In this interview I had a chance to pose 10 questions to Patrick De Schutter of Mailfence – a secure email provider based in Belgium.
Mailfence is currently one of the top recommendations in the secure email guide.
Interview from December 2018:
1. There are a number of secure email providers on the market today. How does Mailfence stand out from the crowd?
2. Mailfence is inter-operable with any other OpenPGP comptatible encrypted email service.
3. All encryption operations take place in the browser making it a “true” end-to-end encrypted email solution.
4. Mailfence integrates digital signatures.
5. Mailfence gives full control over key management alongside advance options with an integrated keystore.
6. Mailfence allows full reversibility. Users can leave our platform at any point in time, along with all their Encrypted keypairs and end-to-end encrypted data. We do not confine them in our digital island.
2. In 2013 Lavabit was basically forced to shut down because they refused to cooperate with government agencies that wanted access to user emails. As a secure email provider operating in Belgium, could you elaborate on any challenges you face in terms of agencies demanding access to your customers’ data?
In many countries, government sponsored programmes collect massive amounts of data from the Internet. This data collection is done without any search warrant, court order, or subpoena. In Belgium, where Mailfence is located and our servers are hosted, the law protects privacy. Only a valid Belgian court order can force us to release data. Since we have no foreign parent company, we never comply with any rogue or other data requests from either domestic or foreign authorities. We are not liable to US gag orders or NSL’s [National Security Letters]. Our up-to-date warrant canary and transparency report can also be found on our blog.
3. How does being located in Belgium help to protect user privacy?
Belgium has very strict privacy laws. In addition European GDPR and ePrivacy laws are applicable to any company operating in Belgium.
This data is deleted regularly. The only requests we have received up to now is for identification data i.e., IP addresses from which users connect or with which they created their account initially.
[Restore Privacy note: The easy solution here is to always use a VPN with your email provider to conceal your IP address and location.]
5. PGP was recently in the news with the EFAIL vulnerabilities, prompting some to even proclaim PGP as “dead”. What are your thoughts on the future of PGP and email encryption standards in general?
Mailfence is not impacted by the OpenPGP Efail vulnerability due to our application design and the way we handle end-to-end encrypted and digitally signed emails on our web-interface. A detailed analysis can be found on our blog. Also, based on the mentioned issues in the technical paper, the OpenPGP protocol itself is safe to use, if you are not using it with a buggy email client.
6. Mailfence is currently not open source. Any plans for doing so?
Yes, we plan to put our client in open-source. We are also open to audits from professional security specialists
7. In your design philosophy you mention peoples’ “absolute and irrevocable right to privacy” and you also support different privacy advocates. Why do you feel online privacy is an important topic in the digital age?
In order for democracy to function properly there must be discussion and opposition brought by political parties, journalists, civic groups or others. Even more important, is that government misdeeds can only be exposed if whistleblowers, journalists, activists can investigate and take action without being surveilled, intimidated or pressured. Any person, organization or government with access to our personal data acquires the power to manipulate, intimidate or blackmail us and in the process weaken or destroy our democratic institutions. So giving up our privacy is not nothing, it means giving up the freedoms on which democracy depends. I would like to refer to following post for more detailed view: Why online privacy matters, now more than ever.
8. What are the trends you are seeing in email and privacy and do you think awareness about these topics will continue to grow?
After the 2013 revelations of global mass surveillance, we have seen a steady rise in general awareness towards data privacy and digital freedom among the masses. Thanks to all individuals and groups, who either independently or collectively striving and carrying on this battle in the right direction. However, there’s still a lot of work to be done, and Mailfence actively tries to play its role, not only by providing secure and private email-suite, but by also continuously educating our users and the community with best data privacy and security practices – alongside of contributing 15% our annual Pro plan income to EFF and EDRi.
9. What does the future hold for Mailfence in terms of updates, features, or changes to the service?
Presently we allow users to send both OpenPGP encrypted and non-encrypted emails
Soon we plan to release the possibility to send password encrypted emails, which will help non technical users in protecting delicate information while not having to understand anything about encryption keys.
Next on our roadmap is Mailfence for Business, an easy to use admin panel for Businesses allowing any SME or Enterprise to benefit from Mailfence secure email technology. This will position us as the alternative for less-private email offerings like G-suite and Office365. We presently see a big interest from companies to leave Google and Microsoft solutions.
10. What makes Mailfence a good option for someone who is just deciding to move away from Gmail or similar email services?
With Mailfence they not only get an email, but an entire suite allowing them to migrate mail, calendar, documents and much more – without having to compromise their data privacy.
To learn more about Mailfence, you can visit their website here.
If you want to test-drive Mailfence for yourself, they offer free accounts with up to 500 MB of storage.