Patrick De Schutter, the Chief Executive and Co-founder of Mailfence recently talked to PreciseSecurity.com regarding the firm’s operations. Schutter addressed market experience since Mailfence began operations in 2016. He highlighted why email encryption matters in the wake of privacy invasion by big firms like Google, Microsoft, and Apple.
During the interview, PreciseSecurity also managed to engage the Mailfence security team who shared their expansion plans for the business based on legal status. The Mailfence team further explained the process of protecting users from compromised devices alongside high-level man-in-the-middle (MITM) attacks.
1. Mailfence has been operating since 2016. Could you tell us which have been the main changes that the industry experienced in this period of time?
“Mailfence is a recent project. Development was initiated in 2013 and launched for the general public in 2016. Previously our company was active in offering a collaborative messaging application to European universities and enterprises. Of course, the industry evolved enormously since inception. Our founders were internet pioneers that created one of the first advertising sales houses in Europe. They pioneered with banner formats, targeting, and placing cookies on machines. It is their intimate knowledge of the online advertising world that made them realize early on the dangers of what is now called ‘surveillance capitalism’. This knowledge motivated them in launching Mailfence and fighting for online privacy and digital rights.”
2. Why should regular people using existing email clients be concerned about email encryption? Which are some of the most popular threats affecting users’ privacy and data?
“With the rise of mass surveillance and data behemoths such as Google, Microsoft, and Apple invading the privacy of the average user on a daily basis, there is only one thing to limit this, email encryption. For instance, Google has abandoned its encryption projects because their business model does not support it. Google needs to know more and more about its consumer to tailor ads to them. Therefore, through email encryption individuals can protect the contents of their emails at all times. Check out this post by one of our founders on why online privacy matters.
Regarding some of the most popular threats are definitely phishing attacks and bad password habits. Phishing consists of a perpetrator that attempts to steal private data of a user mostly passwords that grant access to PCs and credit card information. Bad password habits are self-explanatory, a bad password could be the reason why your data got stolen without you being aware in the first place or why somebody could impersonate you and trick others in your name.”
3. Are there any particular countries where you believe email encryption is more important to protect user privacy?
“Users based in countries with standardized government surveillance like China have the biggest need for encryption. However, we believe that users in all countries need encryption and have a right to privacy. There are countries that have stricter privacy laws than others. For example, Belgium has harsher privacy laws than let’s say the US. Even with the revelations of Edward Snowden for Mass Surveillance and despite having uncovered the dirty secrets of the US government, Mass Surveillance is still happening today.”
4. How strong is the demand for encrypted email? Has it grown in recent years? Are there any stats that you can share with us in terms of industry growth or Mailfence user growth %?
“The demand for encrypted email has always been high, however, what discourages individuals to use it is the fact that it is not well-implemented by private email providers making it extremely difficult for the average user to get into. This is what Mailfence aims to do, make email encryption easy to use so that the average user can feel comfortable with encryption, start using it and see its benefits.
The demand for email encryption has definitely grown in recent years as we are seeing a boost in new users compared to last year and the year before that. There are several reasons that justify this growth:
- An increasing number of cyber-attacks.
- The increase in government surveillance all over the world.
- Users all over the world are tired of being profiled and followed by companies such as Facebook and Google that want to know everything about their lives in order to monetize this information to advertisers.”
5. Which do you think are going to be the challenges for the next few years in terms of privacy and security and how is Mailfence getting prepared for those?
“As technology grows, so are the number of threats, for example, various governments would like to have encryption backdoors in place in case an incident occurs that incident might be a terrorist attack or a cyberattack. An encryption backdoor means that you can bypass the encryption at any given point in time rendering the services of private email providers useless.
An upcoming threat to online privacy is Quantum computers. Quantum computers are supercomputers with a substantial computing power and have the ability to essentially break the asymmetric encryption of a message and read that message. Asymmetric encryption uses mathematical equations containing foot-long keys that encrypt and decrypt a message. Current quantum computers cannot break state of the art encryption protocols, however, security analysts across the globe fear that Quantum computers in the near future may be able to break encryption protocols in seconds.
Convectional computers have that ability too however as they are much slower than Quantum computers it would take thousands of years for a normal computer to break the encryption of 128-bit key and Mailfence uses 4096-bit keys for asymmetric encryption. Mailfence is not specifically getting ready to combat Quantum computing as this is a world-wide threat and is much bigger than Mailfence it affects multiple sectors and companies, not just the secure email industry. However, Mailfence plans to upgrade its encryption protocols to be quantum-resistant once those protocols are released which may be in 3-4 years’ time.”
6. Which is the reason behind the decision to include and support Bitcoin (BTC) and Litecoin (LTC) payments for the services that you are currently offering?
“We want everyone to enjoy the benefits of Mailfence, we accept Bitcoin and Litecoin payments as they are becoming more and more widespread. Therefore, our aim is to make Mailfence easily obtainable for everyone. Cryptocurrencies are here to stay, currently, there are more than 100 of them available it is a sign that cryptocurrencies might become the currency of the future. It also allows users to pay by limiting the number of unique identifiers concerning their identity.”
7. You are currently located in Belgium due to the privacy laws that have been approved in the country. Are you planning to expand your offices around the world to improve your legal status and offer more privacy to users?
“We presently have no concrete plans to expand our offices to other countries in order to improve our legal status, but we are monitoring this on a continuous basis.”
8. Which are Mailfence’s plans for the next two years (2020-2022)?
“Some of our priorities for the next two years are releasing our mobile application this year, open sourcing the application, working on making encryption even more user-friendly for our users, offering encryption on our documents and calendar applications, support for WKD, Yubikey. Of course, this is combined with a thousand other smaller quality of life improvements.”
9. Your services do not protect users from compromised devices and high-level man-in-the-middle (MITM) attacks. Would it be possible to see some additional protection for users in the future?
We see improving security as an ongoing process. In line with that, we have recently implemented SMTP MTA-STS [a mechanism enabling mail service providers to declare their ability to receive secure SMTP connections] and have several security features in our development roadmap e.g., Encrypted folders, Expect-CT HTTP header, and more.