Secure Email and Cloud Alternatives to Gmail and Dropbox
Back in June last year, confidential documents leaked by Edward Snowden indicated that major email and cloud storage providers like Google, Microsoft, and others were part of the NSA's top secret surveillance program called PRISM. And if that wasn't enough, there have been numerous reports of companies snooping on their customers themselves.
All these revelations have made Internet privacy a burning issue, with many privacy-conscious users now turning to services that claim to be secure from prying eyes of the NSA and law enforcement. In this article, we take a look at some of the privacy-focused email and cloud storage services that have either sprung up or gained popularity in the wake of what has popularly been referred to as the Summer of Snowden.
Secure email services
Lavaboom
Lavaboom is a Germany-based email service founded this year by Felix Müller-Irion. Designed to provide end-to-end encryption using OpenPGP, the service allows users to encrypt and decrypt messages locally, instead of doing it on its own servers. The company calls it "zero-knowledge" architecture, as secret keys are in possession of users, Lavaboom just acts as a carrier.
Encryption and decryption is performed using JavaScript code, which along with the user's private key, is stored in the web browser's cache. The company warns not to clear your cache from Lavaboom because, by design, they can't offer password recovery. "Once you flush your private key, all your data stays encrypted until you somehow rediscover your private key. We will not provide you with any refunds if you lose your private key".
Lavaboom, which is currently in private beta, offers both free and paid versions. While the former has a 250 MB mailbox limit and two-factor authentication, a premium subscription costs €8 (~$11) per month, and provides 1GB storage along with a three-factor authentication option.
While Lavaboom touts itself as a secure email provider, it clearly says it's not NSA-proof. In the words of co-founder Bill Franklin, "If Barack Obama considers you a terrorist, it's likely you will be hacked." Also, since there currently exists no way to encrypt metadata, information like subject lines, sender and receiver email addresses, timestamps, and more will still be unencrypted.
On the upside, there's the advantage of being base in Germany, which has better privacy laws than the US and where the NSA has no jurisdiction. Local agencies can issue warrants only for individual data, not the entire user base, and these must be approved by the German high court.
Lastly and most importantly, Lavaboom assures that in case it is forced to turn over user data, the company has a mechanism in place that will destroy their hard disks in a matter of minutes and turn them into "little more than coasters".
Protonmail
After the Snowden revelations surfaced last year, Andy Yen, a PhD student working at CERN took to Facebook to share his concerns over privacy, triggering a vivid discussion over the issue. Soon thereafter, a group of scientists including Yen, came together to create Protonmail.
Just like Lavaboom, Protonmail also provides end-to-end encryption, and allows users to encrypt messages in their web browser before the information reaches the company's servers, which are housed in Switzerland.
When you send an encrypted message to somebody who is not on Protonmail, they receive a link that loads the encrypted message onto their browser, which they can decrypt using a decryption password that you have previously shared with them. Of course, you can also send unencrypted messages to Gmail, Yahoo, Outlook, and others, just like regular email.
According to Yen, the reason the team chose Switzerland is that the government agencies there cannot force the company to expose their system, something which is guaranteed by the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT).
Another interesting thing worth mentioning is that instead of going for venture funding, and likely be subject to pressures form investors, Protonmail went for crowd funding and has already raised more than $550,000, which is well over their initial goal of $100,000.
Protonmail offers both free and premium accounts. While the former has a 100 MB storage limit, $149 gets you a year of ProtonMail+ with 1GB extra storage. The email service is currently in open beta, which means that it is available to the general public, although there is currently a waiting list for accounts as the service is scaling gradually.
Tutanota
Tutanota, which means "secure message" in Latin, is also a Germany-based privacy-focused email service offering end-to-end encryption. Its parent company Tutao was founded in 2012 by three former students from Leibniz University Hannover.
While much of the functionality Tutanota provides is similar to Lavaboom and Protonmail, it also offers a Microsoft Outlook add-in, Tutanota Starter, that encrypts emails directly in Outlook. In addition, the service has also released its source code on GitHub, claiming to be the first operational, secure e-mail application to go open source.
Like other secure email services, Tutanota currently can't encrypt the metadata, but the company says it has some ideas on how to address the issue. The service seems to be well-tested, as it has already passed vulnerability testing from leading security firm SySS GmbH.
Launched internationally in July this year, Tutanota currently offers 1GB of storage for free, although the company says that it has plans to offer premium versions with additional storage in the future. The company is also planning to launch apps for Android and iOS soon.
Dark Mail
While secure email services like Lavaboom, Protonmail, Tutanota, and more boast of end-to-end encryption, the fact remains that there currently exists no way to encrypt metadata, which includes the subject line, the sender and receiver email addresses, and more.
Ladar Levison, owner of shut-down secure email service Lavabit, has taken up the challenge and is collaborating with the folks at Silent Circle and convicted hacker Stephen Watt to come up with a solution to the problem. Dubbed Dark Mail, the project aims to encrypt both content and metadata of email messages as well as attachments.
How they are doing it? By rewriting the protocols of email. The project consists of various components including an email client called Volcano, server software called Magma Classic and Magma Dark, and the Dark Mail protocol, which is being written from scratch.
The Dark Mail system is modeled on Tor, and would primarily include two servers in the email transaction: the sender's server and the receiver's server. Each knows nothing about the other party except for the domain, not who sent or is receiving the emessage.
In layman's terms, a message traveling in the Dark Mail system would be like an envelope that, on the outside, is only addressed to and from post offices, making it nearly impossible for spying agencies to know who sent it or received it. "Done right, this should make it technologically impossible to conduct mass surveillance," Levison says.
Both Levison and Watt want the project to work with existing email programs. Levison has also started a Kickstarter campaign, which has already raised more than $200,000, compared to its initial goal of $196,608. The project, which was also discussed at this year's DEF CON hacker conference in Las Vegas, is expected to take another six months to complete.
Secure cloud storage services
Spideroak
Spideroak is a US-based cloud storage company that offers client-side encryption, which means that it allows you to encrypt data locally. The encryption keys, as well as the password through which the keys are generated, are stored on your device, ensuring that no one, including company employees, can view your data.
Founded in 2007, the service shot to fame after Snowden gave it a thumbs up, praising its zero-knowledge privacy policy, while warning against "wannabe PRISM partner" Dropbox. The Electronic Frontier Foundation (EFF) has also listed the firm in its annual report of companies that stand by their customers when the government seeks access to user data.
Back in August, the company implemented a warrant canary, which means that if it receives a government request for user data along with a gag order, the company can't say anything about it, but it can stop saying everything is okay using a special 'status' page.
Spideroak has also released an open source software that aims to provide developers a simple way to build secure applications. Dubbed Crypton, the software is essentially a framework that lets applications encrypt information within a web browser before it is sent to a remote server.
Spideroak supports Windows, OS X, and Linux, and has mobile apps for iOS and Android. The service provides 2GB storage free for life, and 100GB for $10/month or $100/year. Extra storage can be also purchased in 100GB increments for the same price.
Tresorit
Like Spideroak, Tresorit also offers end-to-end encryption, with keys stored locally on users' devices. The Switzerland-based company, which was founded in 2011 by Hungarian programmers Istvan Lam, Szilveszter Szebeni, and Gyorgy Szilagyi, officially launched its secure cloud storage service after emerging from its beta in April this year.
The key selling point of Tresorit is that it relies on what the company calls "one of the strongest encryption algorithms on the market", which makes it possible to store and share data without the company's servers getting access to the content.
Tresorit claims unmatched security, and to prove this, the company in April last year organized a hackathon, offering $25k to anyone who could break their cloud storage encryption. Hackers from some top universities like Stanford, MIT, Harvard, Princeton, and more, participated in the event, but nobody could hack the service. The bounty has now been increased to $50k.
The company recently added a DRM feature that provides more control for businesses by extending security to documents once they have been shared and during collaboration. This means that you can now modify or remove access to your encrypted content anytime, even if someone has already synced it to their computer. The feature also gives you access to more granular permissions; you can limit copying, printing, screenshotting, and more.
Tresorit supports all major platforms, including Windows, Mac, Android, iOS, Windows Phone, and BlackBerry, and offers three types of pricing options: the Basic plan offers 5GB free storage, while the Pro and the Business plans start at 20GB and 100GB, and are priced at 5.99€ ($7.56) per month and 14.99€ ($18.92) per user per month, respectively.
Honorable mention: BitTorrent Sync
While not exactly a cloud storage service, Sync relies on BitTorrent's peer-to-peer technology to securely sync files and folders to multiple devices without a server from a third-party ever having access to your files. The approach means users won't have the convenience of keeping a copy of their documents stored online and accessible from any devices besides your own, but it also offers the advantage of no storage limits and an extra layer of security.
Users can create their own redundant backup on multiple devices with minimal effort, or share files with others privately using an auto-generated secret key. Sync is available for Windows, OS X, Linux, iOS, Android, Windows Phone, NAS devices and more
Wrap Up
While there is no denying that end-to-end encryption beefs up security and helps protect data from being snooped by third parties, it's definitely not a silver bullet that can guarantee a completely secure way to communicate on the Internet. That said, it's always a good idea to go for services that offer an extra layer of security because after all it's likely you'll use them for storing and sending sensitive data like your own personal information.
Header image via Shutterstock
-
LG Display starts production of advanced OLED displays for gaming市南区一季度20家企业集中签约 总投资超100亿元挪庄大院:改造不改“人情味” 留人留住“城市乡愁”淇勭綏鏂浗瀹跺崥鐗╅(涓浗闈掑矝)铏氭嫙鍒嗛鑺辫惤闈掑矝Giant dual总投资772亿!青岛西海岸新区二季度59个项目集中签约开工平度市地方金融监管局“六个聚焦”支持重大项目建设灞变笢绉诲姩闈掑矝鍒嗗叕鍙革細鐢ㄧЩ鍔ㄧ湅瀹讹紝鎶婂甯﹀湪韬竟锛岃鐖遍殢鏃堕櫔浼达紒11 Telescopes Exploring The Magic of Space“益”起向未来!《2022公益春晚暨语言艺术颁奖盛典》与时代同奋进
- ·Foreign, multicultural students rise amid declining school population
- ·青岛市青年书法家协会四届四次主席团会议召开
- ·黄盒子开放展在青岛西海岸新区开幕
- ·亲子采摘乐,缤Fun过新年
- ·N. Korea test
- ·青岛即墨鳌山港码头项目码头工程施工完成
- ·平安人寿青岛分公司3·15科普:“断卡行动”来袭,会影响我们的保单权益吗?
- ·寻一段“青岛往事” 中国电影院焕新亮相
- ·高温难耐,工会驿站化身“清凉小屋”
- ·在市南老城区有这样一片山海......
- ·年夜饭必备!解锁电白丝苗米的N种美味方式
- ·永嘉路社区关于80岁以上老人高龄补贴和体检补助登记的通知
- ·Pakistan Cricket at crossroads after shock defeat at Pindi
- ·市南区“N+书坊”阅读主题活动——首期“光影市南”影视分享会在中国电影院举办
- ·名人“流连不忍去的地方”,为什么是市南?
- ·中国平安发挥综合金融优势 助力养老第三支柱建设 旗下银行、基金正式上线个人养老金相关业务
- ·Newborns hit new low, but births to those unmarried reach record high: data
- ·山东移动青岛分公司圆满完成2023年青岛马拉松网络保障任务
- ·青岛市书法家协会五届十六次主席团扩大会议召开
- ·青岛往事之中山路上“不服老”的老字号(一)
- ·12 Sculptures Made From Recycled Materials
- ·真抓实干完成恢复重建 砥砺拼搏推动发展振兴
- ·写实的魅力!“卓尔不凡”中青年写实油画名家作品展亮相青岛市市南区
- ·西海岸新区立足企业群众,再造行政审批服务流程,学史力行推动便民服务
- ·PS5 Pro: It looks like a sketch of the design just leaked
- ·中国平安2022年赔付总件数超2亿件 总金额超2800亿
- ·Google Search tries new tactics for limiting explicit deepfakes
- ·筑牢交通防疫线,健康出行有保障 西海岸新区交通部门严格落实疫情防控各项措施,织密织牢防控网络
- ·总投资772亿!青岛西海岸新区二季度59个项目集中签约开工
- ·浜ら€氶摱琛岄潚宀涘垎琛屼笌娴蜂俊闆嗗洟绛捐鍏ㄩ潰鎴樼暐鍚堜綔鍗忚
- ·12 Places that Celebrate Women in Science
- ·灞变笢绉诲姩闈掑矝鍒嗗叕鍙革細鐢ㄧЩ鍔ㄧ湅瀹讹紝鎶婂甯﹀湪韬竟锛岃鐖遍殢鏃堕櫔浼达紒
- ·永嘉路社区关于80岁以上老人高龄补贴和体检补助登记的通知
- ·筑牢交通防疫线,健康出行有保障 西海岸新区交通部门严格落实疫情防控各项措施,织密织牢防控网络
- ·17 Places That Harness the Power of the Sun
- ·“唱响新春 筑梦未来”新春合唱音乐会 琴岛爱乐合唱团用歌声致敬时代