Encrypt.me was recently purchased by j2 Global and when I heard about this I immediately posted to Twitter that people should be very concerned.
Terry Meyers, General Manager for Encrypt.me, kindly reached out to me via email to ask what my concerns were. As I have come to expect from Encrypt.me, Terry was courteous and professional, and I’m sure my opinions will be looked at by the team.
Several followers have asked me to go into a bit more detail about my concerns. I’ve therefore decided to post them here so that they can be found easily, as anyone considering using the service may benefit from my opinions. Below is an excerpt from my email to Terry, outlining why I was cancelling my Encrypt.me subscription out of concern for both security and privacy.
PLEASE: Note the last paragraph. Neither Encrypt.me or j2 Global have ever done anything that appears illegal or purposely harmful, and the company should not – under ANY circumstances – be the subject of harassment or other unwarranted attentions. Speaking your mind about concerns stemming from a product or company is good; harassment is never either good or acceptable behavior.
Excerpt from my email to the Encrypt.me Team:
Essentially, I will not trust any form of security or privacy to a company that is known throughout the technology industry as a buyer and seller of user information. To advertisers, to bulk-mail providers, and to who else knows. The advertisers and spammers (and I’m sorry I have to call them that, but they are) are known to be the case since direct portfolio companies of j2 make their money from advertisers – ZDNet – and bulk unsolicited mailers – direct response email houses. EFax is another factor I have to consider, as a large portion of their revenue is derived from a “free-to-use” system, which means j2 makes money by bartering user data since they don’t make money from the users.
I do wish you the best. I hope that j2 isolates and shelters Encrypt.me so that none of the incredibly sensitive information that a VPN has access to will ever be misused, but with the track record and history of the parent and portfolio companies I cannot be sure of that.
Please understand, I firmly believe that the portfolio companies absolutely have the right to operate exactly the way they do. They’re not breaking the law in any way, and to the best of my knowledge have never done anything to directly harm consumers. They are, however, not firms that I would be willing to trust VPN traffic to, or that I could in good conscience recommend that anyone else trust VPN traffic to.