Andy Yen: Think your email’s private? Think again

Andy Yen: Think your email’s private? Think again

Twenty-five years ago, scientists at CERN
created the World Wide Web. Since then, the Internet has transformed
the way we communicate, the way we do business,
and even the way we live. In many ways, the ideas that gave birth to Google,
Facebook, Twitter, and so many others, have now really transformed our lives, and this has brought us many real benefits
such as a more connected society. However, there are also
some downsides to this. Today, the average person
has an astounding amount of personal information online, and we add to this online information
every single time we post on Facebook, each time we search on Google, and each time we send an email. Now, many of us probably think, well, one email,
there’s nothing in there, right? But if you consider
a year’s worth of emails, or maybe even a lifetime of email, collectively, this tells a lot. It tells where we have been,
who we have met, and in many ways,
even what we’re thinking about. And the more scary part about this is
our data now lasts forever, so your data can and will outlive you. What has happened is that we’ve largely
lost control over our data and also our privacy. So this year, as the web turns 25, it’s very important for us
to take a moment and think about the implications of this. We have to really think. We’ve lost privacy, yes, but actually what we’ve also lost
is the idea of privacy itself. If you think about it, most of us here today probably remember
what life was like before the Internet, but today, there’s a new generation that is being taught from a very young age
to share everything online, and this is a generation that is not
going to remember when data was private. So we keep going down this road,
20 years from now, the word ‘privacy’ is going to have
a completely different meaning from what it means to you and I. So, it’s time for us
to take a moment and think, is there anything we can do about this? And I believe there is. Let’s take a look at one of the most
widely used forms of communication in the world today: email. Before the invention of email,
we largely communicated using letters, and the process was quite simple. You would first start by writing
your message on a piece of paper, then you would place it
into a sealed envelope, and from there,
you would go ahead and send it after you put a stamp and address on it. Unfortunately, today, when we actually send an email,
we’re not sending a letter. What you are sending, in many ways,
is actually a postcard, and it’s a postcard in the sense
that everybody that sees it from the time it leaves your computer
to when it gets to the recipient can actually read the entire contents. So, the solution to this
has been known for some time, and there’s many attempts to do it. The most basic solution
is to use encryption, and the idea is quite simple. First, you encrypt the connection between your computer
and the email server. Then, you also encrypt the data
as it sits on the server itself. But there’s a problem with this, and that is, the email servers
also hold the encryption keys, so now you have a really big lock
with a key placed right next to it. But not only that, any government
could lawfully ask for and get the key to your data, and this is all without you
being aware of it. So the way we fix this problem
is actually relatively easy, in principle: You give everybody their own keys, and then you make sure the server
doesn’t actually have the keys. This seems like common sense, right? So the question that comes up is,
why hasn’t this been done yet? Well, if we really think about it, we see that the business model
of the Internet today really isn’t compatible with privacy. Just take a look at some
of the biggest names on the web, and you see that advertising
plays a huge role. In fact, this year alone,
advertising is 137 billion dollars, and to optimize the ads
that are shown to us, companies have to know
everything about us. They need to know where we live, how old we are, what we like,
what we don’t like, and anything else
they can get their hands on. And if you think about it, the best way to get this information
is really just to invade our privacy. So these companies
aren’t going to give us our privacy. If we want to have privacy online, what we have to do is
we’ve got to go out and get it ourselves. For many years, when it came to email, the only solution
was something known as PGP, which was quite complicated
and only accessible to the tech-savvy. Here’s a diagram that basically shows the process for encrypting
and decrypting messages. So needless to say,
this is not a solution for everybody, and this actually is part of the problem, because if you think about communication, by definition, it involves
having someone to communicate with. So while PGP does a great job
of what it’s designed to do, for the people out there
who can’t understand how to use it, the option to communicate privately
simply does not exist. And this is a problem
that we need to solve. So if we want to have privacy online, the only way we can succeed
is if we get the whole world on board, and this is only possible
if we bring down the barrier to entry. I think this is actually the key challenge
that lies in the tech community. What we really have to do
is work and make privacy more accessible. So last summer, when
the Edward Snowden story came out, several colleagues and I decided to see
if we could make this happen. At that time, we were working at the
European Organization for Nuclear Research at the world’s largest particle collider,
which collides protons, by the way. We were all scientists,
so we used our scientific creativity and came up with a very
creative name for our project: ProtonMail.
(Laughter) Many startups these days
actually begin in people’s garages or people’s basements. We were a bit different. We started out at the CERN cafeteria, which actually is great, because look, you have all the food
and water you could ever want. But even better than this
is that every day between 12 p.m. and 2 p.m.,
free of charge, the CERN cafeteria comes with
several thousand scientists and engineers, and these guys basically know
the answers to everything. So it was in this environment
that we began working. What we actually want to do
is we want to take your email and turn it into something
that looks more like this, but more importantly,
we want to do it in a way that you can’t even tell
that it’s happened. So to do this, we actually need
a combination of technology and also design. So how do we go about
doing something like this? Well, it’s probably a good idea
not to put the keys on the server. So what we do is we generate
encryption keys on your computer, and we don’t generate a single key,
but actually a pair of keys, so there’s an RSA private key
and an RSA public key, and these keys
are mathematically connected. So let’s have a look
and see how this works when multiple people communicate. So here we have Bob and Alice,
who want to communicate privately. So the key challenge
is to take Bob’s message and to get it to Alice in such a way
that the server cannot read that message. So what we have to do
is we have to encrypt it before it even leaves Bob’s computer, and one of the tricks is, we encrypt it
using the public key from Alice. Now this encrypted data is sent
through the server to Alice, and because the message was encrypted
using Alice’s public key, the only key that can now decrypt it
is a private key that belongs to Alice, and it turns out Alice is the only person
that actually has this key. So we’ve now accomplished the objective, which is to get the message
from Bob to Alice without the server being able
to read what’s going on. Actually, what I’ve shown here
is a highly simplified picture. The reality is much more complex and it requires a lot of software
that looks a bit like this. And that’s actually
the key design challenge: How do we take all this complexity,
all this software, and implement it in a way
that the user cannot see it. I think with ProtonMail,
we have gotten pretty close to doing this. So let’s see how it works in practice. Here, we’ve got Bob and Alice again, who also want to communicate securely. They simply create accounts on ProtonMail, which is quite simple
and takes a few moments, and all the key encryption and generation is happening automatically
in the background as Bob is creating his account. Once his account is created,
he just clicks “compose,” and now he can write his email
like he does today. So he fills in his information, and then after that,
all he has to do is click “send,” and just like that,
without understanding cryptography, and without doing anything different
from how he writes email today, Bob has just sent an encrypted message. What we have here
is really just the first step, but it shows that
with improving technology, privacy doesn’t have to be difficult,
it doesn’t have to be disruptive. If we change the goal from maximizing
ad revenue to protecting data, we can actually make it accessible. Now, I know a question
on everybody’s minds is, okay, protecting privacy,
this is a great goal, but can you actually do this without the tons of money
that advertisements give you? And I think the answer is actually yes, because today, we’ve reached a point where people around the world really
understand how important privacy is, and when you have that,
anything is possible. Earlier this year, ProtonMail actually had so many users
that we ran out of resources, and when this happened,
our community of users got together and donated half a million dollars. So this is just an example
of what can happen when you bring the community together
towards a common goal. We can also leverage the world. Right now, we have a quarter of a million people
that have signed up for ProtonMail, and these people come from everywhere, and this really shows that privacy is not just an American
or a European issue, it’s a global issue
that impacts all of us. It’s something that we really
have to pay attention to going forward. So what do we have to do
to solve this problem? Well, first of all, we need to support a different
business model for the Internet, one that does not rely
entirely on advertisements for revenue and for growth. We actually need to build a new Internet where our privacy and our ability
to control our data is first and foremost. But even more importantly, we have to build an Internet
where privacy is no longer just an option but is also the default. We have done the first step
with ProtonMail, but this is really just the first step
in a very, very long journey. The good news I can share
with you guys today, the exciting news,
is that we’re not traveling alone. The movement to protect people’s privacy
and freedom online is really gaining momentum, and today, there are dozens of projects
from all around the world who are working together
to improve our privacy. These projects protect things
from our chat to voice communications, also our file storage, our online search, our online browsing,
and many other things. And these projects are not backed
by billions of dollars in advertising, but they’ve found support
really from the people, from private individuals like you and I
from all over the world. This really matters, because ultimately, privacy depends on each
and every one of us, and we have to protect it now
because our online data is more than just a collection
of ones and zeros. It’s actually a lot more than that. It’s our lives, our personal stories, our friends, our families, and in many ways,
also our hopes and our aspirations. We need to spend time now
to really protect our right to share this only with people
that we want to share this with, because without this,
we simply can’t have a free society. So now’s the time for us
to collectively stand up and say, yes, we do want to live
in a world with online privacy, and yes, we can work together
to turn this vision into a reality. Thank you. (Applause)


  1. Wickr messenger is even easier to use and provides a more ambitious privacy protocol given that computers are more easily infiltrated and snooped.

  2. What he was talking about is important but he basically just described PGP and then advertised his company which doesn't really do anything special.

  3. The opening of this talk contains a huge reasoning flaw. It is indeed true that today privacy is rapidly disappearing of not mostly gone. However, the next conclusion, that our future generations will not even know what privacy is, is false on several levels.

    The right to privacy is an inalienable human right enshrined in the Universal Declaration of Human Rights. Not only is privacy a human right, it also is a right that can not be sold (e.g. through a EULA),taken away (by oppressive governments) or given away (by people who don't oversee the consequences). What this means is that if privacy does no longer exists, then we live in a situation where human rights violations are clearly rife. Even if we don't recognize them as such.

    This is not a new phenomenon either, as some like to claim. Throughout history, new technologies have created situations in which current laws (and their enforcement) turned out to be inadequate to protect basic rights of some group of people. Our current inadequate protection of privacy does not proof that privacy is not important, but only proofs that countries fail to adhere to the UDHR.

    Those who argue that privacy is irrelevant in our modern times are also very wrong. If privacy was important in a world where privacy was mostly well safeguarded by natural barriers, then in our modern interconnected world the importance of privacy can only be more, not less. Besides, arguing that privacy is dead and we should just “get over it”, is essentially no different then arguing that premeditated murder of civilians is acceptable in a civil war just because it happens to be rather common place in such a war. Arguing that a human right violation is acceptable because it is commonplace is simply reversed logic and false. Human rights stand above national laws (or a lack thereof) for any country that signed and ratified the UDHR (and the UCHR in the EU).

    It should also be noted that many “privacy is dead” advocates turn out to be people who have some kind of (financial) stake in making/keeping such a reality acceptable. In the end, many companies currently make huge profits from what are nonetheless (unrecognized) human rights violations. With their capital power, they are able to block any substantial change in national and international legal protection against those practices. So, we will most likely indeed need to first take back our privacy by the use of technology, before we can start to take those involved in these violations and the governments who colluded with them to justice. After that, a better legal protection of privacy on national and international level needs to be erected.

  4. Protonmail is down and I need a working email service! Please get it back up again! Donate to the gofundme, everyone!

  5. Protonmail is down due to hackers, please fund the gofundme page so we could all get access to our email accounts. Thanks.

  6. but, the decription (private) key is still stored on the protonmail servers, isn't it? so if anyone gets access to that server, they can probably obtain both the encrypted emails and decryption keys.

    i think the only way to be sure is encrypting the email localy and only then passing the encrypted data to a mail service.

  7. His first statement is wrong. CERN didn't give the world the www, the US college institutions did..But what else can we expect from TED when it comes to facts?

  8. so the public key is the "locking" mechanism, and the private key is the "unlocking" mechanism. a user has both the locker and the unlocker, and can give out the locker to anyone, but keeps the unlocker safe.

  9. I really do not understand Andy Yen. He says that privacy is important and the server should not hold the encryption key (3:18). But ProtonMail is a web solution and it creates keys for me and also encrypts everything. Then the server has the encryption key. So what is the gain of using ProtonMail? Simply the promise that they say: "We are the good guys and we will encrypt your data"?

    And how the exchange of public keys and the verification process is done by ProtonMail? Because this is the most crucial part of the encryption process and what makes PGP hard to use. Every thing else is just tooling and anybody is able to do it. But a secure key exchange is the main problem and not addressed at all in this video.

    You emphasised that you work at CERN and a lot of very smart people have helped create ProtonMail. I really expected more of it ;(

  10. it's all relitive, as long as your device is connected to the networkd, you are subjust to security risk, the only sure fire way to protect yourselfis to unplug your computig device from the electrical source, ot introduce your device to the sludge hammer LOL

  11. 6:56 is it possible to store the public key on the server?
    7:06 so when Bob has made the email with Alice's email address and pressed Send, the client application sends a quarry to the server for the key that correspond to Alice's email, and then encrypts the message before sending the message to the server.

    The only security leak I can see is if for example the government replaces Alice's key with some kind of super special key that works for Alice and the government also has access too.

  12. I have an objection to the point made at 2 minutes in. We cannot properly address the problem of the changing meaning of privacy until it has been established that it is a problem. Okay, change makes you uncomfortable; so what? Make an actual argument for why we should care.

  13. I don't know if I agree with this project – if the user doesn't know how the encryption works, how can they possibly have confidence in it? I think a better way to approach this issue is to educate people about how encryption works and why they should use it.

  14. do they make money when it's free.. it's all out in open if you're emailing to ad-supported email providers.. Apparently top physicists decided to work on something much easier.. Once decrypted in browser, it's plain text and any piece of javascript can scrape it.

  15. A TED talk about emails not being private…!?
    Wasn't it right at beginning of email usage that it was established it was to the net what a post card is to regular mail?
    When did people start assuming it was private, exactly?

  16. Wow, it takes a CERN guy to reinvent assymetric encryption in a web client. Then to sell it as a global service of bulletproof privacy. We are doomed.

  17. um, isn't logging into the webmail system (protonmail) not have the key to encrypt your mail before sending to the receiver actually on the server?
    There's so many plugins for PGP these days into mail clients making it easier to encrypt on the fly. forget using external encrypted services when the data you send ends up in the clear on their servers and they have your private key to encrypt it.
    encrypt it locally, that's the goal.

  18. Great TED talk. I can't agree more with the statement

    "We need to support a different business model for the internet, one which doesn't rely entirely on advertisements for revenue and for growth"

  19. If proton mail is the way to go then they should have
    an internet security program with its own firewall and follow the same path as the bigger servers but with the added privacy and security as a bonus

  20. Terrorists like ISIS will love this.

    The real solution is to go back to the old way: send anything you don't want prying eyes to look at via regular USPS mail; or if your in a hurry, via FedEx Express.

  21. privacy went along with our constitutional rights… funny how "SHALL NOT BE INFRINGED" has boiled down to jaded interpretations. Learn from history or repeat it…

  22. While this is great, it was only a matter of time for PGP to go from public servers to private nets, but then how do we monitor dangerous communication? We can't assume that everyone has benign intentions.

  23. if i send a protonmail to another server such as gmail or ymail how can the public user generate the encription key without invading the privacy?

  24. On the flip side, if one completely gives up his/her privacy, the data can be used to advance many scientific research and enhance human QOL. If the government were to waive my income tax, they can have access to my entire life, i ain't got nothin' to hide.

  25. But commercial email is more secure and reliable. Who cares if companies use your data anonymously, when it comes with superior security and networking resources? He is basically running a[n albeit voluntary] subscription basis service. Free market wins.

  26. The question on my mind is "How does Bob get the public key from Alice?" Apparently his solution to the problem is have a hosted mail server distribute keys but he never says that. How can we get a desktop app like Thunderbird to manage public keys?

  27. Approximately every android device out there has a backdoor pre-installed in it. privacy is nothing now-a-days. it's just an illusion …

  28. "25 years ago scientists at CERN created the World Wide Web" (CERN = Conseil Européen pour la Recherche Nucléaire).

  29. So if I use proton mail, email someone who has gmail or some mainstream email account, my email is no longer hidden? What's the point unless you can get all your friends, family, and colleagues (corporations) on board?

  30. THANK the UNIVERSE that some folks aren't slaves to advertising dollars. In the end all consumers share the COSTS of advertising–think about it.

  31. “Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” E Snowden

    1. Find a use a very good VPN based in a country that the US cannot require log keeping. Run this VPN behind TOR.
    2. Find and use a very good encrypted ISP like TUTANOTA or ProtonMail

  32. Encrypting our emails sounds very noble. But coming to us from scientists at CERN ? Eh, yeah. No thanks. It's about as scary, if not, worse than Google.

  33. I used the Free Proton Mail for a time but now I pay. My search engine of choice is (duckduckgo). They don't track you. I did a search for something on Google a while back and now every page I get on shows me ads from that search. Total BS.

  34. What we need is the secure exchange of one password. After that, then its the good old one time pad (with an extra twist :-)) and steganography. Working on it 🙂

  35. From my experience, no one should use Protonmail. The basic (free) service is poor and if you upgrade, you will never be able to go back to the basic service. I sent many emails requesting asking for support but got no response! I had to pay to access my email again

  36. i use protonmail and its awesome
    but im still going to have to give the video a thumbs down: it uses mac / apple imagery in the side show – that is a HUGE turn off

  37. The whole privacy movement is great, and it's great that we're trying to make things mainstream by making it simple, but there's a problem: Companies like Google make money off collecting and selling your data, while this IS VERY BAD, it's what keeps things like Gmail and Youtube free. When your a private company that doesn't have ad's and doesn't sell information, it's good for the people, but it's harder to survive because you rely on donations and can't offer as much for free. He even said they ran out of resources and had to run a Kickstarter. While this is ok it shows how hard it is to maintain the business through donations alone. And it WILL be hard to go mainstream while Google can offer 15GB of storage for Gmail, and (As long as you don't use all the storage) UNLIMITED emails in and out. ProtonMail on the other hand only offers, 5GB of storage, 150 emails in & out a day. As well as by nature, Gmail can be accessed through 3rd party email providers like outlook, whereas Protonmail Cannot. This is a major struggle companies betting on privacy will have to go through. And while this has allowed me to create a ProtonMail email and use it on a daily basis, I cannot afford to support them at such high prices and have been forced to use Gmail as my main email and I bet I'm not the only one. This is the struggle, I hope we can find a way out of. As a final note, if anyone who works at ProtonMail happens to read this I would like to say: Best of luck, even though I cannot support you through funds I would like to say what your doing is good, try to keep it up 🙂

  38. He missed the most valuable answers like the only way to gain secure privacy is to talk in person it's very simple because as soon as you allow yourself to be connected and falsely lead to believe in other service providers are safe and provide security against your information you would also believe that there is such thing as national Security but the only thing that is available is everything that you supply on the internet, so protract yourself from this web based communication and you alleviate the possibility of your information being used against you

  39. Couldn't choose a sub so this'll work

  40. LOL, how anyone wouldn't understand email isn't private is just comical. IF you don't control the chain of custody then well it can never be private.
    EDIT, then most people don't want to pay for their service and use a free service. Buy your own domain name, lease your own dedicated server and run your own email server to start with, if you don't then don't complain about privacy.

  41. over 15 requests to support about my hacked email perhaps Dr Andy Yen needs to be made aware of his teams failings

  42. Can someone tell me the names of the companies that are without name (logo only) in the picture? I think I only regonize Telegram out of them all. They're @11:00

  43. It was refered to the ARPA Net when it was developed not CERN although there maybe scientists at CERN that worked on the ARPA Network. CERN is the largest band with user in the world.

  44. Well, one of the most cheeky propaganda as I've seen. Cern, PHP, PGPJs… it is astounding how easy to deceive simple people is possible. Well, if you don't know anything about encryption – you''ll use protonmail. Your choice.

Leave a Reply

Your email address will not be published. Required fields are marked *