Dean
Latest posts by Dean (see all)

privacy-memeTruly private email addresses are not as easy to come by as you might think. There are, of course, many hundreds of different services out there which claim to offer their users enhanced security to protect them from anybody trying to snoop on their communications. But many of these services have serious flaws which may put users’ data at risk whilst many others may be difficult to use correctly. If you do not understand how this all works there are also many pitfalls and mistakes you could make yourself, which could potentially compromise your privacy.

In this article I will provide a general introduction to the subject which should arm the reader with enough knowledge to be able to ensure their privacy, whilst also providing links to some of the best services and software products.

A Beginner’s Introduction to Email Encryption

The main thing that you need in order to send private email messages is encryption. There are two different ways that this is used: encrypted messages and encrypted network connections. It is important that you make sure you are using both if you want to comprehensively protection your privacy.

Encrypting Messages

When you encrypt a message you are effectively locking it up so that only somebody with the correct key can unlock it. To anybody else the message will be scrambled and will seem like complete nonsense. These keys come in pairs, a public and private key, so you can use somebody’s public key (which they can freely share) to scramble a message in a way that can only be unscrambled using their private key.

Some service providers will keep hold of your private key themselves and decrypt it for you when you want to read a message. This may seem easier, and means that you don’t permanently lose access to your messages if you lose your password, but it does also mean that the company providing you with this service has the ability to access and read your messages. Even if you trust the company not to abuse this power themselves, it opens up the possibility that hackers could breach the company’s servers and gain access to both your messages and the key to decrypt them with, or that they could be forced to hand over the contents of your messages to a government spy agency.

The best privacy protection is therefore offered by services which use client-side decryption. This usually means that you have a password which you use to generate your private key and unscramble your mails on your own device. Because the company themselves does not have access to your private key they do not have the ability to read your messages, and cannot pass this ability on to anybody else.

Perhaps the main problem with email encryption, however, is that both the sender and the receiver need to be using the same system, and you need to know the public keys of anybody you want to communicate with in advance. If both people are using the same service provider then this is not a problem, as the system will automatically know the public key associated with their address. So in that case you can both use the service just as you would an ordinary email provider and the contents of your messages will be protected. But if you are both using different providers, or if the person you are communicating with has an account with a popular provider like hotmail or gmail, which doesn’t use encryption at all, then things get a little bit more complicated. This is important to know, because it would be easy for a beginner to simply sign up with an company offering private encrypted email and then just presume that they are protected whatever they do, but that is not the case.

One common way to get around this problem, that is offered by many service providers, is to create a website link which includes the key to decrypt your message, and email the link to the person you want to communicate with. This means that the message can still be stored in an encrypted format, and only somebody with the exact link to the message would be able to read it. But of course it does mean that anybody monitoring your recipient’s email or web browsing may be able to access the message. This problem can be partly solved by setting messages to be deleted after a certain period of time, in the hope that any would-be spy will get there too late. You can also set a password which needs to be entered to decrypt the message, but of course this does mean that you need to find a secure way to share this password with the person you are emailing – fine if its a friend you talk to in the flesh, but perhaps more difficult when it is somebody you only communicate with online. The truly paranoid can get around this problem using the self destructing message method described further down the page.

Encrypting Network Connections

When you are sending somebody an email you start off by composing the message on your own device. This message is then sent to your email provider who sends it on to the intended recipient. An encrypted connection ensures that an outside observer cannot place themselves between you and your email provider and intercept your messages. The most common system by far is called ‘SSL’. This is the method you use to log in to your online banking accounts when the green lock symbol appears in your browser address bar, and does not require you to exchange keys – just make sure that the website address starts with ‘https’ instead of ‘http’ and that you can see a padlock symbol

Most service providers who offer encrypted email should use SSL as standard, but I thought it was worth mentioning for a couple of reasons. Firstly, when a company says it offers encryption you need to make sure that you know exactly what they mean by that. For example, Hotmail lets users set encryption as default, but this only applies to the network connection and does not protect the contents of your messages themselves. Secondly, some apps and desktop clients will only operate through http and might therefore break this kind of protection.

A Beginner’s Guide to Anonymous Email

Even if you take every step possible to make sure that the contents of your messages cannot be read by anybody else, you are still not completely protecting your privacy. An observer may still be able to see who you are communicating with, how often, at what times, and so on. This kind of ‘meta data’ can reveal a lot more than most people realize. There are two ways to counter this threat.

Anonymous Account Creation

By creating your account anonymously you can ensure that whatever information can be gleaned by an observer cannot be connected back to you personally. Creating a totally anonymous email address is actually surprisingly difficult, as the vast majority of services will at the very least ask you to enter a secondary address that they can use to send you notifications or reset your password if you forget it. Many will also ask you for other personal information.

If you want to register with a company that requires a secondary email but are concerned about the privacy implications of this, then there are things that you can do. For example, Guerilla Mail and Mailinator both offer a way to create temporary disposable addresses without providing any personal details. These temporary address are perfect for using to anonymously sign up with other providers.

In order to really make sure that you cannot be connected to your email account you should probably also ensure that you only access your account through a privacy network like TOR (see how to use TOR). If you don’t do this then it may be possible for an observer to track when your device is accessing the service and correlate this with when messages are sent, therefore allowing them to associate your account with your real identity. There are also services out there which will send your messages over the TOR network. For example Mail2Tor offers an anonymous and encrypted email system (you’ll need to have TOR installed for that link to work). I haven’t included any TOR mail services in the list of recommended services you will find further down the page because I couldn’t find enough public information about precisely how they work or what advantages and disadvantages they may have.

BitMessage and ‘Everyone Gets Everything’

Another way to prevent spies from using this meta data against you is to use a system based on the principle of ‘everyone gets everything’. This means that instead of sending your message directly to the recipient, it is broadcast over a peer-to-peer network. Everybody on the network will receive the message, but only your intended recipient will be able to read it. This makes it more difficult for an observer to be able to tell who you are sending the message to, as well as making it impossible to tell whether a message has been received and opened.

One of the best examples of the ‘everyone gets everything’ principle is BitMessage, which uses the Bitcoin protocol. This is not actually an email system, it is an alternative messaging system, but there is an excellent service available at BitMessage.ch which provides an email style interface to this protocol as well as allowing you to send to, and receive from, ordinary email addresses.

The Best Anonymous & Encrypted Email Providers

This is not meant as a comprehensive list, but instead offers a handful of recommendations that are worth taking a look at. If you know any other services which you think are worthy of inclusion please feel free to add suggestions in the comment section and I will consider adding them to the list.

  • ProtonMail – With apps for android and iOS as well as a web version this is one of the more user-friendly options. All messages are stored on the company servers in encrypted format and transmitted using end-to-end encryption. When you create an account you get two passwords – one for accessing your account and one for decrypting messages. Your decryption password is used client-side and never shared with ProtonMail, so they cannot access your messages. When sending messages to non ProtonMail users you can hit the encrypt button to send a link, and optionally set a password they must enter to read the message as well, and you can even include a password hint so if you know them well then you may be able to set a question only they will be able to answer rather than having to communicate a password in advance. The code which runs this service is open source, as are all of the encryption libraries which it uses. They claim to offer anonymous registration with no personal details required, but they do ask for a secondary email. Free accounts are available, but there is a waiting list so you need to request an invite and wait for them to contact you when they have enough capacity available for new accounts. I had to wait a few weeks when I registered.
  • Countermail – This service offers very strong security in addition to privacy and anonymity. Unique security measures include diskless servers which boot from a CD, and the option to purchase a USB key which makes it impossible to access your account from any machine which does not have that physical key inserted into the USB drive. It uses OpenPGP, which means that you can use it to communicate with people on other services which use this open standard. There are also plenty of extra features like an auto-responder and a PGP chat feature. Their servers are set up to not collect IP address information and to use anonymous headers, so you may not need to worry about accessing the service through TOR. As default they will generate keys for you on their servers, but encryption takes place on your own device and I am told that if you generate your own PGP key pair and send them a support message with your public key (don’t include our private key!) they will set up your account so you can use this, which will protect yourself against CounterMail themselves being able to access your message contents. There is a one week free trial, after which you have to upgrade to a premium account, which you can pay for using bitcoins.
  • Tutanota – This user-friendly and secure system can be accessed from mobile apps or popular client software such as Outloook. Keys are generated locally on your own device, and unlike ProtonMail this is done with only a single password, rather than separate passwords for account log in and encryption (don’t worry, they don’t have access to your password). It features end-to-end encryption, and also encrypts your contact list as well as your messages – a thoughtful extra feature. You can create accounts anonymously. They do not collect IP address information and they strip IP information out of headers. It is also open source, so anybody can inspect the source code to make sure it works as stated. You can create a free account with 1 GB storage, and buy premium features such as the Outlook addon and extra storage space using bitcoins.

These Messages Will Self-Destruct in 3…2…1…

You may like to learn how to send self destructing messages just because its kind of cool and makes you feel like James Bond. But it may also be useful in situations where you want to communicate with somebody using a different / insecure email provider.

Cloakmy.org is a fun service which lets you send encrypted messages which auto-destruct as soon as they have been opened. These messages are only visible by somebody that has the correct link, and can optionally be protected by an additional password. The auto-destruct feature means that, once they have been opened, messages are deleted from the site’s servers and only exist in the browser of the person who has opened that message. Because of this, you can be 100% sure that only 1 person can ever receive these messages – if any attacker manages to view them then they will auto-destruct before the rightful recipient get there and you will both know exactly what has happened.

As I explained earlier, private email services will allow you to send messages to users of non-secure services by emailing them a link with an optional password. But what if you have no secure way to share the password? This will probably only appeal to the really paranoid among you but here goes – pick a password for sending messages from your private email to the recipients address and encrypt it in a message on Cloakmy. You can share the password needed to view this Cloakmy message over any insecure channel, because you know that if the person you are communicating with manages to view the message nobody else will be able to. If somebody else gets there first and intercepts the message you will know about it because the message will already have been deleted, but all that will have been revealed will be a throw-away password and you can just make a new one and share it again before sending your real message.

If you’re Even More Paranoid Than That…

Make sure that the microphones are disabled on all of your devices before using any of these services, because its possible for hackers to break your encryption by listening to barely audible sounds from your device’s processor.