For those who’ve been following the perfect storm of the Apple-FBI battle and the horrifying landscape of the American Republican party, have I got some news for y’all.
ProtonMail just came out of beta this week — and they released both iOS and Android apps. This email service, created by CERN and MIT scientists and based entirely in Switzerland, uses a combination of end-to-end encryption and Swiss law to protect its users’ information. Mostly what’s being talked about in coverage of ProtonMail is that security. For one, messages stored on the server are encrypted such that not even company employees can decrypt them. When you create an account, you choose a password that only you have—ProtonMail doesn’t store it and it can’t be reset like other passwords can. That way, should the company ever be compelled to turn your email over to any government, they won’t know how to unscramble that data and put it back to something readable. And because the company AND its servers are all located in Switzerland, the only government entities that can compel the ProtonMail to disclose data are the Cantonal Courts of Geneva or the Swiss Federal Supreme Court. Your emails never live on a mutually owned cloud, either—all ProtonMail servers in Switzerland, all the time. And their primary data center, by the way, is located “under 1000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack.” After someone destroys us all, the bionic mutated cockroaches that succeed us as denizens of the world will be able to check your email. But only if they have your private decryption key.
I often find, however, that practical tools with their foot in the nerd-o-sphere are, for lack of a better term, ugly. And not user friendly. So before I ran off to recommend that everyone sign up for ProtonMail, I decided to sign up for one first, and goad my friend Lexi into signing up with me so we could send weird test emails back and forth. My hopes were high, design-wise, because ProtonMail’s website looks so sharp. I was not let down—the interface is clean and, compared with popular services like Gmail, relatively clutter free. While you can include a recovery email address for the server sign-on password, you don’t have to, making this optionally a completely anonymous service: you are not required to provide any personally identifying information at all. An easy to follow tutorial greets you upon your first sign in, as do three welcome messages with helpful hints.
The composer has two buttons that don’t look familiar, right next to the attachments button: the little lock will let you encrypt the message for those users outside ProtonMail, and the little clock will let you set an expiration time on the email, so that it self-destructs like SnapChat. I played around with the self-destruct feature a bit—what I really want is an expire-upon-reading setting. Currently you can only set it to expire after a certain time—the maximum is four weeks, the minimum is one hour.
I was impressed to see that ProtonMail included labels, but saddened to discover that labeling was buggy—creating one label also created a duplicate, and deleting the duplicate deleted both the original and the duplicate. This did give me a chance to try out their bug reporting however, and that does work. I also wanted to make sure I gave the mobile app a test run before I made up my mind, so I downloaded the iOS version. Somehow managing labels on my iPhone fixed the label duplicate issue! The iOS app is just as beautiful as the webapp—seriously, the design on both of these is just gorgeous. Attachments, however, leave something to be desired—you can only attach photos from the camera roll, and not files stored elsewhere on your phone.
I also miss inbox management features that are rapidly becoming standard in other email clients; while they do have a swipe left and swipe right feature that you can set to Trash, Spam, Star or Archive, they don’t have the short-long swipe that my beloved Spark has (thus enabling the use of four different features with a swipe interface, instead of just two). The service as a whole also doesn’t come with an option to snooze messages for later, which is integral for anyone who likes to keep their inbox at zero.
This all tells me that ProtonMail isn’t necessarily meant to replace other email addresses at this juncture—perhaps it wasn’t designed that way to begin with. Perhaps it was only ever meant to be used when you had something private you needed to discuss over the internet. As such, I won’t be switching entirely over any time soon. But I think ProtonMail has enormous potential, especially if they can add in the conveniences we’ve grown used to with our less secure email addresses. If they can pull that off—marry the user-friendly, work-friendly features with the bananagrams security they’ve already got going on — they could be able to reform standard email security in a pretty damn impactful way. For now, I recommend having one for sensitive information. Since ProtonMail has a free plan, it’s not a hassle to give it a go. For those who need custom domain names and multiple addresses, ProtonMail also offers a paid plan for 48 euro per year. For those who need unlimited everything, the Visionary plan goes for 288 euro a year. I wouldn’t go for either plan just yet — wait for some of the more necessary inbox management features to come down the pipe first. Use the free one when you need it.
Hit up their website to use their webapp, and download their iOS and Android apps.
Things To Keep In Mind
+Remember your private decryption key! If you loose it, you can’t access your emails. Period. End of story.
+It is not a tinfoil-hat thing to worry about security in this day and age. Even if you have nothing to hide, a more private, more secure email situation is still beneficial for you—unsavory people would like information about you because you have a convenient identity or your credit score is good. This isn’t just about thinking your government is out to get you. But more importantly, there are those people in the world who live in countries with government-enforced moral codes that condemn homosexuality and gender diversity. Often citizens of such countries rely on digital spaces to foster LGBTQ community, as it is safer to meet online than in person. So before you head to the comments to ask why you need this, consider that this is a good thing in our hella-queer world even if you feel like it doesn’t personally apply to you at this juncture. Also remember that it’s not unreasonable to wonder how many steps away we are from living in a dystopian YA novel — for those of us who do not have to worry about this, our circumstances could change in an eyeblink. Lay the foundation for a private life now.
+When you send a self-destructing email, do remember that screenshots still exist.
+When you report bugs, attached screenshots are NOT encrypted.
+Like many startups, the only women on the About page work in customer service (which is a difficult and valuable job). It made me sad to know that there aren’t women involved in the design, development or leadership positions. Sad, sad, sad.
+Nothing is ever 100% secure. ProtonMail’s Terms of Service acknowledge this:
The Company does not make any warranty about the reliability of the Service and does not guarantee the security of user data despite best efforts. The Service is provided “as is” and you agree to not hold the Company responsible nor to seek indemnification for any damages that may arise as a result of the loss of use, data, or profits connected to the performance of the Service or failure in such performance. Furthermore, you will not hold the Company liable or seek indemnification if confidential material is unintentionally released as the result of a security failure or vulnerability in the performance of the Service.
Oh man I’d be so into this because I’m trying to remove Google from my life and right now both emails
(Work Application Email and Social Media Account email) are Gmail accounts
But switching over takes so much tiiiiime
Like my work application email gets so many flipping emails from so many random job application type things?? And I thought I was Free From PayPal but then I had to make a new account to pay for A-Camp, God Fuck, I Hate PayPal
I have a master list of passwords and if I lose it my life will be ruined and also, I probably need to reset them soon as it has been about a year.
But I don’t keep a master list of “accounts attached to (insert email)” so I don’t remember what I have to reset upon ditching my Gmail. Life is difficult and I’m not a fan.
And also YouTube. Where would this leave my YouTube watch history. Why did google have to go and buy YouTube and make life complicated and ruin the comment sections with Google plus? WHY DO I GET NOTIFICATIONS FROM GOOGLE PLUS?? I Dont think I even have that?????
I was recently looking at how many of my accounts are hooked up to google and thus my real name without me really having thought about it. I’ve tried to erase my facebook prescence and that was frustrating as hell too. I wish more people thought about the fact they are paying for all the “free” google services they use with their data and their identity.
Also if I got this I’d need to, like, get that encryption key tattoo’d onto my person somewhere discrete because I will absolutely lose it
Same
I agree that we definitely need this! I’ve had so many frustrating conversations where people are like, “I don’t care about online privacy issues, I have nothing to hide”. You’re missing the point!
I wonder though, if it could be abused by unsavory types looking to have a safe way to communicate about illegal activity. Like what if Nixon had of had this service? Are there safeguards in place for that?
I don’t think there’s a way around that without sacrificing the ethos of the project?
Like the whole FBI wants into the iPhone thing because CRIME
It’s the same question, right?
Yeah, I suppose it is.
Interesting and relevant, thanks for putting this together!
I had been looking for an escape from yahoo’s incessant ads and crap news (non-news, really) and most people I asked said gmail was better. But this looks like a likely alternative.
Thanks for the info. I have been looking for a safer email alternative.
Thanks for the recommendation. I think I’ll give it a look for things that absolutely need security. Will also have to see if it’s accessible using a screen reader. I just got away from GMail and switched to Fastmail so not looking to switch wholesale again, but I agree there are times when easy encryption is a good thing.