Recently ProtonMail came under a DDoS attack. I was unfortunately one of the people that was affected by this. A few years back after the [Snowden revelations I made a concerted effort to move away from services that cooperated with the NSA. That included companies like Google and Facebook. At the time ProtonMail popped up and I decided to try it out.
Now I’m no security expert, but a lot of the claims made by ProtonMail do seem a bit crazy. Also I’m a bit skeptical of closed source security solutions (Telegram vs Signal anyone?). In any case I figured it would be better than sticking with Gmail. My reasoning went along these lines. While true I couldn’t be certain that my data was being protected at least I wasn’t supporting Gmail who I knew was giving my data directly to the NSA. Also with ProtonMail I had a chance that my data wasn’t being mined for advertisement or mass surveillance purposes.
Even after dealing with the hassle of leaving Gmail, and after accounting for the fact that my data might not be encrypted and is probably susceptible to a targeted monitoring effort, I think my decision to leave Gmail was a sound one. Here’s why. One if you are sending important emails that you want to make sure are encrypted you shouldn’t use a service like ProtonMail. You should create a gpg key, have a key party with the people that you are going to be communicating with, and set up Thunderbird. Here are some great guides for all of those activities and much more. Let’s be real, end to end easy to use secure encryption is a nice dream, but at least for the moment it is just a dream. Two moving away from services provided by people that cooperate with the NSA is one way of letting people know that you care about your privacy. Change starts with individuals fighting for what they believe in. Coincidentally other things you can do to support your privacy includes: writing your senator, congressmen, or other government official or supporting groups that advocate on your behalf. Three using smaller decentralized services makes it more difficult for the NSA and others to do mass surveillance. Targeted surveillance for legitimate social means doesn’t seem all that wrong to me, mass surveillance for a supposed terrorist threat seems, at best, Orwellian. Making it more difficult for mass surveillance seems like a technical goal that is helped with multiple providers.
So to sum up. Yeah it sucked not having ProtonMail for a few days, but I think it was worth it. Hopefully their being attacked is a sign that I even got the extra cherry on top and they are actually protecting my data well.