What is ProtonMail, the service used by Cambridge Analytica to cover its tracks?
If you've been out of the loop of the Facebook/privacy/Cambridge Analytica scandal that has ruled headlines over the past week, there's a small yet incredibly important detail you may have missed.
SEE ALSO:Facebook's latest scandal knocked $40 billion off its market valueCambridge Analytica — the data analytics firm that came under fire this weekend for maliciously collecting information on 50 million Facebook users — reportedly used a self-destructing, encrypted email service called ProtonMail to cover its tracks, covering up correspondence between the company and third parties, according to a Channel 4 News investigation published Wednesday. The firm set emails to self-delete after two hours and urged clients to use the service as well, per footage captured of former CEO Alexander Nix talking to a journalist posing as a would-be client.
"I'd like you to set up a ProtonMail account, please," Nix said, "because these are, now it's getting quite sensitive."
"We set our ProtonMail emails with a self-destruct timer," he continued. "So you send them, and after they've been read, two hours later they disappear."
It's a particularly small note in an otherwise huge story, yet it has major implications.
But how exactly does ProtonMail work? What exactly does self-destructing email mean? Here are all your ProtonMail questions, answered.
So how does ProtonMail work?
Just like any normal email service. Go to their website, sign up for an account, and you're in. Their free service has some restrictions, though. You only get 500 MB of storage and can only send 150 messages per day. If you upgrade to the Plus plan for (4.00 € or ~ $4.91 per month), you get 5 GB of storage, 1,000 sent messages per day, and a slew of other perks. (The site also offers "Visionary" and "Business" pricing options.)
Once you're set up, you use it just like you would Gmail or Yahoo. Hit the compose tab in the top left corner, and you'll see a screen like this.
The important part here is the hourglass icon in the bottom left corner of the new message menu. That's where you can set the expiration time of the email, for whatever number of weeks, days, or hours you'd like. One thing to note is that the timer starts after the email is sent, not once it's opened. And also, this only works for ProtonMail to ProtonMail messages. So if you're sending messages to a Gmail account, they won't be deleted.
Credit: protonmailThere is a way, however, that you can send emails to non-ProtonMail users and still encrypt them. Just hit the lock icon to the right of the hourglass. It'll ask you to create a password for the message. This password is what the recipient would enter in opening the message, and it should be communicated to the recipient outside of the email since, clearly, they won't be able to open it sans password. Using that in combination with the timing/self-destruct feature will ensure that the content of the email won't live on any external server (i.e. Google) and would be deleted once ProtonMail erases it.
All of this sounds a tad bit shady, no? Which brings us to the next question: How does ProtonMail get away with it? The answer is its email servers, which are based in Switzerland.
Say, what? ProtonMail has email servers in Switzerland?
Yes, it's something the company touts loudly on its website. On its homepage, it says, "ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws."
ProtonMail purports to be so secure that no one but you can access your email. They even make it explicit that ProtonMail couldn't read your messages if it wanted to. The company says that since all of the data is stored outside the realm of "intrusive" U.S. laws, only encrypted messages could be handed over.
In its words:
Zero-access encryption means that even if a complaint is brought in a Swiss court that meet the high requirements for data disclosure, only encrypted emails could be handed over. As a Swiss company, ProtonMail cannot be forced to hand over data in cases of US or EU civil litigation. Thus, even if you don’t care about privacy, ProtonMail is still the ideal choice for businesses, journalists, activists, and individuals who are worried about the overreach of US government agencies or courts.
That's a bold claim. Is it true?
Prior evidence says otherwise. As pointed out by WIRED in 2015, a federal judge forced Lavabit — once a secure email company that claimed an encryption so great administrators couldn't read emails — to turn encryption keys over to the government in 2014. A similar outcome occurred all the way back in 2007, when Hushmail, which touted similar "not even we can see your emails" levels of security, turned 12 CDs worth of emails from three accounts over to the government. So while ProtonMail claims it has Pentagon-like security, that may not actually be the case.
Per that same WIRED report:
That’s because Switzerland has a mutual legal assistance treaty relationship with the United States. These treaties require foreign governments to hand over to a requesting government any information legally available to their local authorities. That means that Switzerland would have to give the US access to any data that it could itself access.
Wow, all of this is wild. It sounds kinda like something 'Mr. Robot' would use, lol.
Doesn't it? In fact, if you're a fan of USA Network's smash-hit hacker drama, Mr. Robot, the same concept is used prominently in both the first and third seasons of the show. Elliot Alderson, the show's main character, a talented hacker with an unstable grip on reality, uses self-destructing emails and encryption in his quest to topple the global economy. Seems foreboding, no?
UPDATE: March 22, 2018, 8:50 a.m. EDT — ProtonMail CEO Andy Yen reached out to Mashablewith a statement to clarify how its technology is different from Lavabit and Hushmail. "We actually do not possess the encryption keys of our users. The reason we can't hand over the emails of our users is not actually due to Swiss law, but because without access to the encryption keys, we cannot actually decrypt any of the messages stored on ProtonMail."
Featured Video For You
Facebook is using facial recognition — here's how to turn it off
-
iPhone 16 Pro new color will reportedly be Desert TitaniumThe Monday Slatest newsletter.NK top nuke envoy arrives in Beijing possibly on way to talks with USJ.K. Rowling slams Mike Pence with 1 biblical tweetSpate of defections show Kim JongResearchers develop wearable to track hydration levelsHere's your first look at Apple's minor, but useful, MacBook updateUS denies hostile intent, reiterates willingness to talk with North KoreaNorris stuns Verstappen at Dutch GPThe 1 thing that may kill Apple's new HomePod
下一篇:SCOTUS: The courts implementing Project 2025, without Trump.
- ·Newborns hit new low, but births to those unmarried reach record high: data
- ·Uber, Ola ordered to halt ride
- ·Hackers takeover Twitter accounts to spread fake news
- ·North Korea accuses UN Security Council of applying double standards over military activities
- ·Get Thee to Totality: Chicago
- ·Ministry approves 3 requests by civilian groups to provide humanitarian aid to North Korea
- ·iOS 11 isn't coming to the iPhone 5
- ·#DeleteUber coup: CEO Travis Kalanick resigns from Trump's board
- ·Google Gemini now allows AI
- ·Berkeley student Khairuldeen Makhzoomi claims was kicked off Southwest flight for speaking Arabic.
- ·Today’s Trump Apocalypse Watch.
- ·[News Focus] 2 in 5 South Koreans aged 50 or over
- ·What Ever Happened to Winamp?
- ·Enquirer wants you to know that they are not the National Enquirer
- ·Hackers takeover Twitter accounts to spread fake news
- ·Ibrahimovic returns to AC Milan
- ·17 Spectacular Outdoor Staircases
- ·North Korean leader says boosting military capabilities is 'not for war with South or US'
- ·Catch a discounted ride to the polls
- ·Trump's anti
- ·Who is the Dark Wizard in 'The Lord of the Rings: The Rings of Power' Season 2?
- ·疾病也挡不住的工作热情
- ·Escape your boring office with the sounds of U.S. national parks
- ·S. Korea's F
- ·特写|在农事定向大赛遇见和美乡村
- ·Taylor Swift sang 'Tim McGraw' with Tim McGraw and Faith Hill
- ·We Bought the Cheapest DDR5 RAM Modules We Could Find, Are They Any Good?
- ·Michelle Obama just made her WWDC debut, and she dropped some major wisdom
- ·Prosecution grills justice minister's wife again over alleged family corruption
- ·Ibrahimovic returns to AC Milan
- ·21 College and University Museums
- ·Riot Games is ready to explain how it's going to end its 'bro culture'
- ·Facebook just made it easier to yell at your politicians
- ·S. Korea confirms 2 more African swine fever cases
- ·Alcaraz vs. Van de Zandschulp 2024 livestream: Watch US Open for free
- ·A working Apple