Improve the level of confidentiality in emails seems to be getting closer to hit the market then an alternative called ProtonMail, a service that promises encrypted point to point communications and would be inviolable.
ProtonMail authors are Jason Stockman, Andy Yen and Wei Sun, three scientists at CERN, and while the service debuted in 2014, only this month anyone can access it freely.
This mechanism is already available on iOS and Android applications, making it easy to use. This service was born after the revelations of Edward Snowden, who made it clear that not only hackers can and want to spy on emails, but also governments.
Hence, these three young men propose is to create a technologically secure service, but in addition, whose servers were in Switzerland, traditionally neutral country and where the courts of the United States and the European Union have no jurisdiction. If a country wanted to require a user’s data, should go to the Swiss Supreme Court.
The interesting thing is that even if that information is requested through the courts, it is technically impossible to please the judges, since the user password only known him and there is no record on servers in Switzerland.
This is because to use ProtonMail two keys are needed: one to enter the site or application, and another, to encrypt and decrypt messages in the inbox.
This last password is essential for the privacy of messages and if you miss no way to retrieve it because it is not stored on any server.
“The technology of our mail system does not allow us – and no one else to read emails from users”, says Andy Yen. “Access to user data is technically impossible because of the way we implement encryption”.
Few are aware of the importance of encrypting their emails and much less that have knowledge that services like Gmail do it without the intervention of the user.
A study by Google concluded that 83% of emails that come from their servers have encryption, while 69% of those who received it.
This does not prevent a hacker or a Government to enter an Inbox using a password or a court order, but it is useful when someone intercepts communications on the network, as if the message is encrypted, a third party may not interpret.
“The form of secure communications is to use network protocols that provide guarantees of security and encryption in the flow of information. Otherwise, a hacker with an application of sniffer type (which “sniffs” the network) and to analyze data packets, could intercept, analyze traffic and possession of highly sensitive information”, says Miguel Varas, head of Technical Resources at the Infrastructure and Technology Unit at the University of Santa Maria.
Concerned cases like these, Google, Microsoft, Yahoo!, Comcast, LinkedIn, among others, presented the proposal for a new security standard called “SMTP Strict Transport Security”.
Among other developments, this new protocol would prevent impersonation in the network and not deliver a message if the recipient’s server does not have appropriate policies so that it is safe.