Choosing Private & Secure Email | What To Look ForCategory: messaging
A 10 Minute Read
08 Jan 2014
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
I've said it before and I'll say it again, email is one of the most important online services that we use. It is the hub to which most of our online accounts are linked; it is where we receive receipts from purchases; it is where we communicate with others, and so much more. Having your email compromised could result in a huge exposure of personal privacy, including the hijacking of other online accounts, exposure of communication with friends and coworkers, as well as the exposure of online purchases (which includes your name and home address). I'm not going to write an essay as to why securing your email is important. The fact that you are reading this tells me you already care. Instead, I'm going to tell you what to look for when trying to choose a secure email service. I'll tackle this tutorial in twelve sections. Each section will outline an aspect of email that you should consider and investigate before signing up. Don't expect to find an email service that excels in all of these categories. Some, however, are far better than others, as you'll see. I should also note that these sections are in no particular order. So go grab a coffee, this tutorial's going to be a long one.
This may be the biggest hurdle to getting people off of GMail. It has become an expectation that email should be free. However, depending on how secure you want your email, you may have to set this expectation aside. Generally, if you're not paying for something, then you're what's being paid for. Free email services like GMail and Yahoo make their money from advertising. Advertisers are paying them to run an email service so that advertisements can be given to you based on what the email service knows about you. So instead of paying them with money, you're instead paying them with data and attention.
Private email services don't exactly have this option (otherwise they wouldn't be very private), so expect to throw down some money for private email. The cost of private email is usually around $50-$100 per year, or $4-$10 per month. Some people find that paying $100 dollars a year for email is absurd, however this once again comes down to our expectation of email being free. $8 per month is the cost of a Subway sandwich, which is hardly expensive. So take the padlock off your coin purse and throw down some change, otherwise you're most likely the commodity.
Note: if you find an email service that claims to be secure, and is also free, then try to find out how they're making their money. Some services, such as RiseUp or Autistici are free and operate as a sort of charitable service, running off donations. Others will make their money by selling your data. It's important that you investigate these services to find their revenue stream.
So we've established that some email services require you to pay. The next question is, how do you pay? While many of us will be fine with paying with a credit-card, if you really want privacy you're going to want to look for an email service that accepts Bitcoin. If you don't know what Bitcoin is, take a look at this video. Essentially, Bitcoin lets you pay for your email without it automatically attaching a name or address to your account, and without having your credit card company know about your purchase. It should be noted that Bitcoin is NOT anonymous, but relative to credit cards it is preferable when you are concerned about privacy . Again, whether this is important to you depends on your priorities. If you want private email that can't be traced back to you, then Bitcoin is a must. If you want private email that is hard to hack and doesn't sell your data to corporations then it's less of a priority.
Whenever you find an email service that you like, go check out its history. Some email services have a history of handing over customer data to certain agencies. The ol' punching bag for this is Hushmail. Hushmail is an email provider that focuses on privacy and security. Their main marketing strategy was to tell users that their email was encrypted on the client side (meaning that it was encrypted before ever leaving the user's computer), making it impossible for even Hushmail to read users' data. However, after receiving a court order, Hushmail hacked into three of its users' accounts and handed over 12 CDs worth of plain text emails to the feds.
Law abiding citizens may not care about this, and simply exclaim that they're not doing anything illegal so a court order would never be filed against them. The recent Lavabit fiasco should change peoples' minds. In this example, the FBI ordered Lavabit to not only hand over the emails of the person being investigated (Edward Snowden), but also the encryption keys which would render all 400,000 Lavabit users' emails vulnerable, meaning that even innocent users' privacy would be invaded. Furthermore, the FBI forced Lavabit not to talk about it to anyone, otherwise Lavabit's founder would face jail time. Fortunately, Lavabit chose to shut down completely instead of comply.
So what should we take away from this? All email services have had to cooperate with a government court order at some point. The important part is to read up on their history and make a judgment as to whether you feel their cooperation was reasonable or unreasonable. For example, did they hand over data only after warrants were filed on drug dealers, or did they hand over data on the drug dealer and everyone they ever had contact with? Questions like these must be answered for an email service to be considered secure.
While most services will encrypt your connection using SSL/TLS between you and the mail server, not all of them encrypt the messages on the servers themselves. Encryption of email servers (where the mail is stored) protects against two parties: the people who run the server, and anyone who attempts to steal the server. The first party is generally straight forward: it limits the pool of 'bad apple' employees who run the email service from looking at users' emails (note: whoever has the keys can still read the messages).
The second party is a bit more broad. While we may often think of this as protection against thieves who steal the physical server, it also protects against government agencies who overstep their limits when seizing information. There are two examples of this which come to mind. The first examplehappened when the FBI physically seized a RiseUp server to try and find specific people who were issuing bomb threats. Of course, the FBI overreached by accessing the data of all the users of the server. Think of it like the police getting a warrant to search the houses of an entire city block instead of searching the house of one person in that block. The second example is similar, and happened to (once again) Lavabit. You've already heard the story in the History section, the important part in this context is that the FBI faced a hurdle when attempting to get information on Edward Snowden because Lavabit's servers were encrypted. Many services (including ones considered to be quite secure) do not encrypt the messages on their servers, so this may be a factor which you have to compromise in order to find a service which fits your other needs.
Location, location, location. These days the location of both the servers and the offices of an email provider is fundamentally important. In the post-Snowden era we can essentially rule out any email service which is based in Canada, the US, the UK, New Zealand, or Australia. These countries either monitor much of the internet at an infrastructure level (ie. they monitor the fiber optic hubs of the internet), or share large amounts of data between each-other.
It is important to know whether your activities are logged for 1 day or for 1 year. Most servers of any type do store log information, such as a user's IP address, as well as the time they accessed the server. This is for both business analytical use as well as to defend against acts such as (D)DOS. Of course, logging IP addresses essentially equates to logging the user's location. Moreover, using webmail can also lead to logging of the user's browser information, including browser type and fingerprint. These are revealing pieces of data that, if you are sensitive about your privacy, you should want to minimize. So look for an email service which does minimal logging and has a short log duration.
Email aliases are separate email addresses that automatically forward to your main address. For example, if my email address is firstname.lastname@example.org, an alias might be email@example.com, which would automatically forward all incoming mail to firstname.lastname@example.org. The reason that these are important is that they help to limit the extent to which you can be tracked on the web. If an email service gives you a lot of email aliases, then when you sign up for an account, or are forced to enter an email address into a form, then you can use an alias instead of your main address. This means that all your accounts won't be linked together by the same email address. The added benefit is that if someone tries to hack one of your email aliases, they won't also be hacking into all your other email addresses. Consider it security by isolation, or not holding all your eggs in one basket. Personally, I find this factor to be a must. That being said, there are services out there which let you achieve a similar end, such as Mailinator. I find aliases to be the preferable option myself.
8. IP Stripping
Every time you send an email your IP address is embedded into the email, meaning that if you want to send an anonymous email your efforts will be futile. Because of this, check to see whether an email service automatically strips your IP address out of the email headers. This is fairly simple, yet extremely important.
9. Personal Domain
This point isn't necessarily as much about privacy as it is about ease of switching between email providers. Having your own domain (for example, my email domain is thetinhat.com) means that you can switch email services without having to give everyone you know your new email address. Domains usually cost around $10 per year, and allow you to have a customized email address (so you can drop the @gmail.com and have something that's your own). I personally got a lesson in this after my email service shut down, forcing me to create a new address and redirect all my accounts and all my contacts to it. If, however, I had my own domain, I could have just moved the domain to a different email provider and been done with it. It is important to note that not all email services let you have your own domain. In fact, many force you to use their domain. Therefore, if you choose to buy a domain, make sure that the email service that you sign up for allows you to use your own.
10. SSL Rating
SSL is the encrypted network protocol that sends your emails to and from the server. The problem is that not all SSL certificates are created equal. Qualys SSL Lab's ratings asses how strong SSL certificates are. Weak SSL certificates make for easy connections to crack and hack. Strong SSL certificates, on the other hand, provide far greater protection of your data. This page provides a Qualys SSL rating breakdown of many 'secure' email providers.
12. The Bits and Bobs
Of course there are more than twelve factors to look for in an email service. The ones listed above, to me, are the largest ones. But there are some other things to look for that don't necessarily warrant a full section. For example, some email services don't provide much storage, so definitely check to see whether it will be enough for you. Also, some services offer dual factor authentication, such as the need for a specific USB stick to be plugged in to log in, or for a number to be read from your smart-phone. This makes it significantly more difficult, if not impossible, for your email to be hacked. Services such as RiseUp and Autistici require an approval process, where the user has to apply and outline their intent in order to use the service. Advertisements can be another detractor from an email service. If every time you go to your webmail you are smacked in the face by forty advertisements, then it may not be the service for you. Lastly, if you plan on using IMAP or POP then make sure that the service you pick supports it.
Where Do I Find This Information?
Hopefully this helps. If you noticed that I missed anything that you feel is incredibly important, shoot me an email. If you want to know which email provider I recommend, well, it’s Countermail (Update: my new favourite mail provider is Tutanota). Of course my word isn’t sacrosanct, so do some research! My needs are different from yours. You may find one that is even better!