The Only Email System The NSA Can't Access

Thought maybe some people on here might like this. There servers have been overwhelemed so you can join but cannot activate your account yet. They are working on this.

When the NSA surveillance news broke last year it sent shockwaves through CERN, the particle physics laboratory in Switzerland. Andy Yen a PhD student took to the Young at CERN Facebook group with a simple message: “I am very concerned about the privacy issue, and I was wondering what I could do about it.”

There was a massive response, and of the 40 or so active in the discussion, six started meeting at CERN’s Restaurant Number 1, pooling their deep knowledge of computing and physics to found ProtonMail, a gmail-like email system which uses end-to-end encryption, making it impossible for outside parties to monitor.

www.forbes.com...

A free service is offered and a payed service. About 10,000 people are joining a day. That is far more than was initially anticipated. I
I have signed up for an account myself.

“One of our motivations was human rights,” says Yen. “Having privacy is very important from a freedom of speech standpoint.”

protonmail.ch...

purp

There are other webmail services that use encryption, I wonder how this one is different?

In any case the NSA can probably break any encryption out there given enough time. If they do have a working quantum computer someplace, virtually any kind of algorithm could be cracked.

a reply to: MystikMushroom

In any case the NSA can probably break any encryption out there

This alone is far more accurate. If a communication can be captured, it can be decoded with astonishing speed.

AT&T did produce a truly secure telephone back in the '80s. They were not allowed to bring it to market.

Curious ... is the OP's link to a site in China??

I would like to think someone could come up with a way for privacy but in this day and age I don't think there is anyway.

THEY would get into these web site's and people would never know tell another Snowden outed them.

Mouth to mouth or good old letter writing is the only way and even that has probably been compromised in some way .

I saw something about this. The spokesperson said the only way to get at the data was to physically break in. The server vault may be secure but data still has to get in and out, right?

The most secure vault in the world can't prevent the gold train from being robbed on the way there…

a reply to: MystikMushroom

Most email can use a pgp key to encrypt the email.

however if the encryption is done securely on your computer and then secured to the server that's even better.

they would have to unencrypt the traffic as well as the message in order to read the email.

protonmail.ch...

reading the security page.

Zero Access to User Data.

Your data is never accessible to us.

ProtonMail's segregated authentication and decryption system means logging into a ProtonMail account that requires two passwords. The first password is used to authenticate the user and retrieve the correct account. After that, encrypted data is sent to the user. The second password is a decryption password which is never sent to us. It is used to decrypt the user’s data in the browser so we never have access to the decrypted data, or the decryption password. For this reason, we are also unable to do password recovery. If you forget your decryption password, we cannot recover your data.

and then this.

End-to-End Encryption.

Messages are fully encrypted at all times.

Messages are stored on ProtonMail servers in encrypted format. They are also transmitted in encrypted format between our server and users’ browsers. Messages between ProtonMail users are transmitted in encrypted form completely within our secured server network. Because they never leave our secured environment, there is no possibility to intercept the encrypted messages enroute.

oh and even better. Full hardware and disk encryption!

Hardware Level Security.

Full disk encryption and storage in secured datacenters.

We have invested heavily in owning and controlling our own server hardware at several locations within Switzerland. They are collocated in some of the same secured and guarded datacenters used by Switzerland’s famed private banks. We do this to ensure that even your encrypted data is not easily accessible to any third parties.

On a system level, our servers utilize fully encrypted hard disks with multiple password layers so data security is preserved even if our hardware is seized. On an organizational level, no single individual possesses all access passwords; they are separately kept by members with different citizenships.

These precautions may seem excessive, but in today’s world, precautions must be taken to minimize the risk of human security compromises.

I'll give it a try, I could use something better than Yahoo & my other backup provider anyway. Nothing is impenetrable anymore, but if it makes it that much more of a headache to break into, then it's all good.

a reply to: purplemer

Maybe this is a way to separate the wheat from the chaff. In other words those who may have something to hide will use this service and pay for it thereby making NSA's work a little easier.

I just don't trust anything any more as far as privacy goes.

It probably ends up being a scam of some sort. These days you never know. Maybe they just want to test the vulnerability of email accounts. Maybe this is their testing site? I wouldn't trust everything you read, just in case they want to use you as a guinea pig.

pretty cool, and i hope it becomes so blatantly obvious to the TPTB,that this is what we all want, privacy, freedom, NSA who??? There would be big business in this market, i just hope its not some fake loop hole, and they can still read everything they want too. Ive come to the realization that if its electronic, its not secure. have to go back to the old pen, paper, and a book of matches.

Wonder what the local laws are for opening up the servers to those with the proper warrant?

don't see much difference with other encrypted mail services, being based in Switzerland is a plus compared to the US based ones.

a reply to: purplemer


It is all well and good setting up a encrypted link between your browser and their server, how secure it actually is would need to be tested, however it is a moot point really as when they send your mail to another mail server it will have to be sent without this encryption or the receiver will not be able to read it.

IF, and that is a big if, the data is secure on their server, the only way it would be totally secure would be if you were emailing someone using their service only.

Personally I think it is just a honey trap, "Hey guys your mail is secure here... The government funding we all live on here at CERN has no bearing on what we do, Honestly..."

originally posted by: Snarl
a reply to: MystikMushroom

Curious ... is the OP's link to a site in China??

.ch is switzerland

en.wikipedia.org...

originally posted by: PrinceDreamer
Personally I think it is just a honey trap, "Hey guys your mail is secure here... The government funding we all live on here at CERN has no bearing on what we do, Honestly..."

That's the biggest problem of all. There's no reason to trust these people or anyone for that matter.

Even if you set up your own email server with self-destruct and encryption you have to trust the encryption whatever you use and you have to trust that your hardware and components havent made a side trip to be implanted and then you have to trust every device you use to compose or read said emails.

The only real solution you can absolutely trust is to not use any of this stuff.

But then that lack of communication is what they want. Either they lock you up or they let the chilling effect keep you from communicating at all.

The only messaging system that the NSA can't monitor?

It doesn't matter if they use strong encryption. That's only for the communication between your browser and the web server. Remember that these sites still use known software for which the NSA might have backdoor or ways to break in.

From what I can gather, it is running on an Apache web server with PHP in its code and running on CentOS. They might have zero day attacks for these or I'm sure if somebody spend enough time doing SQL injection against their web app, they'll find a way in.

a reply to: TXRabbit

Or just take someone into a bathroom, turn on the water and shower and talk very quietly.

If I had to relay some kind of sensitive information and I didn't want to be snooped, I'd only relay the information in person. Every form of electronic communication can be intercepted.

Government spook #1: There are people who don't want their email spied on
Government spook #2: The only people who don't want their email spied on are people with something to hide.
Government spook #1: We need to spy on their email for the sake of "national security".
Government spook #2: We can set up a site that claims to provide unbreakable encryption.
Government spook #1: But, we of course have the key...LOL.
Government spook #2: We will call it, "Protonmail" and claim it was developed by some egghead.

Government spook #1: The sheeple will eat this up and join by the thousands. All hail, "Big Brother"!

A old fashioned one time pad, when properly used, can't be broken. The Verona intercepts were only broken because the onetime pad was reused.

If I was going to try and create a bulletproof way of communication, I'd try and apply those principals.