easyDNS is pleased to sponsor Jesse Hirsh‘s “Future Fibre / Future Tools” segments of his new email list, Metaviews.
Secure email whether diy or as service
Writing this newsletter has rekindled my appreciation if not affection for email. As more of our world becomes mediated by algorithms, it is refreshing to be able to revert to a protocol that is far more accessible and resilient.
The key phrase being protocol. It evokes a different Internet era where instead of platforms people used protocols, and those protocols enabled a truly distributed networks. In particular protocols allow you to use whatever app on whatever server and still be connected with everyone.
There was a time when Twitter was headed in this direction, when their API (application programming interface) was wide open and anyone could connect. There were a wide range of twitter clients you could use, all sorts of services, and for a short while Twitter’s rapid growth was fueled by this decentralized development and innovation.
Foolishly and tragically Twitter reversed course and locked out most apps and bought the ones that were most popular (tweetdeck). No surprise this consolidation resulted in stagnating user growth and the demise of what was a health and supportive ecosystem. In hindsight had Twitter maintained their development direction towards emulating or becoming a protocol rather than a platform, they’d be far better off and stronger than they are now.
We digress, but the point stands, protocols are worth our attention and resources, as they provide a far more stable base upon which to communicate and build networks. This is partly why email remains a pillar of our society. A generally reliable and stable tool, that we generally take for granted.
When Metaviews subscriber Chris Lewis signed up, he asked me for advice on email. I quickly replied and referred him to ProtonMail, but also noted that it would make for a good Future Tools issue. I’ll admit I tend to take Proton Mail for granted, and did not until recently recognize that it is not only a valuable service, but also a free and open source project that anyone can install and operate on their own.
Here’s their mission statement:
We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. This is why we created ProtonMail, an easy to use secure email service with built-in end-to-end encryption and state of the art security features. Our goal is to build an internet that respects privacy and is secure against cyberattacks.
We are committed to developing and widely distributing the tools necessary to protect your data online. Our team combines deep mathematical and technical knowledge from the world’s top research institutions with expertise in building easy to use user interfaces. Together, we are building the encrypted communication technologies of the future.
I first heard of Proton and became a customer when their ProtonVPN service was announced. A VPN or virtual private network, is a powerful tool for protecting your privacy and security. VPNs are used by corporations to enable secure remote work, but also by users in countries with aggressive or expansive surveillance policies.
ProtonVPN started offering a robust free version of their service shortly after the previous US presidential election, and I bought a paid version to support the development of their free version. I’ve used ProtonVPN quite a bit since then, especially when travelling, and I remain a happy customer.
People around the world are relying more on the Internet during the #COVID19 pandemic, from streaming shows to video chatting with loved ones. That’s why we are working diligently to expand our VPN network. We added 53 new, secure servers! https://t.co/EXf2PobYqo pic.twitter.com/L0vG7Kde2q
— ProtonVPN (@ProtonVPN) 3 April 2020
ProtonMail also has a free option, which I currently use, as well as paid options that provide greater storage and features. They also provide enterprise services so that companies who want secure email (and VPN) can pay for the service.
However it is worth repeating that Proton as a company or set of initiatives is firmly committed to free and open source software.
Our ProtonMail Android app is now open source! Starting today, every app you use to access Proton services are open source and have passed an independent security audit. You can find all the details here. https://t.co/l6OZZnpnQI
— ProtonMail (@ProtonMail) 23 April 2020
What’s remarkable is that their commitment to open source is done for a range of reasons. The primary one is for reasons of trust and security. Given that Proton seeks to produce some of the most secure and trustworthy digital products available, they’re doing so not based on faith, but on testing and auditing. Anyone can go through their code, attempt to find flaws, or alternatively build upon their success and innovation.
And it’s interesting to see them release all sorts of software as open source, whether web clients, mobile clients, server software or encryption software. They’re genuinely committed to seeing this technology and the features it enables as widely available and supported as possible. For example ProtonMail Bridge makes it possible to use their paid service, securely, and integrated with your desktop email program.
The ProtonMail Bridge app is now open source! It has also passed an independent security audit. You can find the full details and links to the code and audit report here. https://t.co/0Di5YkRI9W
— ProtonMail (@ProtonMail) 15 April 2020
Which is why I think it is important to highlight ProtonMail (and ProtonVPN) as Future Tools, as their commitment to open source all of their tools means that you could install your own version locally, and do with it as you wish.
This is something that I’m considering doing, although I am quite content to use Proton’s services. However sometimes it’s worthwhile to have your own instance, even if it is only a backup.
For example, one of the sponsors of this newsletter, is Heavy Computing, run by Metaviews member Ken Chase. Ken offers virtual private servers (VPS) that make it easy for you to run your own vessel on the Internet.
In this scenario you could grab your own domain name from our major sponsor, EasyDNS, and then pick up a virtual server from Heavy Computing, and from there install a mail transfer agent (MTA) like postfix, and on top of that either the ProtonMail web client, or the bridge that connects to your own desktop email client.
While I do acknowledge that many of you reading this are not in a position to run your own server or your own secure email service, but the point here is that you could. Even if you didn’t have the technical expertise to do it yourself, it’s not hard to find someone you could hire that could do it for you. The end result would be the same. You’d have a secure email service that you were in control of.
This is the kind of Internet marketplace that makes sense. One in which decentralization is part of the logic of protocols and services offered. Companies like Proton don’t take your trust for granted, but rather go out of their way to earn it. Further if you don’t want to trust them, you don’t have to, as if desired you can use the software on your own, however you see fit. This kind of foundational approach can go a long way towards ensuring that our communication networks and infrastructure are as resilient and redundant as possible.
Similarly it is encouraging and inspiring to see how companies like Proton are able to use their infrastructure for the greater good:
To support #COVID19 cure efforts, we have been donating computing resources to the University of Washington’s @RosettaAtHome project. Together with the Proton community, we’re now among the top 10 corporate contributors globally: https://t.co/HwKDpniEEN
— ProtonMail (@ProtonMail) 15 April 2020
I should also point out that I was reminded of how versatile ProtonMail is when I was doing some preliminary digging in response to a request from Metaviews subscribe Ohran Gobrin who asked if I had any info on digital signatures. While I’ve not come up with enough material for a dedicated newsletter issue, I did come across this little bit:
We have just launched the world’s first contact manager with zero access encryption and digital signature verification! Start encrypting and verifying your contacts today: https://t.co/d0C4xCLUKy pic.twitter.com/t8ZUPF4nGG
— ProtonMail (@ProtonMail) 21 November 2017
It partially circles back to our first Future Tools issue which looked at Keybase, which was a service focused on making encryption as easy and accessible as possible. ProtonMail is similar, in that their focus on security and privacy also makes encryption accessible and relevant.
More reason to take the time to explore how ProtonMail and ProtonVPN may be relevant to your work, security, and privacy.
If there is a tool or service or need that you would like us to profile or dig into as part of our Future Tools series, please let us know! #metaviews
This is our thirteenth issue in the Future Tools series.
The first was on Keybase, a service designed to make encryption easy to use. The second was on Pi-Hole, free and open source software designed to make it easy for you to block the digital advertisements on your network(s). The third was on Tor and the so called dark web, enabling secure surfing for all. The fourth was on Matrix and Riot as an alternative to Slack. The fifth was on democracy.earth and quadratic voting. The sixth was on the Brave browser. The seventh was on Rocket Chat. The eight was on pol.is. The ninth was on Decidim. The tenth was on Mastodon. The eleventh was on BigBlueButton. The twelfth was on the video conferencing tool Jitsi.
If you have any questions about these tools we’ve profiled, or suggestions/requests for tools that we should profile in the future. As always let us know. #metaviews
“Future Tools” is a recurring series in the Metaviews newsletter where we share some of the tools and concepts that you’ll need to protect yourself in the now and near future.
Here’s the bonus video for this Future Tools issue that sheds light on where ProtonMail is headed in the near future: