‘ProtonMail Bridge’ Brings Encryption to Outlook, Thunderbird, and Apple Mail

Swiss-based encrypted email provider ProtonMail today announced Bridge, an app for premium account holders that aims to bring easy-to-use email encryption to desktop email clients like Outlook, Thunderbird, and Apple Mail.

One of our goals has always been to bring easy-to-use encrypted email to desktop. The problem is formidable. Desktop systems encompass multiple operating systems with dozens of popular email clients with their own adherents, and virtually none of them natively speak PGP, the email encryption standard upon which ProtonMail is built.

Around two years ago, we created a small task force to tackle this challenge. Today, we are finally ready to present ProtonMail Bridge.
Basically, the downloadable Bridge app enables ProtonMail users to access their encrypted email accounts using their favorite email client, without compromising on the security provided by the end-to-end encrypted service, and without needing to modify their email application. At the same time, local copies of the emails are stored on the user's computer, allowing them to use the search features of their email client as normal.

To achieve this, the Bridge app functions like a local IMAP/SMTP email server capable of communicating with the remote ProtonMail server to encrypt and decrypt incoming/outgoing messages locally. In this way, it translates end-to-end encrypted email data into a language that any email client can understand, thus "bridging" the gap between ProtonMail's end-to-end encryption and a user's standard email client.

The Bridge app aims to fit right into email clients with standard pre-existing multiple accounts, such as Gmail, enabling users to drag and drop emails into ProtonMail as encrypted versions. It's also possible to have multiple ProtonMail addresses and accounts in a single email client, and move messages between them.

It's important to note that while the Bridge preserves end-to-end encryption, it does not protect emails at the end-point – a compromised laptop could still allow an attacker to read emails in the third-party client app, for example.

Currently, the officially supported email clients are Thunderbird, Apple Mail, and Outlook. However, according to the developers, many other IMAP email clients were shown to work with the Bridge.

ProtonMail Bridge is available for macOS to ProtonMail users with paid-for accounts, and can be downloaded here. The Bridge code is open source and will be released early next year.

ProtonMail launched in March 2016, led by a group of scientists from CERN and MIT who aimed to deliver an easy-to-use end-to-end encrypted email service with freely available open source code. Earlier this year, the team launched a Tor-based site to make ProtonMail available to users in regions under the oppression of strict state online censorship, and also launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan.


Discuss this article in our forums

Signal Encrypted Messenger 2.19 Update Finally Available Following App Store Hiccup

Encrypted messaging app Signal pushed out its v2.19 update late on Friday after a post-release 48-hour delay, owing to an App Store issue that Apple has now resolved. The update includes a number of new features and improvements, including full UI display support for iPhone X.

After the update is applied, users will no longer see the "Load Earlier Messages" link within chat threads, because additional messages now appear automatically upon scrolling to the top of a conversation.


In other improvements, a new simplified interface has been introduced to the Signal mobile app that aims to make sending photos, files, and GIFs easier and quicker. For example, attachment previews are now displayed directly in the message bar instead of on a separate confirmation screen.

Adopting a design concept popularized by Facebook Messenger known as "Jumbomoji", emoji characters are now also visibly larger in Signal chat bubbles that don't contain any other text. Elsewhere, messages that fail to send have been made easier to spot and re-send, while a new "Tap for More" option should make navigating extremely long messages a more pleasant experience.

The list of supported languages has also been expanded to include Burmese, Hebrew, and Persian, while users with an external keyboard linked to their device can now make use of new key combination shortcuts for sending messages (Shift + Enter, and Command + Enter).

Apart from the above changes, Open Whisper Systems has revamped the layout code to improve performance and flexibility, so everything should feel smoother and more refined, according to the developers. Lastly, a number of bugs have been fixed, including one where recently sent messages sometimes reappeared after being deleted.

Signal Private Messenger is a free download [Direct Link] for iPhone and iPad available on the App Store.


Discuss this article in our forums

Keybase Launches Teams, a Free End-to-End Encrypted Alternative to Slack

Encryption messaging company Keybase launched a Slack-like open source team communications tool on Monday for macOS and iOS platforms.

Called Keybase Teams, the fully encrypted platform supported groups as large as 500 people, with free access to a team's message history.


Keybase is a new and free security app for mobile phones and computers. For the geeks among us: it's open source and powered by public-key cryptography. Keybase is for anyone. Imagine a Slack for the whole world, except end-to-end encrypted across all your devices. Or a Team Dropbox where the server can't leak your files or be hacked.
Like Slack, once users have created a team in Keybase they can begin generating chats and channels. It's also possible to share encrypted files with team members. 

Unlike Slack accounts however, users don't have to switch at the top level of the app. Teams can be casual and small, allowing them to blend into the user's inbox, while teams with multiple chat channels are grouped under "Big teams".

Keybase Teams is a free download for Mac from the Keybase website, while the Keybase chat app is available for iPhone and iPad on the App Store. [Direct Link]


Discuss this article in our forums

‘Real People’ Don’t Need Encrypted Messaging Services, Claims U.K. Home Secretary

The U.K. home secretary Amber Rudd has argued that "real people" do not want secure end-to-end encryption on messaging platforms and are more concerned with usability and features than unbreakable security (via Yahoo News).

Rudd made her case in a newspaper article, published ahead of a meeting today with technology companies in San Francisco, where she will warn tech giants that their services are being misused by terrorists. Writing in The Daily Telegraph, Rudd said:
"Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?

"So this is not about asking the companies to break encryption or create so-called 'back doors'.

"Companies are constantly making trade-offs between security and 'usability', and it is here where our experts believe opportunities may lie.

"Real people often prefer ease of use and a multitude of features to perfect, unbreakable security."
Rudd's comments were immediately criticized by privacy campaigners, with civil liberties organization Big Brother Watch calling her viewpoint "at best naïve, at worst dangerous".

"Suggesting that people don't really want security from their online services is frankly insulting," said Renate Samson, chief executive of BBW. "What of those in society who are in dangerous or vulnerable situations, let alone those of us who simply want to protect our communications from breach, hack or cybercrime."

"Once again the government are attempting to undermine the security of all in response to the actions of a few. We are all digital citizens, we all deserve security in the digital space."

Rudd is due to give her speech to tech companies like Twitter, Facebook, and Microsoft, in which she will urge them to do more to remove extremist content online or face new laws forcing them to do so.

Speaking to the BBC, Rudd said she wanted to work more closely with companies on encryption so that "where there is a particular need, where there is a targeted need" the government should be given access to metadata and encrypted content.

But Facebook's chief operating officer, Sheryl Sandberg, pushed back against that argument, and warned about pushing criminals into even harder to reach parts of the internet.

"If people move off those encrypted services to go to encrypted services in countries that won't share the metadata, the government actually has less information, not more," she said.

Tuesday's summit is the first gathering of the Global Internet Forum to Counter Terrorism, an organization set up by the major tech companies following recent terror attacks. Organization members are likely to resist any action that would result in compromised encryption, however.

In a joint statement, the companies taking part said they were co-operating to "substantially disrupt terrorists' ability to use the internet in furthering their causes, while also respecting human rights".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Changes to iCloud Put Apple on Collision Course With Governments Seeking Access to Encrypted Messages

Apple has sent its top privacy executives to Australia twice in the past month to lobby government officials over proposed new laws that would require companies to provide access to encrypted messages.

According to the Sydney Morning Herald, Apple privacy advocates met with attorney general George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss their concerns about the legal changes, which could compel tech companies to provide decryption keys to allow access to secure communications such as that provided by WhatsApp and iMessage.

Apple has consistently argued against laws that would require tech companies to build so-called "back doors" into their software, claiming that such a move would weaken security for everyone and simply make terrorists and criminals turn to open-source encryption methods for their digital communications.

While Apple's position is clear, the Turnbull government has yet to clarify exactly what it expects tech companies to give up as part of the proposals. A source familiar with the discussions said that the government explicitly said it did not want a back door into people's phones, nor to weaken encryption.

However, given that encrypted services like WhatsApp and iMessage do not possess private keys that would enable them to decrypt messages, a back door would seem the only alternative. "If the government laid a subpoena to get iMessages, we can't provide it," CEO Tim Cook said in 2014. "It's encrypted and we don't have a key."

As it happens, Cook's comment only applies to iMessages that aren't backed up to the cloud: Apple doesn't have access to messages sent between devices because they're end-to-end encrypted, but if iCloud Backup is enabled those messages are encrypted on Apple's servers using an encryption key that the company has access to and could potentially provide to authorities.

However, Apple is moving in the same direction as WhatsApp and Telegram to make encryption keys entirely private. As announced at WWDC in June, macOS High Sierra and iOS 11 will synchronize iMessages across devices signed into the same account using iCloud and a new encryption method that ensures the keys stay out of Apple's hands.

As senior VP of software Craig Federighi noted in interview with Daring Fireball's John Gruber, even if users store information in the cloud, "it's encrypted with keys that Apple doesn't have. And so they can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit — and even ultimately a kind of a backup for them — but only they can read it."

How this will play out in Apple's discussions with the Australian government – and indeed other governments in the "Five Eyes" intelligence sharing network seeking similar access to encrypted communications – is anything but clear. According to sources, Apple and the Turnbull government are taking a collaborative approach in the discussions, but previous statements by officials imply a tougher stance behind the scenes.

Last week, Senator Brandis said the Australian government would work with companies such as Apple to facilitate greater access to secure communications, but warned that "we'll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act... are available to Australian intelligence and law enforcement authorities as well".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Encrypted Chat App Telegram to Remove Terrorist Content Following Ban Threat in Indonesia

Telegram is to form a team of moderators to remove terrorist-related content from the encrypted messaging platform in Indonesia, after the country's government threatened to ban the app.

Indonesia's Ministry of Communications and Information Technology has already blocked access to the web version of the chat platform, citing concerns that it was being used to spread "radical and terrorist propaganda" in the country, according to Reuters.

"This has to be done because there are many channels on this service that are full of radical and terrorist propaganda, hatred, ways to make bombs, how to carry out attacks, disturbing images, which are all in conflict with Indonesian law," the communications ministry said in a statement on its website.
Telegram co-founder Pavel Durov said on Sunday that the service had blocked channels reported by the government and that it would take further action to remove the illegal content.
"We are forming a dedicated team of moderators with knowledge of Indonesian culture and language to be able to process reports of terrorist-related content more quickly and accurately," Durov said in a Telegram post quoted by Associated Press.
Telegram has been criticized by governments before for its use by terrorist groups to spread propaganda and recruit members. Last month Telegram agreed to provide basic information about the company to Russia after authorities threatened to block access to the service.

Despite pressure from governments, Telegram's founders have refused to bow to demands for backdoors into the platform for authorities to access encrypted messages, arguing that security and privacy are central tenets of the service.

Speaking to The Wall Street Journal on Sunday, Durov said Telegram is "heavily encrypted and privacy-oriented, but we're no friends of terrorists – in fact, every month we block thousands of ISIS-related public channels".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Australia Proposes Law That Would Compel Tech Companies to Decrypt Messages

Australia on Friday proposed new laws that would require companies like Apple to provide law enforcement authorities with access to encrypted communications (via Reuters).

Australia's proposed legislation will compel companies to help security agencies intercept and read messages sent by suspects. It appears to take cues from the U.K.'s Investigatory Powers Bill, which includes provisions that require technology companies to bypass encryption where technically feasible.
"We need to ensure the internet is not used as a dark place for bad people to hide their criminal activities from the law," Australian Prim Minister Malcolm Turnbull told reporters in Sydney.

"The reality is, however, that these encrypted messaging applications and voice applications are being used obviously by all of us, but they're also being used by people who seek to do us harm."
The proposal will be introduced when parliament resumes in August and could be adopted within months, according to lawmakers. Other nations have said they will introduce similar laws.

Apple, along with Facebook, Google, and other major tech companies, have historically opposed such law changes, which they say threaten online security protocols.

For example, Apple claimed the U.K.'s recent bill would "weaken security" for millions of law-abiding customers. "The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers," Apple stated in December 2015. "A key left under the doormat would not just be there for the good guys. The bad guys would find it too."

Facebook rejected the need to introduce the new Australian law, insisting it already had a system in place to work alongside security agencies, while the new legislation could not be implemented on an individual basis.

"Weakening encrypted systems for them would mean weakening it for everyone," a spokeswoman for Facebook told Reuters.

Notably, Australia has not explained how the proposed law would prevent nefarious actors from using open-source encryption tools to encrypt messages that can be transferred through conventional means such as email.

Last month it was reported that Australia attended a meeting of officials from the "Five Eyes" intelligence sharing network, where it pushed for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals.


Discuss this article in our forums

Australia to Push for Greater Powers on Encrypted Messaging at ‘Five eyes’ Meeting

Australia is set to push for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals, according to reports on Sunday (via Reuters).

The topic will be addressed this week at a meeting of officials from the "Five Eyes" intelligence sharing network, which includes the U.S., the U.K, Canada, Australia, and New Zealand.

Australia claimed the increasing use of strong encryption on smartphones and other devices was hindering law enforcement's capacity to gather and act on intelligence, and said it wants tech companies to do much more to give intelligence and law enforcement agencies access to encrypted communications.

Security experts and privacy groups regularly argue that any such methods would simply weaken overall security for everyone.
"I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption," Australian Attorney General Senator Brandis said in a joint statement.

"These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies."
The announcement followed the U.K. government's recent statement of intent to pressure technology companies to do more to put an end to the "safe spaces" that the internet offers extremists. The country has also called for measures to "regulate cyberspace", following terror attacks in the country.

In related news, a leaked draft technical paper prepared by the U.K. government states that technology companies would be required to remove encryption from private communications and provide the raw data "in an intelligible form" without "electronic protection". However, it's not clear if the Conservatives still intend to pursue these powers after recent elections left the party with a minority government and a diminished mandate.

Last year Apple refused requests from the FBI to break the security of its mobile software, following the recovery of an iPhone used by the San Bernardino shooter. Apple argued the FBI's request would set a "dangerous precedent" with serious implications for the future of smartphone encryption. The dispute ended after the government found an alternate way to access the data on the iPhone through the help of professional hackers.

Last week, the European Union published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data. If ratified, the law would put it at odds with both the U.S. and U.K. intelligence communities.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Russia Threatens to Ban Encrypted Messaging App Telegram

Russia has threatened to block access to the Telegram messaging platform unless the company that runs the app provides more information about itself (via Sky News).

The head of communications regulator Roskomnadzor, Alexander Zharov, said repeated efforts to obtain the information had been ignored by the company and warned that "time is running out" for the app.

"There is one demand and it is simple: to fill in a form with information on the company that controls Telegram," Zharov said in an open letter. "And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."
Telegram's non-response appears to be down to the repercussions of handing over the requested details: Doing so would effectively add it to the state regulators' registry, which would require it to retain users' chat histories and encryption keys and share them with authorities if asked, according to Russian news agency TASS.

The demand isn't the first time the Russian founders of Telegram – Kremlin, Nikolai and Pavel Durov – have failed to comply with state requests. In 2014, the Durovs refused to turn over data on Ukranian users of Vkontakte, a social network they also set up together.

Telegram claims to split its encryption keys into separate data centers around the world to ensure "no single government or block of like-minded countries can intrude on people's privacy and freedom of expression".

According to the group's policy, it can only be forced to hand over data if "an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Swiss Encrypted Email Provider Launches ProtonVPN With Free Subscription Tier

Encrypted email provider ProtonMail today launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan.

The Swiss-based company said it had been testing its VPN service for four months with the help of over 10,000 members of the ProtonMail community, and the group was ready to make ProtonVPN available to everyone starting Tuesday.


The Proton group said they were motivated to create ProtonVPN to combat increased threats to online freedom, such as the recent repeal of Obama-era rules designed to protect consumer internet browsing history, calls by British Prime Minister Theresa May for increased online surveillance, and the attempts by the U.S. FCC to dismantle net neutrality.
"In the past year, we have seen more and more challenges against Internet freedom," said ProtonMail Co-Founder Dr. Andy Yen, "now more than ever, we need robust tools for defending privacy, security, and freedom online.

"The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them," said Yen. "This is why, as with ProtonMail, we're committed to making a free version of ProtonVPN available to the world."
The group says it has worked to make the best possible VPN service by addressing many of the common pitfalls with existing VPNs. Features therefore include a Secure Core architecture that routes traffic through multiple encrypted tunnels in multiple countries to better defend against network based attacks, a no logs policy backed by Swiss law, as well as seamless integration with the Tor anonymity network. Headquartered in Switzerland, the VPN is also outside of E.U. and U.S. jurisdiction and is not a member of the fourteen eyes surveillance network.

The free tier includes servers in three countries and usage on one device, but bandwidth speeds cannot be guaranteed. The Basic tier costs $4 a month (billed as $48 a year) and includes access to all 112 ProtonVPN servers across 14 countries, high speed bandwidth, and usage on up to two devices, while the Plus tier ($8 per month/$96 per year) offers the highest bandwidth, connection on up to 5 devices, Tor servers, and access to Secure Core data networks hosted in Switzerland, Iceland, and Sweden. The Highest tier ($24 a month/$288 a year) includes a ProtonMail Visionary account.

ProtonMail began crowdfunding in May 2014 and launched in March 2016, led by a group of scientists from CERN and MIT who aimed to deliver an easy-to-use end-to-end encrypted email service with freely available open source code. Earlier this year, the team launched a Tor-based site to make ProtonMail available to users in regions under the oppression of strict state online censorship.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums