There’s growing interest in ProtonMail, the encrypted email service that started with a splashy Indiegogo campaign in 2014, but co-founder and CEO Andy Yen tells Inverse that email is only the beginning for Geneva, Switzerland-based operation.
ProtonMail is primarily different from your free email — Gmail, Yahoo!, etc. — because it encrypts your message and can’t scrape them for data. That encryption also protects them from being read by third-parties if you send an email from your ProtonMail account to another ProtonMail user. But what about encrypted docs, spreadsheets, and slideshow presentations? That’s coming, too, Yen says.
“We want you to be able to completely de-Google-fy your life,” Yen says. “Come to ProtonMail, and have all the features, plus the security and the privacy that Google doesn’t provide you. So, that’s our long-term vision.”
Yen’s vision is getting larger with every new signup to the service, which he says had grown to more than 5 million accounts as of September 2018, up from 2 million accounts in January 2017. A number of high-profile journalists have begun adopting the encrypted email, too. Reporters across the political spectrum and of varying disciplines, at publications from The New York Times to The Atlantic to the Daily Caller to CBS currently have protonmail.com accounts displayed their biographies.
Compared to the Jupiter that is Gmail and its more than 1.2 billion accounts, ProtonMail is like a newly discovered, distant exoplanet. But for anyone who doesn’t want Google crawlers scanning their email text in order to serve up relevant ads, ProtonMail might prove to be a hospitable home. Since ProtonMail went into public beta in May 2016 (the result of that IndieGogo campaign), it’s seen steady adoption.
Yen, who founded ProtonMail with two colleagues at the European Organization for Nuclear Research — hence, the name ProtonMail — spoke with Inverse about ProtonMail’s growth and its plans for the future in a recent interview.
Inverse: Just from looking at something like Google Trends, there seems to be growing interest in ProtonMail. How has that correlated with new sign-ups?
Andy Yen: We’re not very big on tracking or collecting data, so we don’t have a huge amount of data. But from what we do see, yes, we do see quite strong growth, especially over the past …. let’s say the past 18 months, especially.
To what do you credit the growth?
I think it’s been a combination of factors. I think the overall trend on the internet is sort of in our favor, so we kind of have to limit our sales. And it’s two things primarily. As the internet gets a little more mature, people understand the internet better and how it works, there’s also a larger consciousness for security and also privacy issues. For example, companies like Google and Facebook haven’t done themselves any favors in the past two years with their various actions. In particular, the Cambridge Analytica scandal for Facebook was really a wake-up call when people began to realize what is Facebook and Google’s business model. As consumers become more sophisticated and more savvy, they also realize the greater need for security and privacy online. And this naturally leads to a trend for people looking for services that put security and privacy first because it’s something that you think about more and more the longer you’ve been exposed to the internet.
Is it fair to say that the failure of Facebook ProtonMail’s gain?
The market is obviously growing quite a bit, as well, as more and more people in third-world countries get online. But generally, there are two approaches to data online. The one the tech giants have chosen — and this would be basically Yahoo! in olden days, but now in the recent days, Google and Facebook — is data mining, or an advertising-based business model. Whereas, we represent a completely different model. This is a model of privacy and security first. The two models are not compatible with each other, but it doesn’t mean, for example, that Facebook and ProtonMail can’t coexist. I think we can definitely coexist very well. It’s just that there’s certain information that people want to keep private, and a lot of that is their private email communications. On the internet, you want to share something, social media definitely brings value, but there’s also a lot of things you want to keep private. More people are realizing that there are things they want to keep private, and that’s what is driving the growth of services like ProtonMail.
What part of ProtonMail holds the most potential?
We’ve seen in the past couple years that the willingness of consumers to pay for privacy and security has gone up. So we definitely have growth there. But the very interesting segment for us is actually the smaller media and businesses. These are the companies that traditionally would have gone to Google Apps or Microsoft 365. And interesting trend in that more and more of them are picking ProtonMail for their email hosting, actually, largely out of security and privacy concerns. So that, to me, is interesting trend. I think businesses are much more used to paying for emails and consumers, so the potential revenue growth there is also a lot higher. And that’s something that we are quite keen to explore. But of course, our main user base, I think now and for a long time, will still be on the consumer side.
How do you see ProtonMail’s encryption protecting freedom of speech?
A big part of what we do is really communicating to the public why privacy is essential for freedom of speech and why you need that for democracy. They understand the product context that we work in. It takes a lot of effort to get public awareness of this up to a good level. But one area where you see the large number of Proton users, at least at disproportionately large compared to the population, is journalism. You see reporters at the New York Times, the Wall Street Journal, other major publications who are switching to ProtonMail. A free press, by definition, almost by construction, needs to operate independently of governments. And for them to do that, they actually need to use a service like ProtonMail because the encryption ensures that their communications cannot be surveilled or tampered or otherwise good with governments. And that’s one way what we do enables freedom of speech around the world.
“Everything that Gmail can do, we want to make sure that ProtonMail can also do.”
What has interest been like from other businesses?
There’s always people who are interested in doing all sorts of things, all sorts of partnerships. For us, our goal is to stay as independent as possible, and we want to structure ourselves in such a way that our interests are aligned with the users’ interests. I would not say that we’re keen to get acquired. In fact, it’s quite the opposite. Just like journalists need independence to do their work properly, for us to do our work properly, we also need independence from government, from investors, and whatever. We actually want to get to a place where the main stakeholders would actually be the community itself. And I think that’s the best way that ensures that, long-term, our vision and our goals are fully aligned with the people that we serve.
As ProtonMail makes its money from paid accounts (which help fund the free accounts), what are the biggest problems you see with the free email industry from your position at ProtonMail?
I think in general, things cannot be free. There’s a famous saying, “if a product is free, then you’re the product.” This is why I think free, fundamentally, doesn’t work. What we’re trying to do is freemium, and freemium does seem to be effective, at least at our scale. And at the end of the day, if you don’t want your data being sold, if you don’t want yourself being sold, you need to be willing to pay for the services that you use. And this is just a trade-off. People always like things for free, but nothing’s actually free. Even free things have a cost, and I think there’s more and more awareness now of what that cost is. That is definitely helping us. I think free, overall, is not a workable model. And if you want to have privacy, it’s not compatible with free email.
“If you want to have privacy, it’s not compatible with free email.”
How do you handle the constant cyberattacks against ProtonMail? It creates a tough environment in which to do business.
We deal with it very strictly with a absolute zero-tolerance policy. So whenever we are attacked in one way or another, we will actually go after the people to the full extent that’s possible under the law. And you have to do that, right? Because if you ignore attackers, you let them hit you without going back after them, then that kind of creates ecosystem where you will draw more attackers. So we have to be very firm in dealing with these sorts of attacks. It’s part of the business. We expect it to happen. The experience and expertise that we have gained from dealing with these type of attacks for the past three years has made us significantly stronger and much better positioned to take on these sort of threats than a typical company our size would be able to do.
Is ProtonMail more of a target because it values privacy and markets itself as such?
I don’t know of any other company our size or even close to our size which is hit with so many attacks. So it’s definitely a anomaly in the ecosystem, but it’s also kind of expected. ProtonMail is a well-known, very hardened target. Even among the hacker community, we’re famous. And people like to hit us because it’s sort of bragging rights. ProtonMail is a very highly defended target. If you can hit it and cause ProtonMail difficulty, it’s something that you can brag about. So there’s a certain amount of street cred that comes with being able to cause us problems. And the reason for that is it’s obviously very, very difficult to launch at attack at us that would cause us to have issues. So I think our visibility in the space and kind of the principles that we stand for does draw more attacks than usual. But it’s just part of the business that we have to deal with.
“There’s a certain amount of street cred that comes with being able to cause us problems.”
How do you deal with unfriendly governments like the one in Turkey, which banned ProtonMail earlier this year?
The answer is gonna be a bit surprising, is actually through negotiation. We’re not gonna be empowered to change governments. We’re not gonna be conducting regime change or anything like that. You can’t fight that battle. That’s not something that you can actually do. The way you fight that battle against governments is actually through education. And this is about educating governments, policy makers, law enforcement to understand what actually is ProtonMail. It’s not a safe haven for criminals to hide. Obviously not, because we’re going after them ourselves and getting them arrested. It is a tool for security, and this is an argument that actually more and more governments are receptive to. Because they realize that cyber attacks and cyber crime is on the rise. And while ProtonMail does provide very good privacy, what it’s actually providing is exceptional security because end-to-end encryption means that we can be breached ourselves and not release user emails.
If you talk to governments about data leaks, email breaches, and other things that are going on, we find that that message is better and better received now. When we talk to law enforcements, it’s no longer a question of, “Oh, we want to shut down ProtonMail.” It’s more that they understand where we’re coming from because they’re fighting the same cyber crimes and the same data breaches that we’re defending against. Attitudes have really changed, but a lot of that is just due to increasing efforts on educating government and law enforcement to let them understand that, actually, we’re not making your job more difficult. In fact, we’re making your job easier by preventing a lot of these data breaches from happening in the first place.
How does ProtonMail go after criminal who uses its service?
We adhere always to law. Unless you’re based, let’s say, 50 kilometers off-shore in the ocean somewhere, you must adhere to the laws. And we adhere to Swiss law. Swiss law was chosen because it has strong protection for privacy, and there’s a deep tradition of privacy and security here in Switzerland, and this extends to government and law enforcement, also. But when we have a criminal case, usually the Swiss police will come to us and say, “We have a case maybe in the US, and these are the facts.” And from that, it gets passed to actually a Swiss prosecutor and also a judge, who will review the case and decide whether or not this is a legitimate case. If it’s, for example, the Russian government going after dissidents, the Swiss court’s not gonna approve that. But if it’s a real criminal case, it will be approved. And then this request is then passed to us.
When we do get a request from law enforcement, in fact, we do comply to the full extent that is possible, given the encryption. So we have no way to, for example, decrypt a message and give them the contents. But other information that we might have, for example, when the user last logged in, is the account still active, and these other details, we do provide to police. Because at the end of the day, we all have the same goal as them, which is to make sure that criminals don’t use ProtonMail.
What does 2019 hold for ProtonMail?
We focus our development on two main areas. Security has always been thought of as, “if we want to be more secure, we must sacrifice something.” And for the most part, that’s true. One of our core missions is to reduce that sacrifice. So what that really boils down to making sure that ProtonMail can reach feature and functional parity with Gmail. So everything that Gmail can do, we want to make sure that ProtonMail can also do. So that’s one area where we spend a lot of effort. We’ll continue spending a lot of effort on to make sure that even with all the encryption, it’s one of the best email services around.
The second thing that we are working on is actually broadening the scope of ProtonMail. Because email is very, very good, it’s the core of what a lot of people use online — it’s your online identity in many ways — but people need more than email. They need calendar, they need file storage, they need documents. So it’s not for one year, but the longer term commitment on our part is to build out the full suite of products so you can have an entire productivity suite with security and privacy at its core. And that is really the bigger mission, and that is what we’re trying to do. We can’t probably accomplish this in one year, but we expect to eventually get there over the next two or three years.
In 2021, I can delete my Google account and have a ProtonMail account?
Yes. Exactly. So this is what we want to do. We want you to be able to completely de-Google-fy your life, come to ProtonMail, and have all the features plus the security and the privacy that Google doesn’t provide you. So that’s our long-term vision. And that’s ultimately the world that we want to live in, and that’s why we’re working towards this goal.
How does the 5 million accounts split up?
We actually don’t have a lot of details there. It’s obtainable, but it’s just not something that we had looked at. So we just know that there’s over five million registered users today, and we see that number growing quite a bit. So if you check in with us in about six months, I’m sure it’ll be quite a bit larger than that. And so far, we do get more people paying as we get more users. So at least that relationship is correlated, which is good. And that’s important because it means that people care about privacy and are willing to pay for it. And if we didn’t have that basic ingredient, none of this would even be possible.
How does it feel to know that this product is being accepted at such a high rate?
I think the correct word to use here is grateful. The history of ProtonMail was through crowdfunding. So the way that we got started back in 2014 was actually 10,000 people donating around half a million dollars to kick off the project. So it was a community and donation-funded project in its early days. Even to this day, we’re still largely supported by the community. So from my perspective and also the perspective of a whole team, we’re incredibly grateful for the community that is out there supporting us, helping us get through the challenges over the past four years. If I were to say what is one thing that is different about our company versus other companies, it really is a community that is out there who are very passionate about what we do supporting our mission.
What you need to have as a tech company is the alignment between the users and the email company. And this is an alignment that you don’t find, for example, at Google, because Google is mostly accountable to advertisers. Users are just a way to make money. And so this is why I’m very, very grateful that our community has given us this opportunity and are supporting us even to this day. And we look forward to doing everything that we can to make sure that they’re also happy.