If you’ve been out of the loop of the Facebook/privacy/Cambridge Analytica scandal that has ruled headlines over the past week, there’s a small yet incredibly important detail you may have missed.
Cambridge Analytica — the data analytics firm that came under fire this weekend for maliciously collecting information on 50 million Facebook users — reportedly used a self-destructing, encrypted email service called ProtonMail to cover its tracks, covering up correspondence between the company and third parties, according to a Channel 4 News investigation published Wednesday. The firm set emails to self-delete after two hours and urged clients to use the service as well, per footage captured of former CEO Alexander Nix talking to a journalist posing as a would-be client.
«I’d like you to set up a ProtonMail account, please,» Nix said, «because these are, now it’s getting quite sensitive.»
«We set our ProtonMail emails with a self-destruct timer,» he continued. «So you send them, and after they’ve been read, two hours later they disappear.»
It’s a particularly small note in an otherwise huge story, yet it has major implications.
But how exactly does ProtonMail work? What exactly does self-destructing email mean? Here are all your ProtonMail questions, answered.
So how does ProtonMail work?
Just like any normal email service. Go to their website, sign up for an account, and you’re in. Their free service has some restrictions, though. You only get 500 MB of storage and can only send 150 messages per day. If you upgrade to the Plus plan for (4.00 € or ~ $4.91 per month), you get 5 GB of storage, 1,000 sent messages per day, and a slew of other perks. (The site also offers «Visionary» and «Business» pricing options.)
Once you’re set up, you use it just like you would Gmail or Yahoo. Hit the compose tab in the top left corner, and you’ll see a screen like this.
The important part here is the hourglass icon in the bottom left corner of the new message menu. That’s where you can set the expiration time of the email, for whatever number of weeks, days, or hours you’d like. One thing to note is that the timer starts after the email is sent, not once it’s opened. And also, this only works for ProtonMail to ProtonMail messages. So if you’re sending messages to a Gmail account, they won’t be deleted.
There is a way, however, that you can send emails to non-ProtonMail users and still encrypt them. Just hit the lock icon to the right of the hourglass. It’ll ask you to create a password for the message. This password is what the recipient would enter in opening the message, and it should be communicated to the recipient outside of the email since, clearly, they won’t be able to open it sans password. Using that in combination with the timing/self-destruct feature will ensure that the content of the email won’t live on any external server (i.e. Google) and would be deleted once ProtonMail erases it.
All of this sounds a tad bit shady, no? Which brings us to the next question: How does ProtonMail get away with it? The answer is its email servers, which are based in Switzerland.
Say, what? ProtonMail has email servers in Switzerland?
Yes, it’s something the company touts loudly on its website. On its homepage, it says, «ProtonMail is incorporated in Switzerland and all our servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws.»
ProtonMail purports to be so secure that no one but you can access your email. They even make it explicit that ProtonMail couldn’t read your messages if it wanted to. The company says that since all of the data is stored outside the realm of «intrusive» U.S. laws, only encrypted messages could be handed over.
In its words:
Zero-access encryption means that even if a complaint is brought in a Swiss court that meet the high requirements for data disclosure, only encrypted emails could be handed over. As a Swiss company, ProtonMail cannot be forced to hand over data in cases of US or EU civil litigation. Thus, even if you don’t care about privacy, ProtonMail is still the ideal choice for businesses, journalists, activists, and individuals who are worried about the .
Les resten av artikkelen her.