How to: Use Email and Protect Your Privacy

Email… not secure, not elegant, and not going anywhere. Make your peace with it! I am sure that by now you have heard about at least one person whose email account has been hijacked, hacked or whose emails have fallen into the wrong hands.

But enough with the scare mongering…

If you want to learn about the basics behind email (and I strongly suggest you do!) read this article. Next read the introduction I wrote about how to secure your email. You can find it here. Go ahead, I’ll wait…

Secure Email

I’m waiting!

OK, now that you are back let’s continue. In this article I will provide you with some practical options to secure your email.

How much do you really need to know about email?

Technology is constantly changing, but only very few technologies pass the test of time. The older a technology is, the more likely it is to stick around. Yes, email is one of those! Not because it is elegant, liked or secure, but because it’s useful.

Email has been around since the 1960’s.

Before email, there was only snail mail. It sucked, but we, somehow, managed. Email is faster, cheaper, and more convenient than its predecessor, but sadly it is less secure and, in its current implementation, certainly not private.

We are all familiar with email, but there are a few things you might have overlooked:

  1. There are are least 2 copies of every email (sender + receiver), but
    probably more.
  2. In most cases the sender and receiver of an email are known (metadata).
  3. If not encrypted the content of an email is public.
  4. Some emails will always be insecure and reveal information about you, such as emails from your bank and retailers you do business with.

Did you know the US Postal Service takes a picture of every piece of mail- about 160 Billion pieces- in 2012 according to an article in The New York Times?

Depending on your security needs you might not care about either. But if you do -and you should- there are several avenues you can take to secure your communications.

Before going into the details, let’s make things a bit easier by introducing three people, Alice (A), Bob (B) and Eve (E). Alice wants to send a message to Bob and evil Eve wants to intercept it.

What are your options?

Let’s start with the simplest of cases, keeping the content of your emails secure by using encryption. Encryption requires that Alice and Bob exchange public keys and encrypt the contents of their email using each others public keys. This is safe, because only the person who has the private key can decrypt such properly encrypted messages (Public and Private keys are generated together and only one private key will correspond to one public key). GPG works great for this purpose and is relatively easy to use, even for novices. Keep in mind that GPG doesn’t encrypt the subject line of your emails, so don’t put anything personal or important into the subject line.

GPG

What you do is to install GPG on your computer, generate a key pair, exchange public keys with the people you want to communicate with, then use their public key to encrypt your email and send it.

For Alice and Bob this means that Alice will generate a key pair and email her public key to Bob. Bob then uses Alice’s public key to encrypt his emails to Alice, and because Alice is the only person who has the private key corresponding to her public key, she is the only person who can read Bob’s email. It sounds more complicated than it is, because your email client will take care of it behind the scenes.

You can also upload your public key to a public key server, so people can look it up and download your public key as needed. I am not fond of this option. Why? If you email your public key only to those you want to communicate with, it makes identifying legitimate emails easier.

It is a great idea to backup your keys in general and your private key specifically. You’ll need it to read past emails. Should you ever lose it, not even you will be able to read those old emails. Brilliant!

Backup your encryption keys!

While it is fairly simple to encrypt the content of your email, the sender and receiver of an email will still remain public, simply because that’s how email works. If you want to conceal the sender and receiver’s identities, one option is to setup anonymous email accounts. Again, this is easy to do, but you need to be careful.

Anonymous Email Accounts

If you follow the news, you might have heard about high-profile cases where anonymous email accounts have been traced back to real people, General Petraeus and his mistress for example. The Petraeus case illustrates how even a person with high-level security clearances, who should know at least a little something about privacy and anonymity – in particular how to secure his communication – can slip up and leave himself open to identification. In the Petraeus case law enforcement correlated credit card swipes with Gmail logins to identify the owner of the anonymous email account…Metadata! Well done mon General!

General, hiding your identity online is easy. Use a Virtual Private Network or VPN in combination with Tor, which is even better. Doing so will make it almost impossible to determine your real IP address and your identity, but you need to be vigilant. You must use VPN and Tor at all times, when you set up the accounts and when you access them. You must share your anonymous email only via secure channels-you can’t use a recovery address that can be traced back to you-and everyone who contacts you at that address must use the same security precautions or the entire endeavor will be futile from the start. And, in case you haven’t considered this already, you need to encrypt the content of those emails!

If this sounds complicated to you, that’s because remaining anonymous kinda is. However, it is possible to ensure private and even anonymous communications using an insecure medium if you use the proper tools and precautions…it just isn’t easy. It is cumbersome, inconvenient and easy to screw up.

Despair not, there is another option. Enter secure email…

Secure Email

Edward Snowden used Lavabit to communicate with Glenn Greenwald and Laura Poitras. Ladar Levison, the owner and operator of Lavabit, chose to shut down his service when faced with a National Security Letter to surrender the encryption keys for his service rather than decrypting all emails of all users for US law enforcement. Since then several secure email services have popped up, some of which have already gone under.

There are different flavors of service, ranging from encrypted email to all-around secure communications solutions including secure chat and secure file storage. Let’s be frank though, any solution that doesn’t offer end-to-end encryption requires careful scrutiny. End-to-end encryption means that only the sender and receiver have the means to encrypt and decrypt a message (or file); no other party will have access to your communications no matter what.

In other words, pay attention to who has access to your encryption keys! To keep your communications or files confidential, encryption keys should be under your control.

Do not trust anyone under any circumstances!

We have already established that an attacker needs both, the email and the decryption key to read said email. This means any service that holds both, your emails and the keys to encrypt those has the means to read your private communications and can be compelled by law to turn both over to law enforcement. On the other hand, any service that does not have access to your encryption keys has nothing to give to law enforcement. Even if this service would be hacked, and they are attractive targets, there is nothing to find and your communications remain protected.

When I did the research for this article I was astounded by the number of solutions available. Clearly, there is a market for private communications. To better understand these services it helps to look at how they protect your communications.

You can broadly categorize secure email services into 4 categories:

  1. Email services that don’t require any personally identifiable information to setup an account, don’t log IPs, and store your email in encrypted format. This type of service leaves it up to you to encrypt your communications.
  2. Providers that handle the encryption for you and integrate with your current email service (EaaS).
  3. Secure email providers that encrypt, transport and store your messages.
  4. Email-like services.

Lets look at some of the available solutions:

Riseup

Riseup is a free email service geared towards secure communications for people and groups working toward liberal social change. To protect the privacy of their users, Riseup doesn’t log IP addresses and keeps emails stored only in encrypted format. Riseup only provides a regular email service, encrypting of messages is up to you and you are encouraged to do so.

Riseup has a very succinct and strict privacy policy, leaving little to the imagination. While they temporarily log some information, those logs are deleted either immediately after a session ends or at the end of the day. Laura Poitras used Riseup to communicate with Edward Snowden anonymously.

SIGAINT

SIGAINT <– Can only be reached via Tor or similar browsers. SIGAINT is a free dark web email service with an option to upgrade the account to their Pro service for a lifetime fee of USD30 in bitcoins. Upgrading gets you extra storage, complete SMTPS/IMAPS/POP3S support, bitmessage support, easier PGP integration, and priority technical support.

SIGAINT is an anonymous email service and requires their users to provide their own encryption, such as GPG.

SIGAINT does not publish terms of service or a privacy policy.

Sendinc

Sendinc is a subsidiary of MX Force, LLC, a Dallas, TX based company. Sendinc provides email encryption, including plug-ins for MS Outlook and Gmail. After a 7-day free trial it will cost USD $4/month, paid annually.

While they are advertising military-strength encryption and bringing your email in compliance with GLBA, HIPPA, and SOX, a laudable effort for sure, I found this little gem in their Privacy Policy. In the Security section it states: “Email processing is done by automatic processes. Sendinc employees do not examine the contents of customer email except when Sendinc in its discretion determines that it is required by law or government agency, or as permitted by the customer.” So much for Sendinc not being able to read your email!

The other interesting point is that every message recipient must log into Sendinc’s service to read an encrypted message. If you don’t have an account, you must set one up before you get access to your message.

S-Mail Secure Email

S-Mail.Com provides secure email. While their web page looks a bit outdated, OK – very outdated, their service is still operational and I received a quick response when I contacted support. S-Mail uses end-to-end encryption and stores your password-protected private key on a secure private key server.

S-Mail offers a free Standard account and pre-paid Premium account starting at USD 5.00/month. The Premium account offers more storage and basically makes the account usable for day-to-day communications. Their list of features for both account types is entertaining, to say the least…

S-Mail’s privacy policy is pretty standard for most web services. They log IP addresses, keep logs on site visitors etc., but because of their end-to-end encryption, they are not able to read the content of your message. Keep in mind that they would be able to provide meta data if required…

SaluSafe

SaluSafe is a Canada-based online security provider, offering secure email, secure online storage and secure messaging. Their previous service Cryptoheaven is still running and operational. SaluSafe is essentially the same service under a different brand and with a more polished interface.

SaluSafe has software clients for Windows, Mac, Linux, Android and Blackberry, but not for iOS. Pricing starts at USD 7.99/month for the ‘basic’ plan and goes up to USD 27.99 for ‘premium’ service. Annual billing options are available at a discount.

SaluSafe employs end-to-end encryption for both the email itself and the transmission thereof. Secure SMS works only between SaluSafe subscribers.

SaluSafe’s privacy policy is a short read. It states that they will not share personal data they have collected during account setup, that any IP logs etc. are destroyed after one month and that they don’t have access to the content of your communications.

Virtru

Virtru is a US-based company that provides encryption as a service (EaaS). The concept is simple: Virtu takes care of the encryption, user authentication and decryption, you and your recipient’s email clients do the rest, composing, encrypting, transmitting, decrypting, and displaying your content. The selling point is that Virtu handles key management (and holds the keys) but doesn’t have access to your content, which was encrypted on your device and sent through your email provider. Centralized key management offers Virtu the ability to expire emails or stop recipients from forwarding them. However, a properly authorized recipient could still copy your email and paste it into an unprotected email that he is then free to distribute and read at will.

Virtru’s privacy policy spells out what information they collect, in general and in regard to using their encryption technology. I didn’t see anything unusual when reading through the privacy policy. In their FAQs they elaborate on several aspects of privacy, in particular government surveillance. Because Virtru is a US-based company, they would have to comply with lawful requests for user data, or more specifically they could be asked to provide technical assistance decrypting messages held by other services. They promise to fight any such request to the fullest extent possible to protect their user’s privacy.

Quick note: I didn’t elaborate on jurisdiction in this article. Jurisdiction determines who can legally ask for what. International cooperation on legal matters is a tricky subject. Generally speaking, the more countries that are involved, the more difficult it will be to get a proper court order, hence potential access to information. Ideally you want to do business with companies with good privacy protections outside of the country where you live.

Safe-Mail

Safe-Mail is powered by BadAss, which is probably best described as a secure hosting service based in the Netherlands. Safe-Mail offers secure, and, if you are so inclined, anonymous email. The sign-up process is simple enough and while they are asking for personal information we all know you can give whatever information you you feel comfortable providing.

Safe-Mail’s terms of service are on the sign-up page and very basic. As of this writing I could not find a privacy policy. Signing up is free and gives you access to a small account with basic features. Paid accounts add disc space and mobile access starting at 2 Euro/month. While primarily marketed as a secure email service, accounts include a nifty calendar, online storage and encrypted chat.

StartMail

StartMail is a Netherlands-based secure email service. While I am not a fan of trusting anyone with my encryption keys, they offer an interesting solution. StartMail uses a mix of open source and proprietary software to simplify OpenPGP encryption and make it accessible to even novice users. The key to their security solution is what they call the user’s vault. Only the subscriber has access to their vault via a password that StartMail does not store. Instead, when the user logs in, they will attempt to unlock the vault, and if successful, the password was correct, otherwise it was not and the user will be locked out after too many unsuccessful attempts.

After an initial 7 day free trial, StartMail costs USD 59.95/year. This includes one full account and two limited companion accounts.

StartMail’s privacy policy states it will not track or log user activity and will even stop trackers commonly found in emails. Their privacy policy is written in easy-to-understand language and clearly states it will only comply with proper legal requests for user information from Dutch authorities.

Pryvate

Pryvate is a British company and offers encryption as a service (EaaS). In addition to encrypted email, Pryvate also offers encrypted voice, conference and video calls, IM, picture sharing, file transfer and file storage. You can subscribe to a rather limited plan for free,but anything useful starts at USD 5.62/month and the enterprise version will set you back USD 13.99 per user per month.

The key to encryption as a service is that the company provides the encryption and manages the encryption keys while you hold the data, meaning data and encryption keys are never located on the same device making one useless without the other.

Pryvate is a subsidiary of Criptyque Limited, a UK-based company. Their privacy policy takes a while to read, clearly states all the ways they will track you and how they are going to use that information. It does, however, not state how Pryvate will respond to legal inquiries. Cryptique’s website was unreachable as of this writing.

Enlocked

Enlocked offers encryption as a service (EaaS) with you and your recipient using your own email providers. Encryption and decryption is handled on your devices and the service is free as long as you send less than 10 emails per month, up to 2000 messages per month will cost USD 20/month, 10,000 messages USD 30/month (reading is free).

You need to be aware of the following paragraph found in Enlocked’s privacy policy:
“We also collect certain limited information about how you use our services, including users’ IP addresses, recipients’ email addresses, date/time stamp, Message Headers and Message Access Data.” They will delete this data per your request if you stop using their service.
Enlocked stores recipient’s public keys (required to encrypt emails), but does not have access to your private encryption key or the actual email message, therefore Enlocked has no access to the content of your message.

Protonmail

Protonmail, is a Switzerland-based, free, end-to-end encrypted email service with a growing user base of over 500,000+ users. Originally conceived after the Snowden revelations in 2013 in Cern, it is one of the premier secure email services available. Signing up is easy and does not require any personal identifiable information. It takes between a few days and a few weeks for the account to become active depending on the length of the wait-list.

Protonmail uses end-to-end encryption, hence has no access to your encryption keys. Protonmail does not require or log personally identifiable information allowing you to remain completely anonymous if you wish.

Proton Mail’s terms and conditions are short and easy to read, nothing exciting. Their privacy policy is equally as entertaining-they will comply with local court orders-but they can’t share what they don’t have. ProtonMail is exempt from the Swiss requirement to provide technical means for lawful interception as it is not an Internet Service Provider (ISP).

Bitmessage

Bitmessage is a decentralized, encrypted, peer-to-peer communications protocol, similar to bitcoin. Any user can send a message to any other user or group of users, and all messages sent this way are available to all users, but only the recipient is able to decrypt and read the message.

Bitmessage’s terms and conditions, while lengthy, basically state that you are responsible for your use of the service and that they won’t take any responsibility that their service works. Because they are based in Switzerland neither US nor EU laws apply. Bitmessage does not have a privacy policy, which makes sense because they give users the option to ‘nuke’ their own account. Nuking an account means your account and all messages will be deleted and the email address including private keys will be published online, meaning anyone could have sent a message – plausible deniability.

My Opinion

100% security is difficult, if not impossible, to achieve, but you can get pretty close. A sufficiently motivated attacker, such as the NSA or GCHQ, with almost unlimited resources, will ultimately find a way to identify you, simply because we humans aren’t perfect!

Secure email services are great, and I wish everyone would use them, but that is not going to happen. Why? People are lazy. It is hard enough to get uncle Bob to respond to email, let alone getting all of your contacts to use the same secure email system. It reminds me of the time when Facebook was just one of several social media sites and all my friends were scattered across many social networks that didn’t inter-operate. Until secure email providers figure out how to exchange messages between different services anonymously, or one provider becomes the de facto standard, even secure email isn’t the ultimate solution, but it is a temporary option for limited use cases or the notoriously paranoid, like me 😉

There are a few key ideas to keep in mind to protect your communications and make it at least expensive to learn more about you:

  1. If you use public key encryption your emails can’t easily be read by third parties, so even if your email account is compromised or individual emails are intercepted, content will remain personal. You can use any email provider if you use a mail client, although web mail is trickier.
  2. Public-key encryption does NOT make you anonymous!
  3. If you and your important contacts use the same encrypted email solution, something like Protonmail or StartMail for example, both the content of your emails and potential metadata are protected (Snowden and Lavabit). If nothing else, you are reducing the amount of metadata available about you, because your email doesn’t traverse the Internet.
  4. Anonymous email accounts are probably best used in very specific situations between people who know what they are doing, and hence are at low risk of exposing themselves through simple mistakes. You can use any email service that doesn’t require and verify personal data to setup an account (Riseup or SIGAINT for example).
  5. I strongly encourage you to read every service’s terms and conditions AND privacy policy BEFORE signing up. Either they will have access to your communications or they won’t, but often you have to read between the lines to figure that out. Personally I’d stay away from anything that even remotely sounds fishy!

It doesn’t take much social engineering to figure out who your family and friends are, so even a large number of emails exchanged between you and your spouse won’t raise any suspicion – in this case metadata will reveal very little about you. By all means use public email accounts for these types of communication, but encrypt the contents.

It will actually work against you to use your anonymous accounts with friends and family, because your family ties can be used to guess who the owner of an anonymous account might be. Start thinking like your adversaries! Twisted, I know…

What do you do now?

In a dictatorship the people are transparent to the government, in a democracy the government is transparent to the people and it – the government – knows nothing about the private affairs of its citizens. Well, at least in theory that is…

We can all do our part to ensure a certain level of privacy even when facing blatant government overreach.

But proper precautions don’t only protect you from nosy government snoops, they also shield your communications from corporations that house and transmit your email (Gmail, Outlook, Yahoo, etc.) as well as hackers with most likely more nefarious agendas than just advertising the crap out of you or selling your secrets back to said government snoops.

Your first step should always be to assess your privacy needs. For most people, encrypting their emails (yes, all of them) will be a great first step. Of course hiding potential meta-data would be a great second step. Sadly, staying anonymous and not providing any public meta-data, isn’t easy and isn’t convenient, at least not at this time.

GPG is free and easy to use with any email service. While it won’t make you anonymous, it will protect the confidentiality of your communications and make it more difficult to generate elaborate marketing and social profiles about you.

So, which service should I use?

GPG is a no-brainer, it’s free, it’s easy to install and set up, and it protects the content of your emails from third parties. Beyond that, it really depends on who you are. Are you a corporation, a journalist, a whistle-blower, a concerned citizen,or do you live under an oppressive regime? Have a look at the options described above, they range from encryption with GPG to, what can be best described as, an Outlook-style organizer suite like Safe-Mail. There is an option for every need and pocket book. Interestingly, two of the most secure options, ProtonMail and Bitmessage, are free.

Of course, if everyone were to encrypt their communications, it would be a lot harder to snoop on us and surely governments would start screaming bloody murder; you know, the sky is falling, terrorists will take over the world, child porn will be everywhere, illegal drugs will be sold at your local corner store, and everyone will have an unregistered gun. We’ve all heard that before, nothing new…

Remember: “Those who sacrifice Liberty for Security deserve neither.” Benjamin Franklin, very smart man. Enough said!

I’d love to read your thoughts and suggestions. What services do you use? Please put them in the comments below. At the very least encrypt your email and use 2-factor authentication wherever possible.

Image Credit: Beck Gusler
Image Credit: Chris Baranski

Leave a comment