific research), U.S department of Energy, Graduate fellowship, National science Foundation graduate fellowship, Haren Lee Fisher Memroial award in junior physics, American physical society travel award , California academic decathlon state finals. To the observer: he is an intellectual with impressive academic credentials.
Encryption (the translation of data into a secret code) is the process of changing information in such a way as to make it unreadable by anyone except those possessing special knowledge (Usually referred to as a “Key”) that allows them to change the information back to its original, readable form. Encryption is critically important because it allows you to securely safeguard data that you don’t want anyone else to have access to by right. Encryption is an effective method of protecting and securing your corporate data, in the same way locking the doors to your business is an effective method of preventing trespassers. The hacking and selling of corporate data can be a very lucrative prospect for a potential hacker and, as such, protection against hacking is extremely important.
Corporations use it to protect corporate secrets, government’s use it to secure classified information, and many individuals use it to protect personal information to guard against things like identity theft.
**Espionage uses encryption to securely conserve folder contents, which could enclose emails, chat histories, tax information, credit card numbers, or any other sensitive information. This way, even if your computer is stole that data is safe. People complain that using encryption in email is too much work, which it can be fraught with difficulty for the encryption novice, but now with ProtonMail there is a secured solution. A maintained solution, in Switzerland whose team are sufficiently & persistently motivated to the task with the best encryption practices. ProtonMail creates a barrier against your most sensitive data being accessible to people who simple should not have it and you don’t want outsiders to eavesdrop in to your sensitive data. They are your first line of defense for relative security that is unlikely to be broken into within this century at current levels of encryption technology. Discussion in person is the only suitable replacement, barring life-threatening emergencies, for due diligence in maintaining my long-distance communications security.
Comparing hacking (virtual theft) with burglary (physical theft), there is a much higher chance that your business will be hacked than there is that your business will be broken into. According to a recent survey, 90% of businesses say they have been hacked. Burglary statistics vary by region, but are typically extremely low (well under 1%).
Encryption is the most imperative privacy-preserving technology we have, and one that is compulsory, obligatory suited to protect against bulk surveillance, the kind done by governments looking to control their populations and criminals looking for vulnerable victims. By forcing both to target their attacks against individuals, we protect society. Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting.
Proton Technologies AG based in Plan-Les-Ouates, Switzerland has grown into a global leader in online security. Today, they are the world’s largest secure email provider with over half a million users. In addition to their headquarters in Geneva, Switzerland, they have support centers in San Francisco, CA, and Skopje, Macedonia. Their global presence allows them to provide 24/7 support and monitoring of mission critical applications for all their customers. ProtonMail works on various devices, including desktops, laptops, tablets, and smartphones.
Under the hood, ProtonMail uses OpenPGP, an old open source encryption standard that uses a mix of linked public and private crypto keys to lock and unlock data. The public key is shared, the private key kept secret. This allows one person to take another’s public key and use it to sign and scramble a message that can only be unlocked by the recipient’s private key. As long as they each have the others public key, they can converse with encrypted messages.
In September 2015, ProtonMail added native support to their web interface and mobile app for Pretty Good Privacy (PGP). This allows a user to export their ProtonMail PGP-encoded public key to others outside of ProtonMail, enabling them to use the key for email encryption, enabling the support of PGP encryption from ProtonMail to outside users.
*Accordion breakdown PGP : For website use only . Insert here. *
Even with an encrypted webmail system able to withstand intelligence agency-level surveillance, ProtonMail was hit hard from the 3rd to the 7th of November 2015 with a DDOS (basically an enormous amount of junk data) that made the service largely unavailable to users. ProtonMail believes it was struck by two separate attacks from what appears to be a nation state, as well as an ‘Irrelevant in comparison’ secondary and separate lower-level assault from an identified assailant. The lower-level assault first led by a group of hackers known as the Armada Collective, and the second by an unknown, more technically advanced group with abilities & hallmarks similar to a state-sponsored group, extremely high sophistication and a colossal amount of resources. In detail the mix of attacks where in extremely high volume and was timed in a highly coordinated and sophisticated fashion with intentions of causing large-scale damage to achieve its aims
The first attack was tied to a ransom of 15 bitcoins(roughly US&6,000) from the Armada Collective, which ProtonMail eventually paid due to pressure from ISPs and other companies affected by the attack. The DDoS attacks, however, did not stop and instead began to take on more sophistication, with rates exceeding 100 Gbps & an attack that leave experts stunned due to the pattern of tactics – with an attack on 15 different ISP nodes simultaneously, then attacking all the ISPs going into the data center .The Company received an email from the Armada Collective disclaiming responsibility for the ongoing attack. During the attack, the company stated on Twitter that it was looking for a new data center in Switzerland, saying that “many are afraid due to the magnitude of the attack against us”. They have since posted that they « have a comprehensive long term solution which is already being implemented ». On 6 November, ProtonMail posted to twitter that their ISP came under ‘renewed attack’ that morning. On 7 November, they said that there was a ‘50% chance of coming back today’
‘We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom.’
To avail and giving credit to, many of the world’s largest tech companies and networking experts who gave their offering of assistance to analyze and track the attack, Such as one of the world’s top DDoS protection companies (Radware) offering to step in at a significantly reduced prices in order to support ProtonMail’s Mission, Knowing that a large number of activists, dissidents, journalists, and regular users would have lost the ability to communicate, thus bringing ProtonMail back online in three days with the capability to withstand the largest distributed cyber-attack (DDoS)which has ever hit Switzerland. Also much of ProtonMail’s credit goes to its users whom contributed largely by donating over $50.000 to help with the current attack & safe guarding of services from future attacks by developing a permanent solution.
DDoS attacks are common and crude, they are also effective at disrupting critical networking infrastructure. When attacks at this magnitude are carried out on companies such as ProtonMail, with purpose to destroy the community, but this attack only served to unify the entire community including security organizations, united by a common cause and vision for the .
Chillingly enough commonly someone will take responsibility for the attacks or request a ransom, on this occasion – their sole mission was to keep ProtonMail offline.
With a colossal amount of people flocking to CERN’s new super-secure email and you don’t have to ask why, its servers must grow exponentially in order to cope with the capacity of interest. Even with a major infrastructure upgrade, thus allowing ProtonMail to quickly invite a lot of users from their waiting list, they still rely largely on donations in order to add more servers, your donations will also give you an exclusive perk of as a higher capacity of storage in your email account, also another exclusive is that soon users will have the opportunity to invite others to the service without having to wait. Also by the end of year ProtonMail will be offering customized business domains.
It is time for an alternative, a framework constructed of reckoning and logic, with privacy deep at its core foundation, the community at its heart, whom propelled ProtonMail to where it is today. It is in thanks to the community who donates, shares, advocates a platform of your right to anonymity and privacy, a community who strongly believe that privacy is a fundamental human right that must be protected at any cost.
With the advent of the internet now making us more vulnerable to mass surveillance than at any other point in human history. The disappearance of online privacy is a very dangerous trend as in many ways privacy and freedom go hand in hand. ProtonMail believes that the best way to guard against mass surveillance is to give encryption to everybody making it free and easy to use.
** Sign up to ProtonMail and join a community that is rapidly growing as you read this, be part of something remarkable and transforming of the norm.
Thanks to the entire team at ProtonMail , the early adopters, the entire community, the organizations who helped tackle the largest cyber-attack on Switzerland, for now allowing a revolutionary framework to open up to the world, giving myself and people around the world a right to privacy for our generation and generations to come. Thank you.
The future is in our hands. Your donations are what make privacy possible.