I was recruited as the new manager in 2003, due to my legal background, to evaluate possible liabilities. I focused on the data that was stored when people perform a search, and was shocked to discover the amount of data that was stored on our servers: IP addresses, search terms, clicked results, time stamps, country of origin, everything. I realized that while one search doesn’t tell you much, a continuous stream of searches could give you full insight in a person’s soul. Apparently, people trust search engines with their most intimate matters, sometimes even more than a trusted friend, and they expect it to be private and discrete.
In real life, search corporations are profiling your searches. They know exactly who you are and what you’re interested in, and this is extremely upsetting if you consider the real depth of the profiling analysis. We realized this was a major threat to personal privacy, and we didn’t want to be a part of it.
That must have been a difficult decision to make considering the potential money loss and the technicality it involved?
Changing the way we were dealing with data was very challenging for our tech people to begin with. Initially no one was interested in private search; in 2002 we only had about 120.000 searches per day, but as awareness to privacy issues began to rise, we started seeing a steady growth in the amount of searches, and today we are talking about between 5-6 million searches per day. We don’t know exactly how many users we have or where they are from, because we don’t track their data, but we do know that our popularity is on the rise. It was the AOL saga that finally confirmed that we were making the right decision and eventually our privacy policy had turned into a unique selling point.
Can you tell us a bit more about the AOL case?
Back In 2006, AOL made a huge mistake: they published a database with 3-months search data of 650.000 users., which was immediately copied and spread around the web for analysts and hackers to enjoy. Although they replaced the IP addresses with unique identification numbers, it didn’t take long for journalists to identify specific people. Because, the unique numbers ‘glued’ all individual searches together and exposed some people very quickly. There was a famous story of an old lady who happened to search for a local vet after her dog got ill. Someone had managed to track her down and ended up knocking on her door, asking about her dog’s medical condition and whether she was an AOL client. That’s how intimate search engines are, and we’re only looking at about three months of search data. Nowadays, the big search engines store about 10-15 years of search history.
So how does a search engine work without collecting data from its users?
We don’t store IP addresses, we don’t use cookies, and we don’t leak personal data to 3rd party companies. We are google partners, so we do use their search results, but we don’t leak the users details back to them. Ads displayed in our search engine are only relevant for the specific search term and are not based on a user’s history, so we make less money from ads. But it allows us to offer a unique service that truly protects people’s privacy while searching. We also came up with a URL generator that allows people not to use cookies and still get the specific settings they like. Then we added a proxy link to each search result, allowing people to visit 3rd party websites referred from StartPage search engine - without being tracked. The way it works is that we download the content of the page to our servers, and allow you to view it in privacy. 3rd party websites are not able to track your individual data because they are tracking us instead. It’s a bit like VPN, but limited to the results we show you. Unlike most search engines, who try to cater for your interests by fine-tuning your search results based on your search history, we provide 100% objective results. By not leaking any personal data, we get the most relevant search results to you, in perfect privacy!
Some would argue that targeted ads make search easier and more relevant. What are your biggest concerns when it comes to personalized searches?
Eli Pariser talked about it in his book “The filter bubble”. Basically what he was saying was that if you are seeing more of what you’ve searched for in the past, you become isolated. It’s not healthy for people to always be connected to what they already know. We all appreciate that one friend who disagrees with us and makes us think deeply about things; it’s important for society, it makes you think and evaluate things differently, and eventually it brings society together rather than drifting people apart. The ability of large search engines to manipulate search results for whatever reasons is a dangerous trend for human consciousness, and it affects anyone using the internet. For example, if you look at how many people are searching about American elections, imagine how much influence search engines could exercise depending on which candidate they favor. I’m not saying they’re doing it, but the potential for censorship, for example, is huge. In these day and age it’s more important than ever to use StartPage.com and protect your searches from snooping eyes.
What’s brought you to develop StartMail, your email service ?
In 2011, after several years of operation with StartPage, we started asking ourselves what else we could do to secure people’s online privacy. We knew that many people use emails that are not secured at all. Sending an email message is like sending a postcard: anyone can see it. The difference is that besides being exposed, it is also copied and sent to a number of interest groups before it reaches its destination- and people don’t even know about it! Of course, there’s a huge gap between the average user and the more technical people, who know that nothing is private and find the means to protect themselves. Initially, all free products made life comfortable for the masses: free email accounts, free calendars, free file storage and the list goes on and on. What they didn’t know is that as long as you’re using those “free” services, you are the product; you are being data-mined all the time, and big corporations are constantly profiling you to exploit you as a customer. When people understand this, they start looking for alternatives for their Gmail and Yahoo accounts, which is exactly what we offer.
How did those companies become so big to actually be able to pull it off with so many users globally?
The companies who are doing it have a monopoly and competitors have no chance of winning the battle because they either get bought or forced out of market. Take Whatsapp for example: When Whatsapp was acquired by Facebook, people talked about it as being a “risk to personal privacy”, but eventually more people ended up using it because of the news. There are good alternatives to Whatsapp but people don’t use them because ‘all of their friends are already on Whatsapp. They are beyond the ‘critical mass’.
If that is the case, how come StartMail is still in business?
StartMail is independent and internally funded by StartPage. Our biggest advantage on the market is that we stay true to our privacy policies, and our users appreciate it enough to stay with us. Raising public awareness to privacy issues is difficult, because most people don’t understand the technology behind it. At the same time, the big guys are keeping it out of sight, because they are not interested in public awareness. We try to serve as a healthy alternative and stay as transparent as possible.
How do you do that?
We bring privacy to the masses by design. Our interface is built upon security and privacy, but we try to maintain the technical elements under the surface for better ease of use. While maintaining transparency, we don’t want to tire people with technical details. The information is out there, on our website and in our white papers, but our interface is designed for privacy, by design and by default. When a new user starts using our email service, they get default settings that are private by design and by default, to keep things simple. This automatically gives them an optimal starting point. Those users who are more technical can opt to do things slightly differently for further protection. Encryption is the answer to email privacy. Like most secure email providers, we use PGP encryption, but we’ve taken a unique approach to simplify PGP for the masses.
PGP encryption requires both the sender and the recipient to have private/public keypairs, making it challenging for the average user to apply. What alternatives do you offer your clients and how do you overcome that challenge?
It’s true that PGP encryption is very technical and the details matter a lot. We use powerful standards like SSL, TLS and open PGP, and we try to add the specific quality of StartMail by using these protocols in a way that the average user can understand. Our slogan is “Email Encryption made easy!” We’ve managed to make PGP encryption significantly easier by generating your PGP keypair and managing it for you under the surface. Creating the keypair and exchanging them is very easy, it’s a matter of clicking 2 buttons, and you’re ready to go.
What about sending an encrypted email to someone who hasn’t got PGP set up?
We solve that using a Q&A method. If the recipient doesn’t have a public key, they see a Q&A with a secure question. If they got the right answer, they are redirected to StartMail’s secure server, allowing them to read the message and send a reply. Our focus is on small – medium enterprises because there are large groups that communicate with people who don’t have PGP encryption set up. You can still send a confidential email through StartMail just by giving them the answer to the secure question. This opens the usage to the average user who doesn’t understand PGP encryption.
What are the next steps for StartMail?
We recently asked one of the top 3 security experts in the world to review us. We were happy to hear that he was impressed by our work. He also gave us additional points to fine tune the ease of use and the default settings, which is our main focus today, while tightening the security of our users even more. In March 2016 we released a business version of StartMail that allows domain support. You can now use StartMail with your own branded email address, which is important for business users especially in Europe and the US. In Europe, privacy regulations have high standards on how to treat personal data, and businesses are constantly looking for new alternatives. The new regulation implemented in the EU says that all businesses will be liable if they don’t protect their users’ personal data, which eventually comes down to how they do things technically. That’s a huge incentive to make sure that your implemented technology is state-of-the-art and protects users well. Many Financial, legal, and medical enterprises, as well as smaller business take interest in our service because it’s an easy solution for them. That’s a promising market for encrypted email services and we aspire to be leading the industry with our unique security measures, which you can read about in our white paper. We invite people to check us out and create a secure account at StartMail.com.