Patrick De Schutter is Co-Founder and Managing Director at Mailfence. Through his company he actively supports the fight for digital rights. Mailfence is a secure and private email service and one of the top player in this industry. We recently reviewed the Mailfence service. In this interview Patrick De Schutter gives us more insight on its company and shared his thought on personal privacy and anonymity.
Mailfence Co-Founder Patrick De Shutter Interview
Anonymster: Can you please give us an overview of what is Mailfence and what your company do?
Mailfence is a secure and private email suite, that offers an ‘interoperable’ end-to-end encrypted email service with digital signing. Mailfence gives users full control over their key management without any restrictions.
It was launched in November 2013 by ContactOffice Group, which operates an online collaboration suite since 1999. We try to be cautious, reliable, stable and honest.
We do serious things but with fun and are among the pioneers of cloud software in Europe. Our main business is licensing our email and collaboration application to universities in Europe.
Anonymster: What has prompted you to develop the Mailfence project?
At ContactOffice we have always believed that users have an absolute and irrevocable right to Internet privacy.
That is why we have never commercialized our user databases. During more than 15 years of business, users have always been spared advertising and have never been tracked or profiled.
Following Snowden’s revelations about massive government surveillance in the summer of 2013, it became clear that users privacy on the Internet was seriously threatened. This was unacceptable to us!
Thus, in the midst of 2013, right after the mass surveillance disclosure, we felt a great need of a dedicated platform that would allow users to regain their email privacy with easy-to-use security mechanisms. This is how Mailfence came into existence.
Anonymster: What technologies do you employto guarantee privacy and security to your customers?
We believe, that the only reliable technology is end-to-end encryption (E2EE). It assures the sender that nobody in-between (including the service provider) will be able to access the message content. Only the desired recipient will be able to decrypt and read the message.
We have further leveraged this by providing the feature of Digital signatures, that gives a peace of mind to the recipient that a message sent to him was indeed sent by its claimed sender. Digital signatures also proves that the message was not tempered with during transit. Other security features to ensure the security and privacy of our users include SPF, DKIM, TFA, Spam protection, User-side blacklisting and much more.
Aside from keeping our platform privacy and secure, we also try to emphasize the end-device security. If a device of our user is compromised, it will circumvent all the security and privacy measures we take. This was recently further confirmed in the wikileaks publication of zero-day series, ‘vault 7’
We therefore have been increasing the awareness among our end-users through dedicated posts on our blog in order to help them understand the modern digital threats, and how to secure against them in the best possible way.
Anonymster: We often hear about privacy in connection to anonymity. Are they the same and does Mailfence guarantee anonymity?
No, they are not the same – and we have taken significant steps to strengthen both.
Regarding privacy: Mailfence helps users to reclaim their email privacy. We keep their account data private. Our end-to-end encrypted and digitally signed emails make it technically impossible for any of the intermediary to access or temper with the message content or claim its ownership.
Also, we have never commercialized our databases and are locally hosted in Belgium, where all of users’ data legally falls under the tight umbrella of Belgian data protection laws. All of this combines with our strong privacy oriented belief ‘Privacy is a right’. We want to help our users to reclaim their online privacy.
Email protocols (as we use them today) leak a lot of meta-data (to, from, IP address…) which brings us to the second aspect of anonymity. Mailfence has taken several measures that apply to both end-to-end encrypted and plain-text emails. For e.g., stripping the IP address from emails, collecting as few information as possible, having strict log deletion policies, … Also, for better anonymity – we encourage users to use Tor over a reliable VPN.
Anonymster: Does Mailfence work in countries with a strong censorship like China?
Mailfence works in all regions, without any issues. In countries that may block Mailfence access, we advise users to access us via Tor network. We are strong believers of net neutrality and advocate all efforts to make internet an open and sustainable place.
We donate 15% of our annual Pro plan revenue to Electronic Frontier Foundation and to the European Digital Rights Foundation to support the fight for online privacy and digital freedom.
Anonymster: Does Mailfence protect even against infected or malicious email?
We do have malware checking procedures, combined with spam protection systems in place that protect user’s messages. All of third-party images are always filtered by default – and we also encourage users to enable TFA to better protect themselves against phishing attempts.
However, as we generally say – if an end-device is compromised (via a malware for e.g., a keylogger, …), all the application level protections will be of no use.
Anonymster: Mailfence has adopted the OpenPGP encryption which is a complex email encryption standard. Why did you decide to use OpenPGP and how did you make it easy-to-use for your customers?
OpenPGP is an open-standard that has been well-supported and well-audited by a number of reputed organizations, cryptologists and different parts of Academia. However, the reason it was not fairly adopted on a massive scale was the usability complexity that came with it.
Mailfence took on that challenge. In the past users used OpenPGP through command-line / console based interfaces or needed to install third-party add-ons/plugins. We converted this into a ‘single’ web experience packed with tons of other security features with a very lightweight & easy-to-use interface that works on any modern browser.
Also since OpenPGP is an open standard, it makes us ‘completely interoperable’ with other respective solutions while keeping our users completely independent from any third-party add-on/plugin with-in a very easy-to-use web interface.
Another aspect was providing advance key-management features with full control to the user without any restrictions. We achieved this via an integrated account keystore. Finally, to further enhance the usability experience, an easy-to-understand info-graphic user-guide and robust support team always remains at user disposal.
Anonymster: Who should use Mailfence?
We are in an age of global surveillance, sophisticated social engineering attacks, malwares and other dedicated malicious tools. Everyone should use Mailfence. Yes, even if you don’t care about your email privacy. Mailfence will still protect you from a range of digital threats, account compromise, identity forgery, spamming concerns, …etc
Since Mailfence is a complete email-suite with calendars, documents, and other collaboration features, it will suit all type of individual or professional needs.
Anonymster: What if a customer has been using email for years without encryption, is Mailfence of any help to protect them?
Yes, even if you don’t plan on using end-to-end encryption and/or digital signatures and simply want to send email in plain-text. At mailfence, your data will be protected under our servers tight security measures, and will not stand liable to illegal subpoena’s. Only a valid court order from a Belgian judge can request some information.
Moreover, our application level security measures will give a ton of other security features that will protect your account’s data at all times.
Anonymster: What can we expect in the world of email security in the next years?
More encryption, and better encryption, aside from advancements in end-devices protection. Also, since traditional email protocols were not designed with security in mind, there now seems to be some projects working on re-designing the protocol, which as good it seems, is actually quite difficult to implement when it comes to widespread adoption.
Anonymster: Are there any new developments you are working on at Mailfence?
We continuously strive to make mailfence better, and work hard day and night to improve our service. We also tend to rely on users feedback and use it as a driving factor for setting up our development priorities. Currently we are working on Mobile Apps along with a lot of other incredible features, that will soon become part of Mailfence.
Anonymster: Finally, what sets you apart from other secure mail services?
To name a few:
- ‘True’ end-to-end encryption
- Digital signatures (based on your own keypair)
- Full PGP inter-operability
- Integrated key store (with advance key management options)
- Multiple keypair support
- Seamless PGP public key server connection
- Users are not confined to use PGP on the same platform
- Full reversibility and key revocation
- IMAPS, POPS, ActiveSync, WebDAV support
- Collaboration suite (shared mailbox, calendars, contacts, documents, groups, chat, …)
Last but the not least, our robust support team always remains at your disposal to assist you with regard to your email privacy and security concerns.