Overview
Within the traditionally static landscape of email services, security, and privacy have become paramount for users. As we sift through countless options, Proton Mail, Skiff, and Ethermail emerge as three noteworthy contenders. Each of these services brings unique strengths and weaknesses to the table.
Moving forward into a new era of digital communication, it becomes evident that the future of email requires more than just safety improvements—it demands a revolutionary approach. In this critical comparison, we will explore why Email 5 stands poised to outshine its competitors by delivering a richer, more interactive email experience designed to propel email communication into the future.
Proton Mail
Proton Mail, developed by CERN scientists in Switzerland, is renowned for its robust encryption and privacy-focused approach. However, while it is generally regarded as one of the most secure email services available, no system is without flaws. Over the years, it has faced several challenges and criticisms, particularly regarding its encryption practices and overall security measures.
JavaScript-Based Encryption
Proton Mail relies on JavaScript running in the user's browser to handle encryption and decryption. While this approach is convenient and user-friendly, it has some inherent risks:
- If a user has a keylogger, any private keys entered manually or passwords to decrypt stored private keys could be captured. Likewise, all text typed by the user, including the content of emails, could be recorded by the keylogger before it is encrypted and sent or after it is decrypted and displayed.
- If the Proton Mail web client or the JavaScript it serves is compromised, an attacker could potentially alter the encryption process. Users must trust that Proton Mail's servers and delivery mechanisms are secure and that the JavaScript served to their browsers is not compromised.
- No Content Inspection: Proton Mail's end-to-end encryption means it cannot inspect the body of outgoing emails for spam content. That ensures privacy but limits spam detection capabilities. Spam sent in small volumes to avoid detection thresholds (e.g., a few emails per hour) might not trigger alarms based solely on volume and frequency analysis. Furthermore, any user input must be sanitized and validated before being processed to prevent malicious data and prevent script injection attacks.
Security & Privacy Issues
Proton Mail faces security limitations, including legal obligations to log IP addresses, partial end-to-end encryption, and vulnerabilities like EFAIL that can expose encrypted content and metadata.
- Proton Mail uses end-to-end encryption (E2EE) for emails between Proton users, but this protection does not extend to emails sent to or received from users of other email services. Emails sent to or received from non-Proton Mail addresses are encrypted only during transmission (using TLS) but are stored unencrypted on the recipient's server. Also, the email subject line and other metadata are not encrypted, potentially exposing sensitive information.
- While Proton Mail markets itself as a privacy-centric service, there was a notable incident where it was compelled by Swiss authorities to log the IP address of a specific user involved in climate activism. This incident raised concerns because users might have believed that Proton would never log IP addresses under any circumstances. But Proton Mail operates under Swiss law, which means it must comply with legal requests from Swiss authorities, including logging user IP addresses when ordered by a court.
- In May 2018, security researchers discovered vulnerabilities (referred to as EFAIL) that affected email clients using PGP and S/MIME encryption. The vulnerability allowed attackers to manipulate encrypted emails in such a way that, when opened in certain email clients, the content could be exfiltrated to a remote server.
Vulnerability in Open-Source Libraries
Open-source libraries can be both a vulnerability and a security strength. Proton Mail uses a mix of open-source and closed-source libraries. This transparency is a core part of their security philosophy, but there's a potential downside to using open-source libraries.
- Exposure of Code: Anyone can see the code in an open-source library, which means potential vulnerabilities can be identified and exploited by attackers. This is exactly what happened with a past vulnerability in Proton Mail's open-source code https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail
- Dependency on Community Patches: Open-source libraries rely on the community to identify and patch vulnerabilities. This can lead to delays in addressing critical security flaws if the community response is slow or insufficient.
- Supply Chain Risks: Open-source libraries can be compromised at the source, leading to the introduction of malicious code. Attackers can exploit the trust in popular libraries to distribute malware or backdoors, which can affect all projects depending on those libraries.
Skiff Mail
Skiff is a relatively new player in the email service arena, emphasizing secure and collaborative communication. It combines the features of an email service with those of a collaborative workspace. However, integrating these functionalities into an email service often leads to a mismatch in functionality and user experience.
Real-time Collaboration & Document Sharing
Email services are traditionally designed for asynchronous communication, focusing on sending and receiving messages at the user's convenience. In contrast, real-time collaboration and document sharing require immediate interaction and dynamic updates, which are better suited to platforms specifically built for these purposes.
- Specialized collaboration tools like Microsoft Teams or Slack could be a superior option for real-time collaboration and document sharing compared to Skiff due to their comprehensive suite of features designed specifically for team communication and productivity, which are challenging to replicate effectively within an email-centric platform.
- Additionally, its extensive integration capabilities with various third-party applications, such as Google Drive, Microsoft OneDrive, and Dropbox, enable effortless document sharing and management within the platform.
The Recent Acquisition of Skiff by Notion
The tech world was abuzz when Notion, the popular all-in-one workspace app, announced its acquisition of Skiff. This move is seen as a strategic attempt by Notion to enhance its suite of tools and provide more integrated, secure communication and collaboration features. However, as with any significant acquisition, this union brings both opportunities and potential issues that need to be addressed.
- While Skiff is known for its strong privacy features, there might be concerns about how user data will be handled post-acquisition. Users who trusted Skiff for its independent privacy policies might be wary of how their data will be managed under Notion's ownership. Notion could begin sharing user data across its various services, which might not align with the privacy standards that Skiff users initially signed up for.
- Third-Party Services: If Notion uses third-party services for analytics, advertising, or other functions, there could be increased sharing of user data with these third parties, which Skiff users might not have initially agreed to. There might be a shift towards monetizing user data in ways that Skiff did not previously engage in, such as selling anonymized user data or using it to improve Notion's other services.
- Government Requests: Notion operates under different jurisdictions compared to Skiff. The combined company might be subject to more government data requests, particularly if Notion has operations in countries with less stringent data protection laws.
The Multi-Service Approach of Proton & Skiff
Both Proton and Skiff have expanded their offerings beyond just email services to include a suite of productivity and security tools. Proton's suite includes Mail, Calendar, Drive, Account, VPN, and Pass, while Skiff offers a combination of email, Calendar, Pages, and Drive apps. This multi-service approach brings some benefits but also introduces specific challenges and potential problems.
- Expanding into multiple services can dilute the company's focus, potentially leading to insufficient resources allocated to each product. This can result in slower development, more bugs, and less innovation.
- The company might struggle to stay ahead of industry trends and technological advancements, leading to stagnation and the inability to offer cutting-edge solutions to customers.
- More services mean a larger attack surface for potential security breaches. Also, integrating services often involves sharing data between them, which can raise privacy concerns and potential vulnerabilities if not managed correctly.
Ethermail
Ethermail is an email service that aims to bridge the gap between traditional email and blockchain technology. It focuses on privacy, security, and integrating blockchain functionalities. Users can earn tokens through various activities, adding an incentivizing element to using the service.
However, one significant aspect that users must consider is the requirement to use a digital wallet. While this integration brings notable benefits, it also introduces certain disadvantages, particularly for those unfamiliar with blockchain technology.
Private Keys and Wallet Management
Unlike traditional email services where users simply sign up with an email and password, Ethermail requires understanding and managing private keys, which can be a barrier to entry. This connection is essential for accessing the service and participating in its unique features, such as the "Read-to-Earn" program, which rewards users for reading certain emails.
- Not all users have a digital wallet, and the process of creating one can be cumbersome, especially for those who are not tech-savvy.
- The additional steps required to set up a wallet and link it to Ethermail can negatively impact the user experience.
- Users need to ensure the security of their private keys. Losing access to a wallet can mean losing access to your email account, which is a significant risk.
Increased Spam Risk
Ethermail provides users with tokens (such as EMC and EMT) for reading and interacting with emails. These tokens can be earned by subscribing to receive emails from specific companies and reading them. While the idea of earning tokens for email engagement can be appealing, it also raises several concerns, particularly regarding the potential for spam:
- The opportunity to earn tokens might attract spammers who send a high volume of emails to exploit the reward system. Users might engage with spam emails just to earn tokens, which can undermine the quality and relevance of their inboxes.
- The quality of email content might suffer if the primary goal becomes earning tokens rather than providing valuable information. This could lead to an increase in unsolicited and low-quality emails.
- If Ethermail becomes known as a platform inundated with spam, it can damage its reputation and deter new users from signing up. Existing users might also migrate to other email services that offer a cleaner, more valuable experience.
Data Storage in Proton Mail, Skiff, and Ethermail
Understanding how different email services handle data storage is crucial for evaluating their security and privacy features. Here is how these services store data, highlighting their varying approaches to leveraging blockchain technology and encryption:
- Proton Mail does not use blockchain technology for data storage. Instead, it stores encrypted data on servers located in Switzerland, benefiting from the country's stringent privacy laws.
- Skiff uses blockchain to manage keys and verify user identities but does not store the content of the emails directly on the blockchain. This approach ensures that while identities and keys are secure, the actual email content is stored on traditional servers with encryption.
- Ethermail integrates blockchain technology more extensively compared to Proton Mail and Skiff. It leverages decentralized storage solutions, such as IPFS (InterPlanetary File System), to store the actual email content, enhancing security and privacy through data decentralization.
Email 5
Powering the Next Generation of Emails
Email 5 enhances email security with robust server-side encryption. By using proprietary encryption methods, we provide unique data protection, avoiding the vulnerabilities of open-source libraries. Additionally, our system inspects emails for spam and malware before delivery, safeguarding users from malicious content.
- No JavaScript Encryption: Unlike Proton Mail and other services that use JavaScript encryption, which can be compromised by keyloggers or other monitoring tools on the user's device, Email 5 performs encryption on the server side, ensuring a stricter and more secure encryption process rather than relying on the potentially vulnerable user's system.
- No Open-Source Libraries for Sensitive Data: While we full support open-source projects, Email 5 does not use open-source libraries for data encryption. We believe that data protection systems must be unique to prevent potential vulnerabilities that come with open-source code exposure.
- Pre-Send Inspections: Email 5 includes advanced inspection features that analyze emails for spam or malicious content before they are sent to recipients. This proactive measure enhances user safety and email integrity, which is not a standard feature in services like Proton Mail, Skiff, or Ethermail.
- Web-Only Access: Desktop versions rely heavily on the security of the user's operating system and require regular updates to maintain security. Recognizing that users may not consistently update their systems, we mitigate these risks by ensuring all interactions occur through our web platform. This approach reduces vulnerabilities associated with outdated software and provides a safer, more reliable email experience for all users.
Setting a New Standard in Email Services
Email 5 is dedicated to enhancing email functionalities, steering clear of additional tools to maintain focus on innovation and efficiency. This commitment to independence ensures that the platform prioritizes long-term user benefits and privacy. With the introduction of "Incognito Mode," Email 5 underscores its dedication to user privacy by providing enhanced protection without logging or storing identifiable data.
- Email 5 is committed to the exclusive development and enhancement of email services, avoiding the inclusion of peripheral tools like collaboration features, VPNs, or password managers. By focusing solely on email, we aim to drive the evolution of email standards and functionalities, ensuring our platform remains at the forefront of modern, efficient, and innovative email communication.
- In an era where corporate acquisitions are commonplace, Email 5 stands out by committing to its independence and pledging that it will never be acquired by another company. By remaining independent, Email 5 ensures a long-term vision centered around user sovereignty and privacy, rather than short-term profits or shareholder interests.
- Enhanced Privacy: Email 5 introduces a groundbreaking feature called "Incognito Mode", a privacy-focused feature that provides an extra layer of protection for users concerned about their online activities being tracked. When enabled, Incognito Mode ensures that no identifiable data about the user's email interactions is logged or stored.
Elevating Email to the Next Level
Email 5 offers a seamless and secure experience without requiring a digital wallet, though it supports optional wallet integration for rewards. It maintains a clutter-free inbox by avoiding disruptive incentives. With a hybrid data storage approach, Email 5 combines the speed of centralized servers with the security of blockchain, ensuring rapid access to new emails and secure storage for archived ones.
- Email 5 provides flexibility by not requiring a digital wallet to operate, ensuring seamless access for all users. While it can integrate a wallet for receiving rewards and conducting transactions with the future $EMAIL token, it also features an internal rewards system that functions independently of a wallet.
- At Email 5, we are committed to maintaining the integrity and authenticity of our email service. Unlike Ethermail, we do not offer rewards for reading emails or subscribing to certain companies or users. This practice can incentivize illegitimate use and clutter users' inboxes with unwanted content. Instead, we focus on providing a clean, user-friendly email experience free from the pressures of reward-based interactions. Our approach ensures that users engage with our platform genuinely, fostering a more meaningful and valuable email communication environment.
- Email 5 employs a hybrid approach to data storage, combining centralized and decentralized methods to optimize both speed and security. Recent emails are stored on centralized servers, ensuring quick access and efficient performance for everyday use. Over time, these emails are transferred to the blockchain, where they become immutable and securely stored in a decentralized network of nodes. This system ensures that new emails are rapidly accessible, while older and archived emails benefit from the enhanced security and permanence of blockchain technology.
Email Built on Open Standards
Email 5 offers a richer content experience by leveraging HTML5 and Open Standards to create more interactive and engaging emails. Unlike many email services that prioritize security or other features, Email 5 focuses heavily on the quality and relevance of email content.
- Email 5 addresses the growing need for high-quality, content-rich email communication by leveraging HTML5 and Open Standards.
- The service emphasizes the quality and relevance of email content, ensuring that emails display consistently across different devices and clients, and making it accessible to all users.
- By focusing on open standards, Email 5 also ensures that its platform is future-proof, supporting new advancements in email technology and maintaining compatibility with a wide range of current and future email clients. This dedication to Open Standards and HTML5 enables Email 5 to deliver a superior user experience, setting a new benchmark for email communication.
Conclusion
Email 5 is redefining the email service landscape by combining advanced privacy features, a focus on high-quality content, and a steadfast commitment to independence. In doing so, it offers a unique and valuable alternative to the more corporate-driven models of other email services. For users who prioritize privacy, control, and a high-quality communication experience, Email 5 stands out as a compelling choice in an increasingly crowded market.