In a comment about secure email on a recent post Chet asked, “I have a few email accounts, however I don’t think much of their security. Is there anywhere you would suggest getting email that won’t read it, track you, or send your info to the government? I’m not sure if you already addressed this, but I am looking for better email.”
That’s a great question Chet, thanks for asking.
Essentially, you’re asking three distinct questions.
- Is there a way to keep 3rd parties from reading your email?
- Can I avoid tracking?
- Is there a way to keep your information out of the hands of the government?
So let’s take these one at a time.
Is there a way to keep 3rd parties from reading your email?
The good news is that the answer is yes. The bad news is that you’re going to have a hard time making it work.
It’s not really all that complicated. You simply download something called PGP (Pretty Good Privacy) and install it on your mail client. Most mail clients have addons that will make this relatively simple. You just install the addon, put in a passphrase, and you are provided with a public key that you can share with anyone in the world. They then use your public key to encrypt any message to you, and you use theirs to send encrypted messages to them.
The private key is a unique way that the message is decrypted. This private key is stored on your device and requires your passphrase to utilize it. This creates a fantastic end-to-end encryption.
Different mail clients have different addons, so you’ll need to find one that works with your email client (Mac Mail, Windows Mail Client, MS Outlook, etc.) and follow their instructions.
Now for the bad part…
I’ve had PGP integrated with my mail client for years and published my public key everywhere. I have never received a single encrypted email.
The problem is that, unless you’re actually worried about security, this just seems like too much work. Nobody else seems to ever want to go through the effort. So unless you are sending messages only to your other three tech buddies who are also concerned about privacy, this won’t really help you. It’s the perfect solution if everyone else would do it too.
A possible solution
ProtonMail may be a solution for you. It has the option to encrypt or not encrypt any email sent out. The information is stored encrypted on the server (which we’ll bring up later) or sent directly to the user, depending on whether you want to have it delivered encrypted or not. The user won’t have to do anything to keep your message encrypted other than use the password you get to them via some other means. You can call them with it, or send them a text. You just wouldn’t want to send them an email with the code to decrypting your emails.
This is a good option when you’re sending emails to people you personally know. It still doesn’t fix the solution of dealing with some contacts, but it’s about a 90% solution for most people. The one drawback is that you will not be able to use your mail client of choice.
Here’s a lengthy video of ProtonMail. If you’re just interested in using an email address like myname@protonmail.com, then you only need the free version and only need to watch the first half of the video.
Can I avoid tracking?
So now that you’ve figured out your preferred method of encrypting your email, you want to look at the tracking problem. There’s generally two forms of tracking when we talk about technology. There’s traffic tracking and physical tracking.
Traffic tracking simply records your movements online. Not navigating the web while signed into any services will avoid this. But that’s not much of an issue when we’re discussing emails.
Physical tracking is knowing your location by tracking your IP address. Depending on whether or not there is a dedicated IP address where you are, this tracking can get very specific. A lot of information can be gained this way and it is worth looking at how you can avoid it.
One solution is to use a VPN (Virtual Private Network). These come in different shapes and forms and can also have different names. The one we use and recommend is TunnelBear. TunnelBear has a free option that should cover the average email usage. They securely “tunnel” you through to one of their computers somewhere around the world where any action you take will come from their IP address. Another similar option would be to use the TOR browser, which does the same thing. TOR is completely free, but a bit slow. This probably isn’t an issue if you’re just sending basic emails though.
This option has the same drawback of having to use a web based email client. What I mean by that is that you still have to go to Gmail.com or ProtonMail in your browser instead of setting it up to just pop up on your phone or computer.
Is there a way to keep your information out of the hands of the government?
This really breaks down into three categories itself:
- Legal
- Encryption
- Existence
Legal aspects to secure email
Storing your email in another country can really impact the government’s ability to gain access to your emails. ProtonMail stores their customer’s data in Switzerland to provide the most privacy from a legal standpoint. While Switzerland has recently passed off banking information to the IRS, it still has one of the better reputations for keeping secrets. We can’t guarantee that they won’t bend with enough pressure from the U.S., but it is better than having your information in the U.S. where there are far fewer barriers to access. Storing your data outside of the U.S. simply creates one more hurdle the government has to overcome before being able to get to your data.
Storage encryption
As I explained earlier, ProtonMail stores your files encrypted. A lot of services will do this today. This means that even if the government breaks in and gets your data, they would have to decrypt it manually. While this is possible, force decrypting data takes a lot of resources. Processing all of this data would drain the government’s tech resources for only a handful of email accounts.
Existence on the server
Another solution is to simply remove your information from the server. Most mail applications will give you the option to download the email and remove it from the server. This is a simple drag and drop option in Mac Mail that you may never have considered. The drawback is that you will no longer be able to access the email from across your multiple devices. But if you’re serious about keeping your information out of the hands of the government, it is a great option.
Conclusion
Any or all of these solutions should provide you with increased security. This should also provide you with enough information to determine what your particular concerns are and dig deeper if you want to know more. Information security is a difficult topic and can become very complicated quickly.
The best place to dig deeper into security is the Dark Net. The Dark Net is an unmonitored section of the Internet, accessed through special browsers. Despite the media’s insistence that it is only for drug dealing and criminal activity, it is commonly used by the press to send information out of oppressive countries, research institutes to keep their research private until published, and Christian churches in the Middle East who need to keep their communications away from Islamic States.
There you can find many forums and websites dedicated to open discussion about secure email as well as many other IT security related topics. But be careful what you click. If I get enough interest in the comments below, I’ll look at doing another post on navigating the dark web and using the TOR browser.
Update
Due to the responses in the comments, I’ve written an introductory post to TOR and the Darknet.
This is a subject I’m very interested in right now. I’ve been trying to find information like this but have run into problems. I can’t find anyone locally who can answer my questions, or who even seems to understand what I’m asking. So thank you very much for this information, and I would also be very interested in reading the follow-up article you mention. It would be helpful to know how to gain access to the people who really know what they’re talking about when it comes to security and privacy.
Hey Julie,
If you have any questions, feel free to send them this way. I addressed this topic because someone asked in the comments on another post. So don’t hesitate to ask. Your feedback gives us ideas to write about and I’ll do my best to get you the right answers or find someone who can. I’ll start working on an article on the dark net. Just going to need some time to do it right.
Best,
Jason Crawford
Hey Julie,
The follow-up article on TOR is listed as in the Update section above. Be careful, but have fun.
I’d like to see more on using dark net & tor.
Thanks for the feedback Matt. Obviously this is something people want to see, so I’m on it.
Hey Matt,
You can find the link to the article in the update section above. Best of luck!
Jason, I’m super excited to see other people adding content. I have worked in the IT security field and everything you said above is true. Thank you for the advice and I look forward to more articles in the future.
For email I have used Startmail, based in the Netherlands, for several years, and have found it to be satisfactory. Startpage is also a great anonymous search engine. For VPN I use Cryptohippie, based in Panama.
I would be very interested in more info regarding the dark web.
Hey Dan,
There are a lot of great tools out there and it’s great for people to compare options. I’ve never used the ones you referenced, so I’ll take a look.
Thanks!
I would be interested in an article dedicated to The Dark Net.
Happy to oblige, sir. Keep an eye out as it may take a couple weeks to get a quality article written on the matter. Lots of Is to dot and Ts to cross when writing on a subject like the dark net.
Hey Mark,
I’ve finally written the article and it is listed in the updates above.
I wouldn’t mind learning more about Dark Net too. Thanks for all you’re doing.
Somebody above mentioned Start Mail. It is the one that Katherine Albrecht is affiliated with. If you are not familiar with her you should investigate. She is a long standing advocate for personal privacy.
Hey Ed,
It’s another good one to look into. Unfortunately, listing every option available would require a book rather than a blog post. But we’re happy to have them in the comments.
JASON,
I was glad to see this article and I can tell you that there are a ton of options for securely browsing the net, securing email, etc. Some links you might be interested can be found here:
https://freedom.press/people/micah-lee/ —-you might have seen this name before but he was actually the first initial contact that Edward Snowden used and had some great articles on security and they are actually pretty basic to follow.
https://tails.boum.org/ —-This link will help with security as well. It’s basically a disk or bootable thumbdrive that will allow you to leave no trace of any sites that you visit. I have used it alot in the past and consider it a personal favorite when searching the Dark Web.
https://www.startpage.com/ —-This link is actually a search engine that allows a lot of privacy if you are interested in staying anonymous on the net.
I have a ton of other stuff that I could share but these links are really good starting points for the beginner. Once you get really serious about it, learn to Google Fu (Johnny Long) and you can learn more then you every imagined.
Hey Barth,
I almost included tails in this article. I chose not to because (1) it probably deserves its own post, and (2) because it really requires you to go out of your way and isn’t really practical for every day emails. If you’re using tails from home, you’re defeating the purpose. But it is an awesome tool and may get its own post here soon.
Your other points are good as well. Thanks for sharing them!
Im definitely interested in more info on the dark web.
Hey Ben,
I’ve written an intro post on using the dark web and include a link in the updates.
Nice article Jason with clear and actionable advice. Hope it’s okay to highlight a community I am active in called Security Without Borders. https://www.securitywithoutborders.org
It’s a bunch of cyber security professionals who volunteer with assisting journalists, human rights defenders, and non-profit organizations with cyber security issues.
If you use Gmail, Yahoo, AOL or anything like that your mail is read by at least a computer.
Privacy is not easy, but neither is it difficult.
II hide in plain site and have been studying the art of self-preservation. LOL
If anyone sends a secure email to anyone with an unsecured email; you have defeated all of your efforts.
I also use prontomail.