The Tin Hat

In Defense of Browser-Based Email Encryption

03 August 2015
A 4 Minute Read

Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!

‘Why would I ever use browser-based email encryption?’

This statement summarizes a position I held for quite some time. The idea that anyone would trust their private communications to browser-based encryption seemed ridiculous, especially when we consider what happened to Hushmail users. I’m not alone in this either, as I’ve seen a number of comments posted online preaching the pitfalls of browser-based email, listing 95 theses on why everyone should avoid it at all costs. But recently I’ve had quite a change of heart.

For those of you who don’t know exactly what I’m talking about, a number of email providers offer a flavour of icing on the traditional email cake, which is transparent, client-side encryption. Whether it be Protonmail or Tutanota, these services will automatically encrypt messages sent to other users of their service so that neither the email provider nor general snoopers can read them. Moreover, Tutanota and Protonmail even allow you to send encrypted messages to people who don’t use those services. This offers a level of convenience that is far greater than that of traditional GPG implementations.

Of course, this comes at the cost of security. If, for example, one of these service providers theoretically received a court order to wiretap a user, they could provide an altered login page which steals the user’s credentials, after which the provider could decrypt all their messages. Because of this, I’ve believed for a long time that these offer a false sense of security, and I still worry about this to a certain extent. But as some of you will know, I’ve recently switched my personal email to Tutanota, so obviously this position has changed. But why?

First of all, GPG has been around for a very long time, and yet to this day it remains largely unused. What does this tell us? It tells us that GPG is a failure for the average user. While not as rock-solid as GPG, Protonmail and Tutanota undeniably make the process incredibly simple, to the point where one could feasibly have an encrypted conversation with their grandmother. This brings strong encryption to the masses.

Second, the false sense of security that browser-based email encryption provides may not be as much of a problem as the myriad of ways GPG can be fubar’d by users. While incredibly powerful, we also can’t deny that GPG is a very complex piece of software that can be hard to grapple. We’ve even seen journalists upload their private GPG key accidentally. With Protonmail and Tutanota there is a lot less latitude for digging your own grave.

Third, using browser-based email encryption doesn’t prevent you from using GPG on top for added security. For emails where encryption counts, GPG over the command line is the most solid, reliable method for encrypting messages. So no matter which email provider you use, you’ll end up having to copy and paste the encrypted text into an email client anyways.

Fourth, these systems offer a benefit that can’t be had with a regular email provider. Specifically, Tutanota will encrypt all the messages it receives and all the messages that you send once they get stored on the mail server with your unique public key. Of course, there’s a limited amount of time that they could most certainly read your email. However, the key word is limited. Consider a situation where Tutanota gets a government order to turn over all their users’ emails, which is exactly what happened to Lavabit. In Lavabit’s case, the operator had the key to the entire castle. With Tutanota’s system, however, keys are left to each individual user. This means that they’d have to offer malicious login pages to each user to be able to decrypt their previous messages. The chances of this being done at scale are almost zero because of the risk that a savvy user would discover what was happening. Therefore, surveillance is made vastly more difficult and targeted, mitigating the widespread surveillance of an entire userbase.

Ultimately, the amount of education required to understand the limits of browser-based email encryption is miniscule when compared to the amount of education required to use GPG securely. Combine this with the fact that the vast majority of people aren’t going to be actively targeted by [insert agency here] and we find that browser-based email encryption can effectively mitigate bulk surveillance for a very large population of people that would never be protected otherwise.

Again, these systems absolutely have limits, and users must understand when their needs outweigh the capabilities of browser-based encryption. When this is the case, GPG will likely remain the staple of email encryption for years to come. However, we can’t deny the benefits of Tutanota and Protonmail. If you’re like I was, then it’s time that we stop denouncing browser based email encryption. Instead, the solution is in the middle. We should absolutely encourage others to use Protonmail or Tutanota, so long as we also teach them when not to.

Edit: The folks over at both Protonmail and Tutanota have informed me that the laws which they operate under (Switzerland and Germany, respectively) preclude court orders which would force them to wiretap users. Take that for what it’s worth. Also, Protonmail uses a standard GPG implementation, meaning that their system will work with standard GPG tools, which is a fairly compelling feature.


For a VPN and cloud hosting, try NordVPN and Digital Ocean.
Show some love by signing up using my affiliate links:
Or support me directly on Patreon

Help Me Out: Share, Follow, & Comment

Latest Posts

What is Device Fingerprinting?

Learn what browser fingerprinting is and how it canb e used to track you online.

How To Torrent Privately & Anonymously For Free

Learn the pros and cons of using a VPN to torrent, as well as how to use I2P to anonymously torrent for free!

VPN Drop Protection Using Simple Linux Firewall Rules

Learn how to protect against your VPN dropping using these simply Linux firewall rules

Ledger Nano S Review | Why You Need a Bitcoin Hardware Wallet

A review of the Ledger Nano S, and an explanation of why hardware wallets just make life better when using Bitcoin

What is Two Factor Authentication (2FA) And Why Use It?

What 2FA is, why you should use it, and why we need FIDO U2F.

Support The Tin Hat on Patreon!

The Tin Hat now has a few more ways to support the site.

What is a hash?

A simple explanation of what hashing is, and how hashes are used.

Trump's Toolbox | Future Attribute Screening Technology

FAST is a program that attempts to wirelessly detect whether youre a terrorist, and its in Trump's back pocket.

uBlock Origin, The Best AdBlock Alternative

For AdBlock (Plus) alternatives, look no further than uBlock Origin. This tutorial explains why, and how, you should use it.

I2P Browser Setup Tutorial | Using The Tor Browser For I2P

Learn how to browse I2P using the Tor Browser with this short guide

Privacy On Android | 2017 Android Privacy Guide

A tutorial on how to build privacy on your Android device. Learn what you need to do to stay safe and secure.

New I2P Portal For TheTinHat

TheTinHat has moved to a new server, with a new I2P hidden service to accompany it.

Rebranding 'The Dark Net'

Disassociating decentralized networks with the term 'darknets'.

In Defense of Browser-Based Email Encryption

Why I've reversed my opinion on Protonmail and Tutanota

Privacy Focused Blog Platform

A rundown of the tools I use to power my blog, hidden services.

A Lighter-weight Firefox

How I've set up a lightweight, yet still private browser.