Is Privacy Under Attack?

Updated on January 28th, 2019

Most of us at ProtonMail are part of the last generation born before the World Wide Web was created in 1989 at CERN in Switzerland. In the previous 30 years, the web has transformed our world, and we now spend more and more of our lives online. In the immediate aftermath of the Snowden revelations, much of the online privacy discussion centered on government mass surveillance (NSA, GCHQ, etc.). It has only been recently that people have realized the private sector is a much more pervasive threat to privacy.


Current Model of Internet Businesses

To gain insight into why our privacy is eroding, let’s take a look at the surveillance capitalism that fuels today’s monopolistic Internet giants. Anyone with an Internet connection can read the latest news, listen to their favorite music, chat with friends, and search for anything online — all for free. In the past, we accepted these services for free without ever questioning how tech companies could afford their lavish salaries or their sprawling campuses built in the most expensive parts of the world. What society has come to realize is that in exchange for their free services, companies like Google and Facebook harvest and capitalize all the personal data they can get their hands on.

“We know where you are.  We know where you’ve been.

We can more or less know what you’re thinking about.”

Eric Schmidt, CEO of Google, 2010

These are some of the largest companies in the world. To get a picture of the scale of these giants, during the 2018 fiscal year Facebook made $51.9 billion in revenue, of which 91% came from advertisements. Alphabet, Google’s parent company, received 84% of its $129.9 billion in revenue from selling targeted advertisements it used your personal data to create.

Implications of Advertisements

Advertisements are more effective, and thus more valued, when they are shown to certain consumers at specific times. For example, a video game company would pay more to show their ads to gamers. However, an even better ad targets someone who is currently searching for related games. Naturally, companies that primarily depend on the surveillance capitalism business model are motivated to track, save, and learn as much as possible about their users. Under pressure to hit quarterly targets, these companies will continue to push privacy boundaries and increase their surveillance on everything we do to gain an advertising edge.

It would be inaccurate to say we are users of these “free” services; we are really the product.  From Google or Facebook’s point of view, the real customers are the businesses paying for the advertisements. We are just supplies of personal data to be capitalized. Ultimately this is bad business because the interests of companies and consumers are not aligned.

Implications of Big Data Technology

While advertisement revenue is the motivation driving the increasing invasion of our privacy, big data technology is the hammer that drives the nail into the coffin. Increasingly, cheap and more capable storage technologies allow businesses to save every bit of data they can get. Our browsing history, our GPS coordinates, and even our keystrokes as we type an email can all get saved. The everlasting nature of this data has dire consequences: it allows our privacy to be abused far into the future.

The software technology that makes sense of our data will continue to improve, boosted by the growing amount of data and faster hardware. We are already seeing speech and image recognition systems that rival humans in certain tasks. In another 30 years, it is inevitable that there will be widespread use of systems that can easily combine our data from disparate sources and infer rather surprising things. Our most intimate data, controlled by those whose interests are not aligned with ours, coupled with much more powerful analysis programs, could lead to mass discrimination, suppression, and a general loss of freedom.


A New Model for Internet Businesses

Privacy and targeted advertising are fundamentally incompatible concepts. To protect privacy in the Internet era, we must transition away from the surveillance capitalism business model. At ProtonMail, this is exactly what we are doing.  Because we cannot read your encrypted emails, we will never send you targeted advertisements. Instead, ProtonMail operates on a subscription model and generates revenue from users who want premium accounts with additional storage and special features. We also believe everyone deserves the right to privacy so we will always have free accounts equipped with all our security and privacy features.

Our only customers are you, the users, so we will always put your interests above everything else. This is how we believe a truly responsible web service should be run. With your support, we can show the world that this is a viable alternative and in the process, encourage more online businesses to adopt a model that protects privacy.

Best regards,
The ProtonMail Team

To learn more, you can also watch our TED Talk on privacy and technology.

Over 10 million people are now using ProtonMail to secure their email communications. You can join our community here:

To support ProtonMail, please consider upgrading to a paid plan.

About the Author

Andy Yen

Andy is the Founder and CEO of Proton, the company behind ProtonMail and ProtonVPN. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about our mission.


Comments are closed.

66 comments on “Is Privacy Under Attack?

  • Great article! I hope people catch on and read this. Protonmail, you guys rock! I supported your Indiegogo campaign and I’m proud to have done so.

  • Great article, clear enough for everyone, please give us some more !

    Do you have a reference to show that gmail spies on our keystrokes when we type an email ? thx

    • Dude they can see the information transferred through their servers at any given time, because your data is not encrypted in a way to prevent this. They can look at all inbound and outbound email messages whenever they want. How do you suppose the FBI can find an email order confirmation for illegal drugs without “hacking” said email account? If Google receives a court-issued order telling them to expose emails in a certain gmail inbox, they do it.

      • We have implemented automatic end-to-end encryption in ProtonMail so that emails being sent within ProtonMail are encrypted when sent and received. Being based in Switzerland, we are protected by strict Swiss privacy laws. We are committed to protecting the privacy of our users.

      • Anonymous, so you use the name “Anonymous” to hide your identity but according to your thought process they already know who you are. Please share more of your wisdom!

  • I strongly believe that everything which is wrong is ultimately condemned to vanish, to disappear. It’s a matter of time, and a philosophy of life in this context as in all that is concerned by ethics participates to reduce that time.

    Consequently state of minds as those of ProtonMail’s members, those of the staff, ours, those of others within the Web and beyond help make life better and a better life sooner to arise.

    It’s everyone’s choice. I believe in mankind.

  • Most people don’t see privacy as important enough to make them change email provider. Our best hope is that GMail and Yahoo Mail (and soon others, I hope) are working on end-to-end encryption features for their existing services. That way users won’t have to move, they’ll get increased privacy with little effort.

    • Let us not forget privacy in terms of the email provider itself. Should GMail and Yahoo! Mail (and others!) offer end-to-end encryption I’m not convinced (to put it mildly) that email on their servers would no longer be analyzed. The problem of confidence is tough when there is evidence of facts that plead guilty.

  • I might be of the generation that built and paid for the internet. I remember my first provider explaining that my private account was so expensive for their contributions to the first fiber through the state. That fiber was only available to me through my academic account.

    In defense of my slow link I learned to filter/block ALL commercial content. I still do.

    Jonathan Zittrain’s The Future of the Internet — And How to Stop It is instructive and free.

    • I’m interested in an account of how you did this. As, I am sure, are many with whom you would rather not share.

  • I think privacy should be our main concern nowadays. This is why I was more than happy to see ProtonMail team giving us privacy that we all need. Although the service needs improvements, we should allow the team more time to harmonise them. Keep it up guys. Some 10500 contributors cannot be wrong.

  • It’s a matter of time for people to become aware about privacy issues. After this, services like ProtonMail will push aside all these giants!

  • I can’t believe Google is all bad, they have brought a remarkable search engine to the masses and children can be smarter and more educated all over the world because of it.

    I’m with you guys though, privacy matters and I am happy to be a Beta tester and when a paid service goes live I’ll get it and consider cancelling my paid Google Apps service.

    I do think that tailored ads have a place in the future though. If Google (or whomever) could figure out a way to anonymize their users into simply a statistical algorithm that could never be identified as a real person, those daily stats would still help the user and Google wouldn’t have data on a private citizen, just an anonymous user (ex. Black female, 35-42, 2 kids, masters degree, living in rural Virginia). If law enforcement needed access to the user, they could get a court order, like they do with wiretaps and listen in or find the person with the metadata on file. The metadata wouldn’t tell them exactly who they were looking for, simply the location of the person and their patterns.

    I know this may sound Orwellian, but I’m sure phone taps did at one point too and now (most) people trust that taps are used in accordance of law. When that law is broken, if enough people wake up to vote, they can make a change in how the law is enforced. Currently, America’s biggest problem is people can’t be bothered to vote to make that change.

    • Quite a lot of research has been done on use of attributes to identify people, much of it in the context of the question whether it is possible to deanonymize the anonymized data associated with medical research. Unfortunately, something similar to “Black female, 35-42, 2 kids, masters degree, living in rural Virginia” is all too likely to identify an individual or at least narrow the identification to a rather small group, when combined with other publicly available data sets. The big data problem is real and cannot easily be made to go away. Email privacy is not a complete answer but a beginning to the task of chipping away at it.

  • Excellent article. Agree completely. Google is a terrorist organization in my opinion, one of the biggest security threats on earth.

  • Are we sleepwalking over the edge or are we taking advantage of everything that’s on offer? Whilst I support ProtonMail, should we really be scared if there’s nothing to be scared of. After all, 99% of us communicate nothing of value to anyone snooping on our emails. And whilst Google data profiling is done for nothing more than commercial gain, it provides us with a fantastic search engine, look what we had before it. We pay the cost with our data but the majority of humanity don’t recognise it’s value, indeed, individual data is practically worthless isn’t it? The value lies in collective data, doesn’t it?

    And now we have it, if everyone in the world converted to ProtonMail, would Google/Yahoo/Facebook et al crash and burn? Probably not, nor is the rest of the world going to abandon them.

    If they snoop on my email they will be disgusted by the trivial content. However, I value my right to privacy, it is my right and my desire. But like voting, it will be eroded without support, and it has been eroded at an unbelievable rate since the development of the database.

    To stop our kids surrendering their personal data would be like cutting off their right arm, no more Facebook/Twitter/Spotify etc. from which they derive a great deal of pleasure. And in 16 years my youngest daughter has only suffered momentary abuse on social media, not from ‘the system’ but from her peers.

    Would my business suffer from a bit of email snooping? Nah, not really, unless it was from another small business competitor who can’t afford the time or resources to snoop anyway.

    As for the authorities, emailed communications have to be backed up with hard evidence. Email can provide a clue to what you’re doing, and in the case of research and high finance, Business etc. it might be worth employing snoopers but in reality, the bad guys aint daft enough to commit anything to paper. Deals are done in the dark corners of pubs and restaurants, and always have been, with nothing more than a handshake, a real one at that.

    Which also begs the question, how much is our individual data worth…….really. If we’re not doing anything bad, then we have nothing to fear, which is probably 99% of humanity. Perhaps it’s the laws on what’s good and bad that need to be tightened up, but then what’s good for one culture, isn’t good for another, so when cultures clash there are grey areas. In which case rigid laws are bad and whichever way you look at it, someone suffers.

    But I would rather not let anyone put me in the ‘bad’, ‘good’ or ‘one to watch’ box so I’ll stick with ProtonMail, assuming I’m invited :)

    • This message assumes implicitly as true some things that are not true everywhere and always. Working backwards:
      “emailed communications have to be backed up with hard evidence”: maybe or maybe not, depending on the regime. This is true in most of Europe and the Americas, but I would not bet it is true in Russia, China, North Korea or quite a number of places in the Middle East and Africa. In any case, email communication might well provide clues that lead to hard evidence, even in regimes that require it.

      “If they snoop on my email they will be disgusted by the trivial content” and “The value [of communication data] lies in collective data”: yes and no. Google don’t care much about the content and are neither disgusted nor titillated by it, and its value to them is that it falls into a category box with similar attributes that they can sell as a destination to advertisers. Under some actual and theoretically possible regimes, the individual data can be of considerable interest to government officials. If, for instance, it seems to indicate displeasure with the government, it could result in official scrutiny, in a context in which small and individually meaningless details can come to be seen as evidence of opposition, disloyalty, and criminal conspiracy to overthrow the government. There is little reason to think that is a serious problem in Europe, most of the Americas, and much of Asia; if I were a French Muslim, however, I might have reason for concern if I had outstanding emails, available to the police, in which I expressed anger about religious discrimination in France.

      It is well to remember that plain text emails are the digital equivalent of post cards, with content potentially readable by a large number of system operators. It also is accessible to various government actors limited only be their adherence to the rules and procedures under which they operate; and that set of government actors is not limited to the NSA, GCHQ, CSEC, ASD, and GCSB, but includes similar agencies in most large countries.

  • “We also believe everyone deserves the right to privacy so we will always have free accounts…”

    I have to question this. Rights are a rather religious notion, and I’m not religious:
    I also have some doubts about the privacy question:

    So, why am I here getting a protonmail account, if I’m not all that upset about the privacy issue, and don’t even think there is a right to privacy?

    I do it for a couple of reasons. First, my life is none of their business. Now, I expect people to act in their own interest, and marketers harvesting data for their databases are just another example of that. It does not surprise me that they do it. But because they want that data, does not mean I am in any way obligated to provide it for them. When I buy something at a store, and they ask me for my zip code or phone number or whatever, I refuse, simply because that is my inclination, and because I consider their inquiry impertinent. But if marketers manage to discover things about me anyway, oh, well! I’m willing to go to a moderate amount of effort to put obstacles in their way (such as getting a protonmail account), but I won’t lose any sleep over it.

    Even more, I do it to deny information to government thugs, who have access to these databases. I consider them evil and will do what I can to make their life difficult. Everyone should encrypt everything, just because the ruling class doesn’t like it. For the same reason, everyone should buy and learn to shoot a battle rifle. The ruling class does not like that either. Everyone should pull their kids out of the government school. The ruling class does not like that. Whatever you can find that the ruling class does not like, is a vote in its favor.

    • It is possible that some people on the waiting list won’t get their invites, as it seems that protonMail is being at least partially blocked from reaching some of the email providers. (ie some gmail accounts, and possibly others)

      With the very real scenario playing out of internet content being manipulated or blocked by vested interest groups, should we not be concerned about freedom of speech and the rights of the individual, especially as we see daily the erosion of both?

      Critical thinking is under attack. Innocent people who question the official version are potentially more damaging to political powers with agendas than criminals. The social media is playing its part (with many unwitting participants) in damage control from rogue minds who stray from the hive mind and speak out.
      Let’s ‘not like’ social media, disengage ourselves from group think and take back our privacy.

      • I might not see my invite.
        For years now I have condemned the abuse of power, the constant invasion of privacy.
        I am an advocate for the right to remain Anonymous.

  • Very interesting work. I was looking for a private encrypted email and I found protonmail. Other projects as mailpile are not enough mature and a little bit difficult to configure for a standard user. I hope you will add more features as folder or label for email and more storage space (5 GB). After this I will migrate from my unprivate google account to protomail :)

    Thank you

  • I find all of the above comments valuable and interesting. Most of what I would like to say has been said by others who have said it better than I could. There are a few things that have not been mentioned though. Before I dwell into that though, thank you Proton Mail for putting some of the features I thought would be valuable into a email service. I took the online MOOC on cryptography largely to learn if a system such as this was feasible. I am glad you have shown it is.

    Even with secure email, if someone has planted key loggers on your communication devise, they will still know what you write in your emails. If they can access your microphone, when you type, the sounds of the keys you strike will be different for each key that is struck along with the timing. Thus with sound and having access to communications that have been made but not encrypted it is possible to still figure out what one types.

    I have heard numerous people claim that they do not care if others know what they write, search and think. They assert they are doing nothing wrong and have nothing to hide. I think that is naive. If you have anything you have something that is worth protecting. If you have an opinion on anything, you will be in favor of one position over another. This has value. For the one that is favored if you are buying something, the cost can go up. For the one that is not favored and if you are an influence-r of others, you are a threat to their sales.

    When a search engine learns the things you are interested in, it can feed you the information you seek in support of your current views or to subtly shift them to the views that benefit others.

    Numerous studies have shown that approximately four percent of the American population are ‘functional’ sociopaths. Many of these hold positions of power and may gravitate toward politics. My feeling is that in some countries the percentage is probably far higher than four percent. If a person is a sociopath, you cannot expect them to do the right thing. If they can benefit from your information, they will.

    Even if your computer is secure and you type away securely using a secure email, if your mobile is nearby, chances are the microphone can be turned on and what you type can be deciphered. Have you read the permissions you grant when you install those apps?

    If anyone new how valuable Facebook or Microsoft would become, do you think the founders would have been able to maintain relative control and stay in the game? I doubt it.

    The challenge is tempering this need for privacy against the very real threat of extremist who want nothing more than to disrupt social order, hurt others, and over throw ruling bodies in pursuit of their own power hungry agendas.

  • Protonmail is a GREAT service and I do appreciate that there are initiatives like this one. But regarding to Snowden’s NSA leaks there are almost nothing that will remain privacy on the WWW. Even SSL is an security flaw by itself… At the same time I’m not the counterpart that are against common intelligence activity since I have got an similar employment. I think it’s also important as an organisation to maintain a high ethical standard. It should not either be overlooked… My point is that we cannot expect this *complete privacy* that we’re aiming for in our current online situation. And the future will most likely be even worse…

    • The time to get accounts used to be 5-6 months but nowadays it should be under a week.

  • Privacy is paramount to me I believe it is a basic democratic freedom that should be preserved. The more I read and understand the ProtonMail journey the more I want to be a part of it.

    There would be a public outcry if an authorised entity could come down your street, open your letter box, open your letters, photocopy them and store the information on a database. Yet the likes of the NSA with its mass data surveillance programme can access Google, Yahoo and others to do it electronically is the same thing. No thanks.

    The migration from gmail to ProtonMail has already started.

  • A perfect companion to ProtonMail would be a “ProtonSearch” engine that people can use to securely search the Interenet, without feeding all our personal information, inclinations, interests, etc. into Google, Yahoo or any other of today’s intrusive, advertising-infected, surveillance-infested search engine databases?

  • Excellent easy to use solution. Received the invite today and it’s all setup. Was truly amazed haw fast the service is too. Well done. Time to ditch all those old legacy email accounts.

  • You are on the right track!
    We should do everything to get rid of the nonsense advertising companies and use the web as our fundamental data communication system: With privacy, with data ownership and secrecy. In Switzerland we will fight with best power for the ww human rights for privacy – as we did it many hunderd years before and transform the digital world into a secure world.
    Thanks to CERN, or outstanding R&D people and the worldwide best known engineering universities – and thanks to the clever team of PROTONMAIL developers.

  • Where is this “all for free” internet you speak of? I pay every month to my ISP for the privilege to surf the internet.

  • I struggle so much keeping up with all this. I want an internet where I can read a web page without it being logged (eg, open an envelope the postman or others haven’t yet read), connect with friends and potential friends without intervention, and do online what can be done face to face. I detest, despise, my information is being intercepted. It’s the worst thing about the internet (I’m not an old fella). Recently came across Protonmail and starting to realise the implications of Google, Android, and the like, but alternatives – so difficult – and I’m a loner, very difficult to navigate this technological landscape and stay private – which is my no 1 goal. I shall keep learning! Thanks Protonmail for showing me an early understanding. I hope to learn more and get better in time.

  • These are two distinct and separate issues. The impact of business intrusion into our privacy in no way denigrates or exacerbates the impact of government spying. I hesitate to hazard a guess as to which is more intrusive based on the fact that government spying is cloaked in secrecy and therefore impossible to quantify. I suspect that ultimately government spying will prove to be the more nefarious of the two. Certainly it would be naive to assume that agencies like the NSA and GCH are not staying up late attempting to crack or otherwise debilitate Proton Mail.

  • ProtonMail devs, can you PLEASE get rid of the Google Fonts on this blog?

    Having Google Fonts on your site allows Google to see all your visitors and mine their data. Please use your own fonts instead!

    The Google Fonts CSS code is right here on this very page:

  • Well,

    everything I read here is really really scary and here too.
    So I really appreciate everything You’re doing here guys!
    I’m a stupid naive poor student from a stupid naive poor country (Bulgaria) and I can’t pay for your services and instead of that I’m using it freely. But when I can, I will pay for your services without any hesitation!

    People around the world need better Web, better Internet and everything starts with You, VPN, Tor Network and Wikileaks.

    Keep going!

  • Vitally important to have a secure communication channel. The large corporates have proven time and time again that they cannot be trusted. The distopian vision of surveillance and manipulation which sci fi writers were writing of when I was in my teens, where the masses were manipulated by social engineering were passed and made more insidious a decade ago.

    All by social engineering a generation not to question why this is a bad thing and how it can and is being used to their detriment even now.

  • And that is the truth in a nutshell. Ask a social scientist or a sociologist and they will explain how Privacy os a part of being human. Every single time I speak to AppleCare, and with this cyberwar recently that is very ofter, I tell the front line worker about Protonmail amongst one or two other privacy related apps or services. Never fails to interest them.

    Thanks Andy

  • THANKS A LOT to you, Andy, and to every and each of proton staff.
    Thanks for great idea and excellet job. I am your huge fan. All the best to you.

  • Well I can most definitely confirm my secure Proton account is not only hacked but illegally controlled as well. I have had all my urgent mails to ministers etc and international media intercepted, diverted and also once I contact the individuals whom I have sent mails to they suddenly reply conveniently too late for me to take legal action against the criminals I am after. I will stand on my head PROTON MAIL IS NOT ANY MORE SECURE THAN YAHOO

  • How come I’m only just finding this email provider, ProtonMail,? I’m so upset, I feel so stupid. I’m so glad I have it now. ‘Will direct must of my valued traffic this way.

  • Thank you for having a free secure email service I love that I tell everyone about this so they can become safe also

  • It is only fair that we pay for our email usage, in the same way as in the old days, people paid for stamps and envelopes. I have chosen Protonmail as my email service, and it is excellent. I look forward to upgrading as soon as I can afford it, in the meantime I’m on the basic plan. Thanks to all at Protonmail for paving the way.

    • Could you please give us more details in regard to what are you referring to? We do not have trackers on our website.

  • That is indeed a wonderful article! The precision with which it reveals exactly how privacy (and security) is and has been under attack is brilliant. Even for those of us who do what we can to protect ourselves, it’s utterly frightening due to it being our reality.

    Thank-you from an extremely satisfied ProtonMail / ProtonVPN user.

    • Hi Kasey,
      This article was updated in 2019, so it’s not too out of date. The critiques leveled here against the business model of “surveillance capitalism” (a name that did not yet exist when this article was written) still apply. However, if we had to rewrite it today, I think we would bring up the troubling development of Western liberal democracies attacking encryption and trying to undermine the right to privacy. The UK and Australia have both already passed troubling laws and the US is considering legislation that would ban or break end-to-end encryption. This is the opposite of what we feel must be done. These countries need to enshrine the right to privacy in their legal codes, to put pressure on authoritarian governments to do the same. Sadly, that has not been the case.