Why Privacy Is Under Attack

Gmail alternative

Most of us at ProtonMail are part of the last generation born before the World Wide Web was created in 1989 at CERN in Switzerland.  In the last 25 years, the web has transformed our world and we now spend more and more of our lives online.  A lot of good has certainly resulted from the internet revolution, but one important freedom that has become lost in the process is our right to privacy.  While a lot of attention has been placed on government mass surveillance (NSA, GCHQ, etc.), a much more widespread form of privacy invasion is actually coming from the private sector.



Current Model of Internet Businesses

To gain insight into why our privacy is eroding, let’s take a look at the economic system that fuels many of the internet giants of today.  Anyone with an internet connection can read the latest news, listen to their favorite music, chat with friends, and search for anything online – all for free.  On the surface, we are not paying for these services that have become essential in our digital lives.  So how do internet companies afford to pay lavish salaries and build sprawling campuses in some of the most expensive parts of the world? … By capitalizing on your data.

“We know where you are.  We know where you’ve been.

We can more or less know what you’re thinking about.”

Eric Schmidt, CEO of Google, 2010

To get a picture of what is at stake, in 2013, Yahoo had $4.7 billion in revenue, of which 79% came from advertisements.  Facebook’s haul was a bit larger at $7.9 billion, of which 89% came from advertisements.  Google dwarfed them all, with 91% of its $55.5 billion revenue coming from advertisements.

Implications of Advertisements

Advertisements are more effective, and thus more valued, when they are targeted to certain consumers at certain times.  For example, a video game company would pay more to show their ads to gamers.  However, an even better ad is targeted to someone who is currently searching for related games. Naturally, companies that primarily depend on the advertisement business model are motivated to track, save, and learn as much as possible about their users.  Under pressure to hit quarterly targets, these companies will continue to push privacy boundaries and increase their surveillance on everything we do to gain an advertising edge.

As users of these “free” services, we are really paying with our data and privacy.  From the service provider’s point of view, the real customers are the businesses paying for the advertisements.  We are just the products that get sold to the highest bidder.  Ultimately this is bad business because the interests of companies and consumers are not aligned.

Implications of Big Data Technology

While advertisement revenue is the motivation behind more and more invasion of our privacy, big data technology is the hammer that drives the nail into the coffin.  Increasingly cheap and more capable storage technologies allow businesses to save every bit of data they can get. Our browsing history, our GPS coordinates and even our key strokes as we type an email all can get saved.   The everlasting nature of this data has dire consequences: it allows our privacy to be abused far into the future.

The software technology that makes sense of our data will continue to improve, boosted by the growing amount of data and faster hardware.  We are already seeing speech and image recognition systems that rival humans in certain tasks.  In another 25 years, it is inevitable that there will be widespread use of systems that can easily combine our data from disparate sources and infer rather surprising things.  Our most intimate data, controlled by those whose interests are not aligned with ours, coupled with much more powerful analysis programs, could lead to mass discrimination, suppression, and general loss of freedom.




A New Model for Internet Businesses

At the end of the day, privacy and targeted advertising are just fundamentally incompatible concepts. In order to protect privacy in the internet era, we must transition away from an advertising driven internet economy. At ProtonMail, this is exactly what we are doing.  Because we cannot read your encrypted emails, we will never serve targeted advertisements. Instead, ProtonMail will operate on a subscription model and generate revenue from users who want premium accounts with additional storage and special features.  We also believe everyone deserves the right to privacy so we will always have free accounts with all security and privacy features.

Our only customers are you, the users, so we will always put your interests above everything else. This is how we believe a truly responsible web service should be run. With your support, we can show the world that this is a viable alternative and in the process, encourage more online businesses to adopt a model that protects privacy.


Best regards,
The ProtonMail Team


Over 1 million people are now using ProtonMail to secure their email communications. You can join our community here: protonmail.com/signup

To support ProtonMail, please consider upgrading to a paid plan.

About the Author

Andy Yen

Andy is the Co-Founder of ProtonMail. He is a long time advocate of privacy rights and has spoken around the world about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

46 comments on “Why Privacy Is Under Attack

  • Great article, clear enough for everyone, please give us some more !

    Do you have a reference to show that gmail spies on our keystrokes when we type an email ? thx

    • Dude they can see the information transferred through their servers at any given time, because your data is not encrypted in a way to prevent this. They can look at all inbound and outbound email messages whenever they want. How do you suppose the FBI can find an email order confirmation for illegal drugs without “hacking” said email account? If Google receives a court-issued order telling them to expose emails in a certain gmail inbox, they do it.

      • We have implemented automatic end-to-end encryption in ProtonMail so that emails being sent within ProtonMail are encrypted when sent and received. Being based in Switzerland, we are protected by strict Swiss privacy laws. We are committed to protecting the privacy of our users.

      • Anonymous, so you use the name “Anonymous” to hide your identity but according to your thought process they already know who you are. Please share more of your wisdom!

  • I strongly believe that everything which is wrong is ultimately condemned to vanish, to disappear. It’s a matter of time, and a philosophy of life in this context as in all that is concerned by ethics participates to reduce that time.

    Consequently state of minds as those of ProtonMail’s members, those of the staff, ours, those of others within the Web and beyond help make life better and a better life sooner to arise.

    It’s everyone’s choice. I believe in mankind.

  • Most people don’t see privacy as important enough to make them change email provider. Our best hope is that GMail and Yahoo Mail (and soon others, I hope) are working on end-to-end encryption features for their existing services. That way users won’t have to move, they’ll get increased privacy with little effort.

    • Let us not forget privacy in terms of the email provider itself. Should GMail and Yahoo! Mail (and others!) offer end-to-end encryption I’m not convinced (to put it mildly) that email on their servers would no longer be analyzed. The problem of confidence is tough when there is evidence of facts that plead guilty.

  • I might be of the generation that built and paid for the internet. I remember my first provider explaining that my private account was so expensive for their contributions to the first fiber through the state. That fiber was only available to me through my academic account.

    In defense of my slow link I learned to filter/block ALL commercial content. I still do.

    Jonathan Zittrain’s The Future of the Internet — And How to Stop It is instructive and free.

  • I think privacy should be our main concern nowadays. This is why I was more than happy to see ProtonMail team giving us privacy that we all need. Although the service needs improvements, we should allow the team more time to harmonise them. Keep it up guys. Some 10500 contributors cannot be wrong.

  • It’s a matter of time for people to become aware about privacy issues. After this, services like ProtonMail will push aside all these giants!

  • I can’t believe Google is all bad, they have brought a remarkable search engine to the masses and children can be smarter and more educated all over the world because of it.

    I’m with you guys though, privacy matters and I am happy to be a Beta tester and when a paid service goes live I’ll get it and consider cancelling my paid Google Apps service.

    I do think that tailored ads have a place in the future though. If Google (or whomever) could figure out a way to anonymize their users into simply a statistical algorithm that could never be identified as a real person, those daily stats would still help the user and Google wouldn’t have data on a private citizen, just an anonymous user (ex. Black female, 35-42, 2 kids, masters degree, living in rural Virginia). If law enforcement needed access to the user, they could get a court order, like they do with wiretaps and listen in or find the person with the metadata on file. The metadata wouldn’t tell them exactly who they were looking for, simply the location of the person and their patterns.

    I know this may sound Orwellian, but I’m sure phone taps did at one point too and now (most) people trust that taps are used in accordance of law. When that law is broken, if enough people wake up to vote, they can make a change in how the law is enforced. Currently, America’s biggest problem is people can’t be bothered to vote to make that change.

    • Quite a lot of research has been done on use of attributes to identify people, much of it in the context of the question whether it is possible to deanonymize the anonymized data associated with medical research. Unfortunately, something similar to “Black female, 35-42, 2 kids, masters degree, living in rural Virginia” is all too likely to identify an individual or at least narrow the identification to a rather small group, when combined with other publicly available data sets. The big data problem is real and cannot easily be made to go away. Email privacy is not a complete answer but a beginning to the task of chipping away at it.

  • Excellent article. Agree completely. Google is a terrorist organization in my opinion, one of the biggest security threats on earth.

  • Are we sleepwalking over the edge or are we taking advantage of everything that’s on offer? Whilst I support ProtonMail, should we really be scared if there’s nothing to be scared of. After all, 99% of us communicate nothing of value to anyone snooping on our emails. And whilst Google data profiling is done for nothing more than commercial gain, it provides us with a fantastic search engine, look what we had before it. We pay the cost with our data but the majority of humanity don’t recognise it’s value, indeed, individual data is practically worthless isn’t it? The value lies in collective data, doesn’t it?

    And now we have it, if everyone in the world converted to ProtonMail, would Google/Yahoo/Facebook et al crash and burn? Probably not, nor is the rest of the world going to abandon them.

    If they snoop on my email they will be disgusted by the trivial content. However, I value my right to privacy, it is my right and my desire. But like voting, it will be eroded without support, and it has been eroded at an unbelievable rate since the development of the database.

    To stop our kids surrendering their personal data would be like cutting off their right arm, no more Facebook/Twitter/Spotify etc. from which they derive a great deal of pleasure. And in 16 years my youngest daughter has only suffered momentary abuse on social media, not from ‘the system’ but from her peers.

    Would my business suffer from a bit of email snooping? Nah, not really, unless it was from another small business competitor who can’t afford the time or resources to snoop anyway.

    As for the authorities, emailed communications have to be backed up with hard evidence. Email can provide a clue to what you’re doing, and in the case of research and high finance, Business etc. it might be worth employing snoopers but in reality, the bad guys aint daft enough to commit anything to paper. Deals are done in the dark corners of pubs and restaurants, and always have been, with nothing more than a handshake, a real one at that.

    Which also begs the question, how much is our individual data worth…….really. If we’re not doing anything bad, then we have nothing to fear, which is probably 99% of humanity. Perhaps it’s the laws on what’s good and bad that need to be tightened up, but then what’s good for one culture, isn’t good for another, so when cultures clash there are grey areas. In which case rigid laws are bad and whichever way you look at it, someone suffers.

    But I would rather not let anyone put me in the ‘bad’, ‘good’ or ‘one to watch’ box so I’ll stick with ProtonMail, assuming I’m invited 🙂

    • This message assumes implicitly as true some things that are not true everywhere and always. Working backwards:
      “emailed communications have to be backed up with hard evidence”: maybe or maybe not, depending on the regime. This is true in most of Europe and the Americas, but I would not bet it is true in Russia, China, North Korea or quite a number of places in the Middle East and Africa. In any case, email communication might well provide clues that lead to hard evidence, even in regimes that require it.

      “If they snoop on my email they will be disgusted by the trivial content” and “The value [of communication data] lies in collective data”: yes and no. Google don’t care much about the content and are neither disgusted nor titillated by it, and its value to them is that it falls into a category box with similar attributes that they can sell as a destination to advertisers. Under some actual and theoretically possible regimes, the individual data can be of considerable interest to government officials. If, for instance, it seems to indicate displeasure with the government, it could result in official scrutiny, in a context in which small and individually meaningless details can come to be seen as evidence of opposition, disloyalty, and criminal conspiracy to overthrow the government. There is little reason to think that is a serious problem in Europe, most of the Americas, and much of Asia; if I were a French Muslim, however, I might have reason for concern if I had outstanding emails, available to the police, in which I expressed anger about religious discrimination in France.

      It is well to remember that plain text emails are the digital equivalent of post cards, with content potentially readable by a large number of system operators. It also is accessible to various government actors limited only be their adherence to the rules and procedures under which they operate; and that set of government actors is not limited to the NSA, GCHQ, CSEC, ASD, and GCSB, but includes similar agencies in most large countries.

  • “We also believe everyone deserves the right to privacy so we will always have free accounts…”

    I have to question this. Rights are a rather religious notion, and I’m not religious:
    I also have some doubts about the privacy question:

    So, why am I here getting a protonmail account, if I’m not all that upset about the privacy issue, and don’t even think there is a right to privacy?

    I do it for a couple of reasons. First, my life is none of their business. Now, I expect people to act in their own interest, and marketers harvesting data for their databases are just another example of that. It does not surprise me that they do it. But because they want that data, does not mean I am in any way obligated to provide it for them. When I buy something at a store, and they ask me for my zip code or phone number or whatever, I refuse, simply because that is my inclination, and because I consider their inquiry impertinent. But if marketers manage to discover things about me anyway, oh, well! I’m willing to go to a moderate amount of effort to put obstacles in their way (such as getting a protonmail account), but I won’t lose any sleep over it.

    Even more, I do it to deny information to government thugs, who have access to these databases. I consider them evil and will do what I can to make their life difficult. Everyone should encrypt everything, just because the ruling class doesn’t like it. For the same reason, everyone should buy and learn to shoot a battle rifle. The ruling class does not like that either. Everyone should pull their kids out of the government school. The ruling class does not like that. Whatever you can find that the ruling class does not like, is a vote in its favor.

    • It is possible that some people on the waiting list won’t get their invites, as it seems that protonMail is being at least partially blocked from reaching some of the email providers. (ie some gmail accounts, and possibly others)

      With the very real scenario playing out of internet content being manipulated or blocked by vested interest groups, should we not be concerned about freedom of speech and the rights of the individual, especially as we see daily the erosion of both?

      Critical thinking is under attack. Innocent people who question the official version are potentially more damaging to political powers with agendas than criminals. The social media is playing its part (with many unwitting participants) in damage control from rogue minds who stray from the hive mind and speak out.
      Let’s ‘not like’ social media, disengage ourselves from group think and take back our privacy.

      • I might not see my invite.
        For years now I have condemned the abuse of power, the constant invasion of privacy.
        I am an advocate for the right to remain Anonymous.

  • Very interesting work. I was looking for a private encrypted email and I found protonmail. Other projects as mailpile are not enough mature and a little bit difficult to configure for a standard user. I hope you will add more features as folder or label for email and more storage space (5 GB). After this I will migrate from my unprivate google account to protomail 🙂

    Thank you

  • I find all of the above comments valuable and interesting. Most of what I would like to say has been said by others who have said it better than I could. There are a few things that have not been mentioned though. Before I dwell into that though, thank you Proton Mail for putting some of the features I thought would be valuable into a email service. I took the online MOOC on cryptography largely to learn if a system such as this was feasible. I am glad you have shown it is.

    Even with secure email, if someone has planted key loggers on your communication devise, they will still know what you write in your emails. If they can access your microphone, when you type, the sounds of the keys you strike will be different for each key that is struck along with the timing. Thus with sound and having access to communications that have been made but not encrypted it is possible to still figure out what one types.

    I have heard numerous people claim that they do not care if others know what they write, search and think. They assert they are doing nothing wrong and have nothing to hide. I think that is naive. If you have anything you have something that is worth protecting. If you have an opinion on anything, you will be in favor of one position over another. This has value. For the one that is favored if you are buying something, the cost can go up. For the one that is not favored and if you are an influence-r of others, you are a threat to their sales.

    When a search engine learns the things you are interested in, it can feed you the information you seek in support of your current views or to subtly shift them to the views that benefit others.

    Numerous studies have shown that approximately four percent of the American population are ‘functional’ sociopaths. Many of these hold positions of power and may gravitate toward politics. My feeling is that in some countries the percentage is probably far higher than four percent. If a person is a sociopath, you cannot expect them to do the right thing. If they can benefit from your information, they will.

    Even if your computer is secure and you type away securely using a secure email, if your mobile is nearby, chances are the microphone can be turned on and what you type can be deciphered. Have you read the permissions you grant when you install those apps?

    If anyone new how valuable Facebook or Microsoft would become, do you think the founders would have been able to maintain relative control and stay in the game? I doubt it.

    The challenge is tempering this need for privacy against the very real threat of extremist who want nothing more than to disrupt social order, hurt others, and over throw ruling bodies in pursuit of their own power hungry agendas.

  • Protonmail is a GREAT service and I do appreciate that there are initiatives like this one. But regarding to Snowden’s NSA leaks there are almost nothing that will remain privacy on the WWW. Even SSL is an security flaw by itself… At the same time I’m not the counterpart that are against common intelligence activity since I have got an similar employment. I think it’s also important as an organisation to maintain a high ethical standard. It should not either be overlooked… My point is that we cannot expect this *complete privacy* that we’re aiming for in our current online situation. And the future will most likely be even worse…

  • Privacy is paramount to me I believe it is a basic democratic freedom that should be preserved. The more I read and understand the ProtonMail journey the more I want to be a part of it.

    There would be a public outcry if an authorised entity could come down your street, open your letter box, open your letters, photocopy them and store the information on a database. Yet the likes of the NSA with its mass data surveillance programme can access Google, Yahoo and others to do it electronically is the same thing. No thanks.

    The migration from gmail to ProtonMail has already started.

  • A perfect companion to ProtonMail would be a “ProtonSearch” engine that people can use to securely search the Interenet, without feeding all our personal information, inclinations, interests, etc. into Google, Yahoo or any other of today’s intrusive, advertising-infected, surveillance-infested search engine databases?

  • Excellent easy to use solution. Received the invite today and it’s all setup. Was truly amazed haw fast the service is too. Well done. Time to ditch all those old legacy email accounts.

  • You are on the right track!
    We should do everything to get rid of the nonsense advertising companies and use the web as our fundamental data communication system: With privacy, with data ownership and secrecy. In Switzerland we will fight with best power for the ww human rights for privacy – as we did it many hunderd years before and transform the digital world into a secure world.
    Thanks to CERN, or outstanding R&D people and the worldwide best known engineering universities – and thanks to the clever team of PROTONMAIL developers.

  • Where is this “all for free” internet you speak of? I pay every month to my ISP for the privilege to surf the internet.

  • I struggle so much keeping up with all this. I want an internet where I can read a web page without it being logged (eg, open an envelope the postman or others haven’t yet read), connect with friends and potential friends without intervention, and do online what can be done face to face. I detest, despise, my information is being intercepted. It’s the worst thing about the internet (I’m not an old fella). Recently came across Protonmail and starting to realise the implications of Google, Android, and the like, but alternatives – so difficult – and I’m a loner, very difficult to navigate this technological landscape and stay private – which is my no 1 goal. I shall keep learning! Thanks Protonmail for showing me an early understanding. I hope to learn more and get better in time.

  • These are two distinct and separate issues. The impact of business intrusion into our privacy in no way denigrates or exacerbates the impact of government spying. I hesitate to hazard a guess as to which is more intrusive based on the fact that government spying is cloaked in secrecy and therefore impossible to quantify. I suspect that ultimately government spying will prove to be the more nefarious of the two. Certainly it would be naive to assume that agencies like the NSA and GCH are not staying up late attempting to crack or otherwise debilitate Proton Mail.

  • ProtonMail devs, can you PLEASE get rid of the Google Fonts on this blog?

    Having Google Fonts on your site allows Google to see all your visitors and mine their data. Please use your own fonts instead!

    The Google Fonts CSS code is right here on this very page: