After last week’s announcement of an even larger Yahoo
breach impacting 1 billion users, signups of Proton Mail have doubled again to
hit an all time high due to users looking for a Yahoo Mail replacement.
The large number of new users coming from Yahoo Mail is not
very surprising given that Proton Mail’s core focus is email security and
privacy. We first noticed the trend on social media when a large number of
Tweets began appearing mentioning Proton Mail as a
Yahoo Mail Customer
Service replacement. Starting on December 15th, the day the Yahoo
breach was announced, Proton Mail’s growth rate effectively doubled as can be
seen in the above chart.
proton mail growth
rate
Proton Mail’s growth
doubled immediately after the Yahoo data breach was disclosed.
We also saw Proton Mail signups jump dramatically last month
after the US presidential election. The number of Proton Mail users is
increasing, but the composition is also changing. After the Yahoo hack was
announced, the German Federal Office for Information Security (BSI) also
advised German citizens to stop using Yahoo Mail. German citizens looking for a
Yahoo replacement are now a much bigger proportion of Proton Mail’s user base,
making up 8.5% of visitors, up from around 4% historically, surpassing both
France and the UK.
Germany yahoo proton
mail
Users coming from Yahoo will find at Proton Mail a very
easy-to-use email experience, but underlying that is also an entirely different
approach to security. As the Yahoo exodus continues, we have received more and
more questions from Yahoo users in recent days, so in this post, we will try to
answer the most common questions.
Why You Should Stop
Using Yahoo Mail
This is the third major security incident to hit Yahoo Mail
in 3 months. In the first incident, announced on September 22, a record 500
million accounts were breached, then the biggest breach in history. Then on
October 4, it was revealed that
Yahoo Customer Care
Number had willingly abetted the NSA in conducting indiscriminate mass
surveillance on all Yahoo users. Finally, on December 15th, Yahoo shattered its
own record by disclosing that over 1 billion accounts had been breached.
We have recently observed that, many people do not grasp the
repercussions email breaches can have on their lives or on the lives of those
around them. In the Yahoo breach, attackers gained access to users’ first and
last names, telephone numbers, passwords, dates of birth and answers to their
security questions. Let’s consider the case of Jane, a hypothetical Yahoo Mail
user.
Because three years have elapsed between when the breach
occurred (2013) and when it was discovered, attackers have had three years of
time to stroll through her mail; read about any medical details she shared
about her family, trips she took abroad, purchases she made, and any intimate
details ever sent via her Yahoo account, not to mention compromise other
accounts which share information such as security questions.
Email in particular is very sensitive because it is often
the common thread that ties together our digital lives. Breaching an email
account is equivalent to breaching all other accounts linked to that email, for
example your Facebook, Amazon, or iTunes account, just to name a few.
The Yahoo breach is particularly bad because as recently as
2013, Yahoo was using the outdated md5 algorithm to hash passwords. md5 has
been considered to be broken for over a decade and because Yahoo was using md5,
the stolen credentials can be relatively easily cracked, magnifying the damage
from the breach. Simply put, using md5 in 2013 was not only negligent, it shows
an utter disregard for user safety.
Security by Design
Security is difficult. There’s no getting around this basic
fact. Yet, there is still much that can be done to protect data. One of the
best ways to protect data is to simply not have it. This is the approach that
Proton Mail has taken with end-to-end encryption and why we are a more secure
alternative to
Yahoo
Helpline Number.
All Proton Mail inboxes are protected with end-to-end
encryption, meaning that we don’t have the ability to read your messages. The
benefit of this is that if Proton Mail is ever breached, attackers also will
not be able to read your messages. In other words, an attacker cannot steal
from us something that we do not have access to. We also utilize much stronger
authentication that does not require password equivalent data to be transmitted
over the network, greatly reducing the risk from an active Man-in-the-Middle
attack.
This might seem like common sense, but end-to-end encryption
is not utilized by Yahoo or Gmail. The reason is simple. End-to-end encryption
makes it impossible to read user data, so it also makes it impossible to show
advertisements effectively. The way Yahoo or Gmail figure out which
advertisements to show you is by reading your email to learn about your
interests and your life. Because Yahoo and Google derive the bulk of their
revenue from showing ads, being able to read user data is more important than
security. After all, you are the product that is being packaged and sold to
advertisers.
We truly believe that the only chance to protect data in the
digital age is to build systems that are secure by design. This means services
should be built from the ground up with security as a central consideration,
and not merely as an afterthought. Unfortunately, this concept just isn’t
compatible with the ad-based business model of the majority of the Internet.
This is why Proton Mail is pioneering a different model as
an alternative to Yahoo and Google. We cannot read your data, and we do not
work with advertisers. Instead, Proton Mail is funded by the user community,
either through donations or paid accounts. Because users and not advertisers
are our priority, we are free to build an email service that puts security and
privacy first.
We believe that data breaches will become increasingly
common in the future due to the asymmetric nature of fighting cyber attacks. As
there is no such thing as 100% security, no service, not even Proton Mail, is
immune to data breaches. If you cannot eliminate a risk, the next best thing is
to mitigate it.
In such an environment, companies have an obligation to act
responsibly and use end-to-end encryption on as much data as possible, in
addition to collecting as little data as possible. Unfortunately, if the trend
of sacrificing privacy and security for advertising revenue continues, so will
the trend of devastating data breaches. However, thanks to your support, we are
now ushering in a new era for the Internet where security and privacy come
first.
If you have a Yahoo mail account, we recommend immediately
taking the steps we outlined here to secure your Yahoo email address, or better
yet, just delete your
Yahoo Email Customer Care
account. This is the third major security incident involving Yahoo Mail and the
fact that it occurred in 2016 means that Yahoo mail is likely still
compromised. Thus, we recommend immediately switching to a more secure email
provider.
Some users have written us with questions about whether or
not Proton Mail is vulnerable to the flaw that caused Yahoo to get hacked.
Proton Mail is not susceptible to the attack that hit Yahoo because our secure
authentication scheme cannot be bypassed by forging cookies. We have published
the technical details about our secure email authentication scheme.
Resource URL: https://bit.ly/2hWB79z