Secure email whether DIY or as a service
Writing this newsletter has rekindled my appreciation if not affection for email. As more of our world becomes mediated by algorithms, it is refreshing to be able to revert to a protocol that is far more accessible and resilient.
The key phrase being protocol. It evokes a different Internet era where instead of platforms people used protocols, and those protocols enabled a truly distributed networks. In particular protocols allow you to use whatever app on whatever server and still be connected with everyone.
There was a time when Twitter was headed in this direction, when their API (application programming interface) was wide open and anyone could connect. There were a wide range of twitter clients you could use, all sorts of services, and for a short while Twitter’s rapid growth was fueled by this decentralized development and innovation.
Foolishly and tragically Twitter reversed course and locked out most apps and bought the ones that were most popular (tweetdeck). No surprise this consolidation resulted in stagnating user growth and the demise of what was a health and supportive ecosystem. In hindsight had Twitter maintained their development direction towards emulating or becoming a protocol rather than a platform, they’d be far better off and stronger than they are now.
We digress, but the point stands, protocols are worth our attention and resources, as they provide a far more stable base upon which to communicate and build networks. This is partly why email remains a pillar of our society. A generally reliable and stable tool, that we generally take for granted.
When Metaviews subscriber Chris Lewis signed up, he asked me for advice on email. I quickly replied and referred him to ProtonMail, but also noted that it would make for a good Future Tools issue. I’ll admit I tend to take Proton Mail for granted, and did not until recently recognize that it is not only a valuable service, but also a free and open source project that anyone can install and operate on their own.
Here’s their mission statement:
We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. This is why we created ProtonMail, an easy to use secure email service with built-in end-to-end encryption and state of the art security features. Our goal is to build an internet that respects privacy and is secure against cyberattacks.
We are committed to developing and widely distributing the tools necessary to protect your data online. Our team combines deep mathematical and technical knowledge from the world's top research institutions with expertise in building easy to use user interfaces. Together, we are building the encrypted communication technologies of the future.
I first heard of Proton and became a customer when their ProtonVPN service was announced. A VPN or virtual private network, is a powerful tool for protecting your privacy and security. VPNs are used by corporations to enable secure remote work, but also by users in countries with aggressive or expansive surveillance policies.
ProtonVPN started offering a robust free version of their service shortly after the previous US presidential election, and I bought a paid version to support the development of their free version. I’ve used ProtonVPN quite a bit since then, especially when travelling, and I remain a happy customer.
ProtonMail also has a free option, which I currently use, as well as paid options that provide greater storage and features. They also provide enterprise services so that companies who want secure email (and VPN) can pay for the service.
However it is worth repeating that Proton as a company or set of initiatives is firmly committed to free and open source software.
What’s remarkable is that their commitment to open source is done for a range of reasons. The primary one is for reasons of trust and security. Given that Proton seeks to produce some of the most secure and trustworthy digital products available, they’re doing so not based on faith, but on testing and auditing. Anyone can go through their code, attempt to find flaws, or alternatively build upon their success and innovation.
And it’s interesting to see them release all sorts of software as open source, whether web clients, mobile clients, server software or encryption software. They’re genuinely committed to seeing this technology and the features it enables as widely available and supported as possible. For example ProtonMail Bridge makes it possible to use their paid service, securely, and integrated with your desktop email program.
Which is why I think it is important to highlight ProtonMail (and ProtonVPN) as Future Tools, as their commitment to open source all of their tools means that you could install your own version locally, and do with it as you wish.
This is something that I’m considering doing, although I am quite content to use Proton’s services. However sometimes it’s worthwhile to have your own instance, even if it is only a backup.
For example, one of the sponsors of this newsletter, is Heavy Computing, run by Metaviews member Ken Chase. Ken offers virtual private servers (VPS) that make it easy for you to run your own vessel on the Internet.
In this scenario you could grab your own domain name from our major sponsor, EasyDNS, and then pick up a virtual server from Heavy Computing, and from there install a mail transfer agent (MTA) like postfix, and on top of that either the ProtonMail web client, or the bridge that connects to your own desktop email client.
While I do acknowledge that many of you reading this are not in a position to run your own server or your own secure email service, but the point here is that you could. Even if you didn’t have the technical expertise to do it yourself, it’s not hard to find someone you could hire that could do it for you. The end result would be the same. You’d have a secure email service that you were in control of.
This is the kind of Internet marketplace that makes sense. One in which decentralization is part of the logic of protocols and services offered. Companies like Proton don’t take your trust for granted, but rather go out of their way to earn it. Further if you don’t want to trust them, you don’t have to, as if desired you can use the software on your own, however you see fit. This kind of foundational approach can go a long way towards ensuring that our communication networks and infrastructure are as resilient and redundant as possible.
Similarly it is encouraging and inspiring to see how companies like Proton are able to use their infrastructure for the greater good:
I should also point out that I was reminded of how versatile ProtonMail is when I was doing some preliminary digging in response to a request from Metaviews subscribe Ohran Gobrin who asked if I had any info on digital signatures. While I’ve not come up with enough material for a dedicated newsletter issue, I did come across this little bit:
It partially circles back to our first Future Tools issue which looked at Keybase, which was a service focused on making encryption as easy and accessible as possible. ProtonMail is similar, in that their focus on security and privacy also makes encryption accessible and relevant.
More reason to take the time to explore how ProtonMail and ProtonVPN may be relevant to your work, security, and privacy.
If there is a tool or service or need that you would like us to profile or dig into as part of our Future Tools series, please let us know! #metaviews
Finally here's a video that sheds light on where ProtonMail is headed in the near future: