Safety Detective’s Aviva Zacks sat down with the founder of Mailfence, Patrick De Schutter, and found out how his company stays ahead of the curve.
Safety Detective: How did you get into cybersecurity?
Patrick De Schutter: I started ContactOffice/Mailfence with some like-minded partners with a focus on building collaborative messaging software with a focus on privacy. I was concerned with the trend of extensive user tracking and tailored advertising that I saw in other options. I believe in an internet user’s fundamental right to privacy, and this has informed everything we’ve built with Mailfence.
SD: Tell me about Mailfence.
PDS: Mailfence is a private email service with true end-to-end encryption and an absolute focus on security. As one of the first companies in Europe to build cloud productivity tools, we have managed to grow the business in a stable and sustainable way. Since we don’t have external investors, we don’t have to compromise on our core values of privacy and security. Our main clients are large organizations like universities, though we also have many privacy-minded individual users as well.
Besides email, we offer instant messaging, collaborative documents, calendars, contact management, etc. It’s designed to be highly interoperable with client/mobile devices via standard protocols such as CalDAV, CARDAV, ActiveSync, and IMAP.
SD: What are the worst threats that end-users should watch out for today?
PDS: I would say that account security is the threat that most end-users will come up against. As we saw with the John Podesta email leaks in the 2016 election, even supposedly sophisticated systems are vulnerable to phishing attacks. Besides choosing unique and secure passwords, it’s important to enable two-factor authentication (2FA) for access to things like email, cloud services, and social media. Apps like Google Authenticator allow you to generate 2FA tokens for multiple logins. Otherwise, there are SMS options, but these are less secure. If you’re using SMS for 2FA, you should contact your carrier and set up a “port validation password.” This prevents third parties from porting your number to a different carrier.
SD: How is your company staying ahead of the curve of threats?
PDS: Something we firmly believe in is the reliability of end-to-end encryption (E2EE). It means that only the intended recipient can decrypt and read a message. Email protocols were created decades ago and weren’t built with security in mind. We also give users full control over their key management without any restrictions.
Because we are based in Belgium, we also protect users from threats from governments, because of Belgium’s long-standing commitment to strong privacy laws.
Finally, we help our customers keep up to date on security issues by regularly publishing advice for device and account security on our blog.
SD: What makes Mailfence unique?
PDS: Our belief in privacy doesn’t just extend to our web services. Besides not selling advertisements or tracking our users, we donate 15% of our Pro subscription revenue to the Electronic Frontier Foundation (EFF) and the European Digital Rights Foundation (EDRi). These organizations fight for electronic freedom and digital rights for all people.
As I just mentioned, our servers are located in Belgium, which has some of the strictest data protection laws on earth. This means that all of our users’ data is protected by robust legal safeguards, in addition to all of the technological measures we have in place (digital signatures, E2EE, full PGP interoperability, integrated key store, etc.)
SD: How do you see cybersecurity developing in the next 5 years?
PDS: Besides improvements in device security, I predict more and better encryption across the board. So much of our lives are now online that people will need to be increasingly cognizant of the need for security. However, security measures are always playing catchup with criminals and hackers, so consumers must be constantly vigilant about threats and keep in mind best practices. I also hope to see improvements to decades-old email protocols. There are some projects tackling this, but adoption remains the biggest hurdle.