Secure encrypted email provider ProtonMail, which runs a “zero access” PGP mail service based in Switzerland has now open sourced its webmail interface — meaning all the code that runs locally on the user’s computer is available for inspection.
The startup was founded last year to capitalize on post-Snowden paranoia by offering client-side encryption and host servers that live far from the NSA’s prying eyes (if not the Swiss equivalent). And while it open sourced its cryptography code from the get-go, it’s now letting outsiders parse its webmail client too — at the same time as launching v2 of the client. ProtonMail is hosting the source code for v2 on Github.
Co-founder Andy Yen says ProtonMail now invited more than 500,000 users off its waiting list, up from 350,000 beta sign ups back in March. He tells TechCrunch it’s planning to remove the waiting list entirely this fall.
Given tricky questions of trust in a post-Snowden era, Yen argues that open source is an important component for pro-privacy services — coupled with having a solid financial base. ProtonMail started out by raising $550,000 in crowdfunds, but has since topped that up with a $2 million seed round, from Charles River Ventures and Swiss not-for-profit incubator FONGIT. So it has the security of institutional backing.
“For privacy services, trust is very important as users are trusting us with their data, and potentially their lives. This is why we have now open sourced our web client in addition to our cryptography,” he says. “However, trust involves more than just open sourcing. Users also need to know that we have the expertise, personnel, and financial resources to continue to protect their data into the future…We have institutional backers, and this will allow us to successfully carry out our development.”
Another reason for all this talk of trust, is this week ProtonMail posted a note to its blog saying it is offering priority access to users of rival secure email service, Lavaboom, if they want to jump its wait-list and get a ProtonMail account if they’re “concerned about what appears to be the impending closure of Lavaboom”.
Why is it speculating about a Lavaboom shut down? ProtonMail claims to have received an “increasingly large number of emails” from Lavaboom users following a Reddit post by someone purporting to be an ex-developer for the startup who claims it has run out of funds.
TechCrunch contacted Lavaboom founder Felix Müller-Irion to ask for clarification of the state of the business. At the time of writing he has not responded but we’ll update this post with any comment.
“If the rumors are true, this would not be good for the space,” adds Yen, noting that Zurich-based secure P2P cloud storage service Wuala also shut down yesterday.
ProtonMail’s blog goes on to stress its “institutional support from foundations backed by the State of Geneva and the Swiss Federal government” and touts a “strong balance sheet”.
“ProtonMail has more than enough financing to continue development until we introduce paid premium accounts,” the blog adds.
While it’s offered its secure email for free for now, he says the startup will be switching monetization on this fall — with the introduction of its first paid accounts, offering additional storage and extra features for a subscription fee.
That move may also be aimed at reassuring ProtonMail’s users that the business is not about to wink out of existence. Yen claims a large majority of current ProtonMail users have also expressed a willingness to pay for service.
“We will also roll out paid offerings for small and medium sized businesses, many of which are looking for better online security,” he adds. Yen argues this will position ProtonMail as a direct competitor to Google Apps’ email — but one that can tout “compelling security and privacy advantages” vs Mountain View’s ad-targeting powered business model for its free email.
Android and iOS apps for ProtonMail users are also in the works, with beta versions due to land on August 20.