A Practical Guide to Email Privacy

email privacySending unencrypted email has been compared to sending a post card – anyone can read it. That works fine for some types of messages: “Having a fine time. Wish you were here.”

Other messages can have consequences and require more discretion: “I believe congressman Cunning is taking kick backs from Halitosis Corporation. Can you investigate?”

Our goal is to examine the requirements for various levels of communication security and the tools, methods and services available to meet them.

There can be many reasons of a romantic, financial or political nature that require communications be kept private. Read Phil Zimmermann’s “Why I Wrote PGP” for more reasons to protect your privacy.

Not All Secrets Are Equal

Some secrets, if revealed, would cause minor inconvenience or embarrassment.

Your wife uncovered your plans for her surprise birthday party, there would be no serious repercussions.

With others, a different level of discretion is required.

You are required to supply your bank account details.  Having a thief obtain this information can cause much pain.

Two Types of Email Security

There are two types of security related to email:

  1. Security of the Message: If you need to use email to discuss a legal case with your lawyer, you want to ensure that no one else can listen in. You may be concerned that the email might be read by someone at your office or his, or maybe even someone in the middle is monitoring your mail. For this type of security, strong encryption is the answer. Encrypted email is relatively easy to implement. You can use Thunderbird which now has integrated OpenPGP support. You can then exchange keys with those with whom you share sensitive communications.  Encrypted email can also be cryptographically signed. This ensures the recipient that it came from the person it claims it came from and that it has not been tampered with along the way.  A secure email service such as Sub Rosa can also add significantly to your email privacy.
  2. Security of the Sender: If you need to send a message, such as an anonymous tip to law enforcement or, someone in you office, you need anonymous email. The goal is to protect your identity from the receiver and any intermediary that might be monitoring email.  In this case you need anonymous email. See our products page for a partial listing of free and commercial services or, use our free NoName mixmaster interface.

Further Reading

This website will try to provide all you need to know about the practical aspects of communications security or point you to other internet resources.

The Electronic Frontier Foundation (EFF) has an excellent page on Surveillance Self-Defense.

Also see: www.privacytools.io – encryption against global mass surveillance

Proprivacy has a fun tool for ruining your Google search history.

Another great resource is: restoreprivacy.com

Mailfence has produced an excellent email security awareness course.

Read about the 5-9-14 eyes surveillance programs.

For our US readers: The Best and Worst States in America for Online Privacy