Reasons for Encrypted Email

I recently wrote a review for ProtonMail, an encrypted email provider based in Switzerland. And that led to me thinking, why would your average user want to use encrypted emails. And how would they even go about it.

I personally use encrypted email for a number of reasons, I’m probably more security conscious than your average user due to my background, but this also means I regularly explain the reasons why encryption and cyber security are important to people I meet in everyday life.

Protect Personal or Sensitive Information

One of the main advantages to using encrypted email is that it can protect your personal information from being accessed or stolen. This could be anything from medical history to your social security number. With identity theft being as wide spread as it is, any effort to protect information that you might have no other option than to send is important.

Another example of this could be in regards to a business and not just a sole user. If for example your company has just created a new product or is about to file for a patent, you don’t want that information to be easy to intercept or steal.

Government Monitoring

It is no secret that government agencies such as GCHQ and the NSA  snoop on our digital lives, this could be from reading emails to tracking what web-pages you have visited. And for the most part this is completely harmless unless you feel it to be a invasion of your privacy. They would need a warrant to wire tap your house, so what makes your digital life any different.

 

Best way to encrypt emails –

  • ProtonMail
    • Swiss based email provider, that offers encrypted emails. Check out my review Here
  • Secure Swiss Data
    • Swiss based email provider, that offers encrypted emails.
  • PGP Key
    • Combined a PGP key with the Thunderbird email client and you are able to achive encrypted emails that will be slightly more secure than using a servise such as the others listed abover
  • Tutanota Mail
    • Another Encrypted email servcie, Review will be coming soon

ProtonMail – Review

I recently wrote about ProtonVPN, a VPN services from the creators of ProtonMail. And for those of you that don’t know, ProtonMail is a service that provides security and encrypted emails.
If I can remember correctly I was part of the in initial launch and was in a waiting list for a free account. And this was only due to seeing some stuff on Twitter about it and letting my curiosity get the better of me, and I’m glad it did.

So what is ProtonMail, well to put it simply it is an encrypted email client that is based in Switzerland, and by just saying that you should know that the privacy and security of its user will be fantastic. This is largely due to Switzerland having some of the best laws in place for online privacy and security. So you know from the start that they are going to make sure your privacy is protected as strongly as possible.

Creating you ProtonMail account is much the same as creating any email account these days, you chose a username and set you passwords. But unlike the likes of Gmail and setting only one password ProtonMail asks for you to set an account password and then another password for your mailbox. This is a second line off defense to prevent your account being compromised. You can also set up 2 factor authentication from the security tab in the settings later. This again adds another layer of security before you can even view your inbox. And don’t worry this isn’t just some SMS verification, you can use just about any authenticator application on the market.

The web client its self looks just like any other email client, this I feel is a great thing because it feels as natural an environment as you’d likely be use to. Before using ProtonMail I was skeptical that the user interface might have been lacking in the looks department as their main priority is the security and protection of their users. But gladly this is not the case. There are 2 options for the layout of your inbox, the first displays your emails in a column on the left and then display the selected email on the right. And then the section option is to just have the list of emails and you can open the emails you wish to view. Depending on where you are when you are using this client could depend on how you have it laid out.

Continue reading “ProtonMail – Review”

ProtonVPN – Review

I have been using ProtonMail for a while now, and when I had seen a couple of mentions about them starting a VPN service on Twitter I had to have a look and see what it was all about. This lead to me reading up on there new services ProtonVPN. And once on there website I was blown away! Some of the features and use cases that they mention show that they truly care about the people using their services. And protecting there users is paramount to them, you can tell from the fact that they offer an end to end encrypted email service. For people in a position were there privacy might be invaded while using the internet.  So after reading all of this on the website I saw all of the features that it boasts, these include:

  • Secure Core

    ProtonVPN’s Secure Core architecture gives our secure VPN service the unique ability to defend against network based attacks. Secure Core protects your connection by routing your traffic through multiple servers before leaving our network. This means an advanced adversary who can monitor the network traffic at the exit server will not be able to discover the true IP address of ProtonVPN users, nor match browsing activity to that IP.

    Secure core servers are located in hardened datacenters in Switzerland, Iceland, and Sweden, protected by strong privacy laws, and operated on our own dedicated networks. Learn More

  • Strong Encryption

    We use only the highest strength encryption to protect your Internet connection. This means all your network traffic is encrypted with AES-256, key exchange is done with 2048-bit RSA, and HMAC with SHA256 is used for message authentication.

  • Forward Secrecy

    We have carefully selected our encryption cipher suites to only include ones that have Perfect Forward Secrecy. This means that your encrypted traffic cannot be captured and decrypted later if the encryption key from a subsequent session gets compromised. With each connection, we generate a new encryption key, so a key is never used for more than one session.

  • Strong Protocols

    We exclusively use VPN protocols which are known to be secure (OpenVPN). Even though they are less costly to operate, you will not find ProtonVPN servers that support PPTP and L2TP/IPSec. By using ProtonVPN, you can be certain that your VPN tunnel is not using a protocol that has already been compromised.

  • Swiss Based

    In addition to strong technical security, ProtonVPN also benefits from strong legal protection. Because we are based in Switzerland, ProtonVPN is protected by some of the world’s strongest privacy laws and remains outside of US and EU jurisdiction. This means that unlike VPN providers based in a fourteen eyes country, we cannot be coerced into spying on our users.

  • Trusted

    We are one of the only VPN companies that provide transparency so you know exactly who is running the service. Our team has a long track record in security, having previously built ProtonMail – the world’s largest encrypted email service. Whether it is challenging governments, educating the public, or training journalists, we have a long history of fighting for privacy online and contributing to the open source community.

  • Physical Security

    We have gone to extreme lengths to protect ProtonVPN’s Secure Core servers to ensure their security. Critical infrastructure in Switzerland is located in a former Swiss army fallout shelter 1000 meters below the surface. Similarly, our Iceland infrastructure resides in a secure former military base. Our servers in Sweden are also located in an underground datacenter. By shipping our own equipment to these locations, we ensure that our servers are also secure at the hardware level.

  • No Logs Policy

    Under Swiss law, we are not obligated to save any user connection logs, nor can we be forced to perform targeted logging on specific users. This allows us to ensure that your private browsing history does in fact stay private and cannot be turned over to a third party under any circumstances.

  • DNS Leak Prevention

    ProtonVPN doesn’t just protect your browsing traffic, we also protect your DNS queries. By routing your DNS queries through the encrypted tunnel and not relying on third party DNS providers, we ensure that your browsing activity cannot be exposed by leaks from DNS queries.

  • Kill Switch

    ProtonVPN desktop and mobile applications come with a built-in Kill Switch feature which will block all network connections in the event that the connection with the VPN server is lost. This prevents a VPN server disconnect from inadvertently compromising your privacy by revealing your true IP address.

  • Tor VPN

    ProtonVPN comes with Tor support built-in. Through our selected Tor servers, you can route all your traffic through the Tor anonymity network and also access dark web sites. This provides a convenient way to access Onion sites with just a single click.

  • Anonymous

    We respect your privacy so no personal identifying information is required to obtain a ProtonVPN account. You can sign up with an anonymous ProtonMail email account and use our anonymous VPN without disclosing your identity.

  • High Speed

    For optimal performance, we use only high speed servers. All ProtonVPN servers have at minimum 1 Gbps bandwidth, and many of our servers also utilize 10 Gbps connections. This means that even though we utilize only the strongest encryption, ProtonVPN also provides blazing fast speeds.

  • Easy to Use

    We understand that it is important for security technology to be easy to use. We have designed the ProtonVPN applications to have a simple and intuitive user interface so that browsing privately and anonymously can be done with a single click. Additionally, you can create custom connection profiles which automatically protect your device whenever you connect to the internet.

  • Additional Features

    • P2P Support

    • Unlimited Bandwidth

    • Up to 10 Devices

    • Professional Support

    • Connection Profiles

    • Quick connect

    • Modern Interface

    • Multi-platform Support

    • Quick Country Selector

      Source – ProtonVPN Website

 

So after reading all of the information listed above it was clear that ProtonVPN was not messing about, and frankly it was offering stuff that I didn’t even know I needed. And some other stuff I had never heard of before. This was mainly the “Secure Core” but the look and style of the windows application was also a huge draw.So the next step was to sing up and start using it, this was a very simple and straight forward process as I already had a ProtonMail account so I logged in using that and then went to active the VPN. I was given a few different packages ranging from free to around about $30 a month

The first thing that drew me into the ProtonVPN was after looking on the website, seeing something they call “secure core” after a little digging it turn out that the secure core adds a second layer of protection by routing your traffic through multiple servers. Meaning its a huge amount harder to track. This is something that I have not seen on any of the other services I have used that have all been highly rated across the web. And understandably every ones use case for a VPN service is going to be drastically different to one another but as I said before the company Proton cares about its users privacy. This leads onto another key selling point and that is that the company is based in Switzerland, and if you know anything about the Swiss law they have amazing privacy laws. And don’t extradite information to countries such as the UK or USA. This was shown during the huge amount of time that the PirateBay way one of the largest torrenting sites in the world and remained relativity untouched until  about the past 5 years. This all adds up to some pretty good things to brag about.

The next thing to consider with any VPN is the price and if its worth it when there are so many others on the market, well I personally feel that ProtonVPN hits the market at right about the sweet spot. This is not only because they offer a free service (Obviously there are restriction, and due to the heavy demand much like when ProtonMail came out there is a waiting list to start using it) But even then the next step up is only $4 a month if an annual subscription is purchased, or $5 a month if paying monthly is more your thing. As you can see from the image below even the highest tier package is not hugely unrealistic for people to pay. It is also bundled with ProtonMail Visionary (This package is the top tier for the ProtonMail services that in my opinion is targeted at business due to some of the features they offer.

I decided to go for the middle ground and singed up to the Plus package costing $8 a month and bundled it with ProtonMail plus saving me 20% and after adding a second custom domain cost me the grand total of $13.60. And after using some other services and a little bit of research most of the other VPN’s out there tend to cost between $6 and $10 roughly. So this is not costing any more than your average VPN and is boasting features that I had not seen advertised anywhere before. And if you throw in a ProtonMail Plus subscription as well your not paying much more than you would for the top Netflix package.

ProtonPrices

So after signing up and getting into my ProtonVPN account I was excited to download the Windows application after seeing some screen shots on the website and there is a good reason to get excited. Unlike any of the other VPN’s that I have used it has a really pleasant GUI (Graphical User Interface) and an ascetically pleasing feel to it. This is done from the map of the world that it displays and the screen lines to show your active connections. They have managed to make it look really good and almost something that you can leave open on a second screen as a sort of wallpaper. When you compare this to other services such as SurfEasy and ExspressVPN it wins on looks hand down. Its not following what I believe is the standard VPN GUI and that’s a little window that lets you log into the services and then a drop-down box that offers you connection and then a connect button. And that’s amazing, so not only does it hit the sweet price spot while offering features that most other don’t it also looks and feels nicer to use than others on the market.

 

So the next thing I was looking for after signing up as mobile compatibility, naturally I use both my iPad and my smartphone on public WiFi networks. So I like for my VPN service to run on my mobile devices and ProtonVPN does run on mobile devices but not quite in the matter that I was expecting it to. This is because it use’s an application called OpenVPN this was something that I had never heard of before and was a little skeptical on using a 3rd party application to receive my VPN tunnel. But I proceeded anyway, and download the OpenVPN application and then went onto the ProtonVPN website to download the files I needed to set up my connection to the service. This was the first hurdle I faced with ProtonVPN, and that was largely due to not being able to download the files I needed through either my safari browser or my Firefox IOS application, a small work around however was if I downloaded all of the files as a Zip document I was able to download the file, and open it using the Files application (IOS 11) from there I downloaded an application to view and extract Zip files on my IOS devise. I wont say which as there are so many on the app store it will not be hard to find one that works. One the Zip file had been extracted to my devise I was simply able to share the file to the OpenVPN application. From here it was a simple matter of putting in my ProtonVPN login credentials and hitting connect. At first trying to get it to work seemed to be a daunting task but after managing to get it done on my iPad it took me mere minuets to do the same on my iPhone. Again the mobile versions offered are all the same connection as the Windows application uses, it also offers the secure cores as well they are just stored in a different folder to download. Although I have not used either Linux or Mac with this VPN I do know it is done using the OpenVPN application so I would imagine the processes of connecting is a very similar one to that of the IOS devices.

 

 

 

The next and final thing I am going to look at is the performance of the VPN its self, as with any your download speed will be effected by using the service and some of them slow your connection down more than others so I was interested to know how ProtonVPN would do in comparison to my standard internet speed. As the images below show on the left we have my connection without using the VPN and on the right my connection with the VPN connected. That works out to be around 10% of my original speed. Granted to a lot of people 51mbps is a huge speed, and when using the VPN it is silky and smooth with no noticeable drop outs or failed connections. Unlike some of the other VPN’s that I have used and had failed connections becoming a regular occurrence .

 

So to summarize I feel although ProtonVPN is the new kid on the block I feel it is a very nice VPN that not only looks good but delivers are service that you cannot complain about. And for the price even as a student I do not find it to be unreasonable. and if I was going to give it a rating I would go as far to say 4.5/5 due to all of the features that it offers that I haven’t seen anywhere else. And due to the company’s mantra about protecting peoples internet privacy.