Sohel Sanghani has been paying attention to the current state of email security, and like everyone else, saw the massive data breaches where the accounts of hundreds of millions of users were compromised. Instead of taking steps to remedy those problems, Sanghani said people more often than not would look at an email data breach such as the 2014 Sony hack, shrug their shoulders, and move on.
In his assessment of the email security landscape, something was definitely missing. No one had ever created an easy-to-use, secure email app.
During the investigation into why this was the case, he and his brother, Dev, worked to co-found Canary Mail, an app designed to protect emails by leveraging end-to-end encryption. Past email apps tried to use Pretty Good Privacy encryption on mobile devices, but the services often struggled because of the complicated nature of user encryption key management.
The brothers sought to make Canary Mail’s encryption services as user friendly as the ones incorporated in messaging apps such as WhatsApp, Telegram, and Signal.
“We are like, if these chat apps can do it, and we have this PGP technology out there, why don’t we try and figure out a way to make encryption a lot more accessible to average people?” Sanghani said in a phone interview with Privacy Tech.
Canary Mail has two different methods to allow users to encrypt their messages. One method is the app's manual mode, which is aimed toward advanced users who have their own PGP keys. The users are responsible for exchanging keys, and all messages will be encrypted, regardless of the platform they use.
The service's automatic mode is designed to fully encrypt any message sent between any two users where both are using the app. Sanghani said automatic mode is for users who have never used PGP, or who do not want to manage their own set of keys.
“We’ve built this automatic technology on top of PGP. We are still using PGP keys, except that the generation and creation of new keys and the exchange are done automatically without the user being aware of it,” explained Sanghani. “All the user will see when composing an email will be a status saying this email will be end to end encrypted.”
Sanghani gave me an opportunity to try out Canary Mail, and, on the whole, I can say it was a positive experience. The app walks users through all the different features it provides, though it may take a few tries to remember exactly what each feature does, but overall it’s a smooth experience.
I was not particularly a fan of the focused feature, which highlights certain emails in order to help sort out vital emails from less important ones. I think that is just me however, as the focused emails are in a bolder font than the other emails, and I am one of those people who cannot stand having unread emails in my inbox.
Also, since I do not know any other Canary users, and I don’t have my own encryption keys, the emails I did send were unencrypted. I sure hope no one compromises the email I sent to myself containing the two images used in this article.
However, from a business-to-business perspective, it's important to note that Canary Mail integrates with existing email platforms. “You don’t need to switch your email provider,” Sanghani pointed out. “If you wanted to start using Proton Mail, but you’ve been using Gmail all this time, then it’s a real pain to migrate all your data and all your old emails onto Proton Mail, and then once you start using Proton Mail, you are stuck using their own apps. In contrast, Canary supports Gmail, Yahoo, and almost every other popular provider out there.”
With data breaches coming at a high frequency, Canary Mail aims to be a valuable asset for privacy professionals.
While past email apps focused on security, they would often involve complicated workflows and poor interfaces, while failing to possess many features organizations would look for, such as read notifications.
“Even if you continue using existing office accounts for emailing with Canary, and at some point there was a breach with Microsoft and someone gets access to your inbox, the intruder still won’t be able to ready your encrypted emails,” said Sanghani. “It will still be garbled text and it will remains secure as long as they don’t have access your device.”
Since Canary Mail claims to be the first truly encrypted app on the marketplace, why haven't others done it before now?
The service has been created to do what other tech companies would not, Sanghani argues, as embracing encryption would force those organizations to alter the way they do business.
“One of the big reasons why end-to-end encryption hasn’t really become all that popular is because the big guys don’t want to do it,” said Sanghani. “Many of the biggest email providers want access to your emails in plain texts so that they can scan them and deliver targeted ads inside the inbox. That’s their whole business model.”
Perhaps as Canary Mail launches out of beta, the user count will rise above the 40,000 plus who currently use the app. The app is currently only for Mac and iOS operating systems, with Sanghani saying the company will decide in the future whether it will move toward Android or Microsoft systems.
A wider clientele range would certainly fit in with Sanghani’s hope to make encryption available to a wide audience who just want to enter an email address, and know their message is safe when they hit send.
photo credit: Joe The Goat Farmer 3 Emails your Business Should be Sending to your Subscribers via photopin (license)
If you want to comment on this post, you need to login.