Andy Yen: Think your email's private? Think again 

Great TED talk. I can't agree more with the statement "We need to support a different business model for the internet, one which doesn't rely entirely on advertisements for revenue and for growth"

In 10 years our kids will be like; ''privacy'' ? is that something you can eat?

so the public key is the "locking" mechanism, and the private key is the "unlocking" mechanism. a user has both the locker and the unlocker, and can give out the locker to anyone, but keeps the unlocker safe.

10:00 They have users in North Korea. That's pretty impressive.

If private end to end encryption could be adopted by our current email providers (Microsoft, Google, etc), I would gladly pay an annual subscription for email. The big players should give us the choice to either serve us with ads etc. for free OR provide us with total privacy for a fee, rather than signing up for yet another email account based on specific (possibly temporary) features.

Amazing talk Andy. First of all you understand that we need privacy to live in a free world which most people don't. The invention of privacy in communication is necessary for a future worthy of human kind.

Give me ProtonEVERYTHING!

Some smart teacher should show this to his class.

*PRIVACY LOVERS,* you are going to love this!

Can someone tell me the names of the companies that are without name (logo only) in the picture? I think I only regonize Telegram out of them all. They're @11:00

Thank you for the ProtonMail and a great speech!

If you guys still don't know Duckduckgo, please give it a try... it's better than google in so many ways; privacy, search results (sometimes), and especially there's many useful ways to make custom searches on specific websites with it.

I have chosen Utopia for more than six months, and I am very happy about It. Never failed in my needs.

Good stuff. I'm finally creating my ProtonMail account, like a year later than I said I would.

Well, here goes another comment that the creepy internet is going to store in my secret cyber diary.

Here 7 years later . Just implemented the name and overhaul . PROTON ! EVERYTHING! Support and stand for something . Direct or indirect this issue affects us all . Don’t dismiss what you don’t understand and don’t shrug it off because it is something you think hasn’t affected you . IT HAS !

So happy I got my ProtonMail when it first started up.

Isn't this pretty much how PGP works with a public and private key system?

For a second i thought it was Filthy Frank in the thumbnail xD

finally got the secured mail from you thanks a lot.... started using from now

Nothing's private anymore; whether it'd be your email, search engine, even text and phone calls. Thought many people knew this by now.

I cannot believe that I did not find this earlier ! Spot On!

7:57 Damn, using jQuery for encryption is just next level security!

Best TED talk in a while.

Another Asian American hero who’s so smart and confident, yet so humble. - This is as important as Steve Jobs’ iphone! Chinese? Korean? Doesn’t look Japanese for sure. Nevertheless, hope to see more Asian Americans get recognized.

I don't know if I agree with this project - if the user doesn't know how the encryption works, how can they possibly have confidence in it? I think a better way to approach this issue is to educate people about how encryption works and why they should use it.

The subscriptions to zootube and publicdisgrace were a misunderstanding.

What are the names of the other programs at the end? The ones that don't have the names listed of course.

Great speech! This should've got more views !!

Congratulations and thanks for help the world more free! :-D Greetings from Brazil.

Making an internet without ads??? I would like it very much, but i believe it is like TV without ads, i simply don't see it!!! My point is, where people see an oportunity to make money, including big companies, they don't even think twice, so taking them out would be very dificult!!!

Around 7:40 and up he is pretty much describing how an enigma machine works except in a digital format.

That's why you should use the TOR Network. For email and all your web browsing needs!

6:56 is it possible to store the public key on the server? 7:06 so when Bob has made the email with Alice's email address and pressed Send, the client application sends a quarry to the server for the key that correspond to Alice's email, and then encrypts the message before sending the message to the server. The only security leak I can see is if for example the government replaces Alice's key with some kind of super special key that works for Alice and the government also has access too.

"Think your email's private?" No i don't "Think again" what what it's private?

He's avoiding the problematic questions. If the private key is in the users browser, how can he read his mail from another device? How to prevent, that he clears his local storage and looses his private key and therefore access to all his mail, without any option to restore it (which there can't be with this technology)? How to prevent sombody from intercepting during public key exchange, giving out his own public key and therefore decrypting, reading and reencrypting messages without anybody noticing? What he showed is easy to implement and nothing new and it doesn't solve the problems that prevent the widespread use of this technology.

Very Interesting! Viewing this in 2024 almost a decade later!

What are the names of the "projects" behind all the logos he shows? Some don't have name in the logo. That's why I'm asking.

I really do not understand Andy Yen. He says that privacy is important and the server should not hold the encryption key (3:18). But ProtonMail is a web solution and it creates keys for me and also encrypts everything. Then the server has the encryption key. So what is the gain of using ProtonMail? Simply the promise that they say: "We are the good guys and we will encrypt your data"? And how the exchange of public keys and the verification process is done by ProtonMail? Because this is the most crucial part of the encryption process and what makes PGP hard to use. Every thing else is just tooling and anybody is able to do it. But a secure key exchange is the main problem and not addressed at all in this video. You emphasised that you work at CERN and a lot of very smart people have helped create ProtonMail. I really expected more of it ;(

How do we know ProtonMail is not written with governmental backdoors? This all could be one giant trojan horse.

I have been using it for a long time now. starting to get many messages of companies of whom I have baught clothing from. still hoping it's safer tho.

I signed up for a Proton account for their VPN, but I might think about their other services too. Being completely dependent on Google is not the best idea :

Isn't the RSA encryption already widely implemented? Almost everything that i use daily is encrypted and salted. And does this scenario require that Bob and Alice are both using Protonmail? to exchange the keys. Regardless of the above, the NSA has the means to decrypt or brute force their way if they wanted to. But i can understand how our digital footprint is being collected and making a business out of it is something that is happening. We can be judged for searches, comments and reads that we did. We need to rethink encryption, for the sake of privacy and humans, and for the sake of security and AI. But even if we did that, i can't see us being in a place better than the current one which we worked kind of well to get to.

Andy yen, First of all i would like to thank you for your idea, its much needed in this wolds around us that is built in plain glasses. But please stop giving free service and ask the users to pay for the privacy and start making your own revenue without relying on donations and charity. A person who understands the value of privacy will definitely pay.

I tend to get ads for products or services that I just purchased. It would be more helpful to get the add before I make the purchase. Think twice before you advertise with Google.

Hi Andy, very good presentation sir. I have a question. Isn't telegrams CEO part of or connected to the WEF?

This is a great idea, I hope it works, although there is a massive exponential amount data that corporations and governments have already collected.

Simple question, how does Bob get the key without the server seeing the key? :)

What we need is the secure exchange of one password. After that, then its the good old one time pad (with an extra twist :-)) and steganography. Working on it :-)

Thank you!

New internet! That reminded me of Richard from silicon valley

Do both parties have to use protonmail for email encryption to work?

A great message where today they are trying to limit free speach. Of course this has happened all over but is happening in places that were founded on free speach. This shows encryption between two people that probably have the same email provider but it would have been nice to see how this works say if I send an email to my sister that has gmail. More then likely it will not be encrypted on both ends.

I think Proton Mail is doing a great job of encrypting & securing our data..

Andy thank you so much !

THANK the UNIVERSE that some folks aren't slaves to advertising dollars. In the end all consumers share the COSTS of advertising--think about it.

So much relevant today.

Who thinks their email is private these days? From other regular people? Yes. From the government and service providers? No, but that's nothing new. Anyway, I approve of any efforts in this direction. If one of the parties doesn't use encryption then the whole exchange is open to prying eyes; So making encryption easier to set up is important. You could always help your relatives set something like this up, but it'll be your lawyer, bank etc. that you want to see using this technology without lending a hand!

This guy is up to something big. Bigger than google.

The biggest problem with this solution is it requires both emails to be on the same service Proton Mail. There is basically no way to have email encryption that works universally.

well i dont know about the hassle involved in encrypting long messages but for small ones you can just tell the other person to use a cipher. Its the same kind of encryption method but on a lower scale.

Someone help me please, can't figure out some of the projects which logos are at @11:02, thanks

You hold the lock and I hold the key.

If proton mail is the way to go then they should have an internet security program with its own firewall and follow the same path as the bigger servers but with the added privacy and security as a bonus

Is there anyone else on here that's in the least bit concerned with the fact that CERN is a part of this?

Wonderful, just wonderful!

TED me parece lo mas genial que he encontrado ... pero se los agradecería si le pusieran subtítulos!!! Gracias")

This makes it simple but the problem still exits - ProtonMail can potentially grab the private keys of the users when it creates them and store them on its server! The only way out is to learn about security, in this case PGP, and use the knowledge to generate the keys on your own and use them when sending emails. You can then use any email service.

Think differently. Turn this on it's head. Who cares that advertisers use your 'private' data to advertise to you. I'd rather the ads were relevant...

Thank you

“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” E Snowden 1. Find a use a very good VPN based in a country that the US cannot require log keeping. Run this VPN behind TOR. 2. Find and use a very good encrypted ISP like TUTANOTA or ProtonMail

It was refered to the ARPA Net when it was developed not CERN although there maybe scientists at CERN that worked on the ARPA Network. CERN is the largest band with user in the world.

S/MIME. We need to make generating and signing keys, as well as public key exchange easier, but it's already implemented in most email clients. I see major problems with Proton mail, primarily around portability. He is right, we need encrypted email, but Proton isn't the solution.

A TED talk about emails not being private...!? Wasn't it right at beginning of email usage that it was established it was to the net what a post card is to regular mail? When did people start assuming it was private, exactly?

25 years ago the internet was invented?🤣😂😅

There was a piece of story where it was reported that the RSA key generation algorithm that Andy mentioned also had a backdoor where the Government could peek into. And this backdoor has been since many years.

do you want to be private and anonymous? Choose Utopia, because it`s your best friend

2024 and this is still relevant. Even more so, in fact.

How do you decrypt a message on the receiving system when only the sending system has the key that was used to encrypt the message?

8:00 Out of all the codes you could have taken, you chose the one for list item autocomplete

How would forwarding messages work, since everyone would need the same public key?

Take this guy with a grain of salt. Way over simplified but this is TED after all

Thanks Andy. Somewhere in a cloud of data, we're being linked together by virtue of my response. I hope they won't hold that against you. You're quite right in your observations and I admire your courage to speak out, but you might be already outnumbered because of say, funded storage capacity, intent, and yes the red herring, advertising revenue.

I like the idea and get where you are coming from but I think it would be better to have total transparency in all ways. Privacy is just a way to hide bad things.

But isnt the Mail written online and only secured via https? How does this make Sense?

8:00 ... They also use sublime text....!!!

"25 years ago scientists at CERN created the World Wide Web" (CERN = Conseil Européen pour la Recherche Nucléaire). ROFL

Great. Really nice. Protonmail. Let's go.

Not to be rude or anything, I got so many Cloud Atlas vibes. He looks like the people from Neo Seoul

What program does he use for his slide show?

But if you are ordering off of eBay,ect, do the people get your adress and credit card number?

How Bob can access the Public Key of Alice without the network or bypassing the Server?

It's an interesting point of view, but it depends how it is eventually implemented. Paying for internet access is already a high barrier to entry for some populations around the globe, and increasing the costs associated with the web will only increase this cost. Aside from that, both China and the US are in the process of legislating in favor of legally mandated back doors, making it even more difficult to implement this in the worst way. I mean realistically, if they're just using the data to serve ads to us, does it really even matter? It's a slight cost, but if it leads to something we actually need or are interested in, it seems that it would outweigh a monthly subscription to any particular service. TL;DR - governments are already in the process of preventing the bulk of our data from being encrypted legally, so why increase costs for no reason.

Which is better proton mail or tutanota

@hillary clinton

As long as you don't post anything you would be ashamed of privacy is not a big issue

That's a marketing stunt : protonmail aren't the only one offering secure email on the dame domain. The security issue lies in the SMTP when exchanging emails outside of the domain. SMTP was not meant to be encrypted. See a maildaemon email, when the recipient address is wrong : header, IP, timestamp, etc. If you can see it, everybody does.

The opening of this talk contains a huge reasoning flaw. It is indeed true that today privacy is rapidly disappearing of not mostly gone. However, the next conclusion, that our future generations will not even know what privacy is, is false on several levels. The right to privacy is an inalienable human right enshrined in the Universal Declaration of Human Rights. Not only is privacy a human right, it also is a right that can not be sold (e.g. through a EULA),taken away (by oppressive governments) or given away (by people who don't oversee the consequences). What this means is that if privacy does no longer exists, then we live in a situation where human rights violations are clearly rife. Even if we don't recognize them as such. This is not a new phenomenon either, as some like to claim. Throughout history, new technologies have created situations in which current laws (and their enforcement) turned out to be inadequate to protect basic rights of some group of people. Our current inadequate protection of privacy does not proof that privacy is not important, but only proofs that countries fail to adhere to the UDHR. Those who argue that privacy is irrelevant in our modern times are also very wrong. If privacy was important in a world where privacy was mostly well safeguarded by natural barriers, then in our modern interconnected world the importance of privacy can only be more, not less. Besides, arguing that privacy is dead and we should just “get over it”, is essentially no different then arguing that premeditated murder of civilians is acceptable in a civil war just because it happens to be rather common place in such a war. Arguing that a human right violation is acceptable because it is commonplace is simply reversed logic and false. Human rights stand above national laws (or a lack thereof) for any country that signed and ratified the UDHR (and the UCHR in the EU). It should also be noted that many “privacy is dead” advocates turn out to be people who have some kind of (financial) stake in making/keeping such a reality acceptable. In the end, many companies currently make huge profits from what are nonetheless (unrecognized) human rights violations. With their capital power, they are able to block any substantial change in national and international legal protection against those practices. So, we will most likely indeed need to first take back our privacy by the use of technology, before we can start to take those involved in these violations and the governments who colluded with them to justice. After that, a better legal protection of privacy on national and international level needs to be erected.

um, isn't logging into the webmail system (protonmail) not have the key to encrypt your mail before sending to the receiver actually on the server? There's so many plugins for PGP these days into mail clients making it easier to encrypt on the fly. forget using external encrypted services when the data you send ends up in the clear on their servers and they have your private key to encrypt it. encrypt it locally, that's the goal.

What confuses me is this guy just seems like he's reinvented the wheel with proton mail. But the idea was better than the product. How do we make privacy convenient?