This in-depth guide shows you exactly how to encrypt email, while also taking a look at the best encrypted email services.
Despite being one of our oldest methods of online communication, email is still one of the most popular. Untold billions of email messages fly around the world every day, carrying personal and business messages that we depend on, making email a prime target for snoops and spies of all types.
Unfortunately, experience shows that most large email providers do not respect the privacy of your inbox. For example,
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases. (See our guide on the best Gmail alternatives.)
- Advertisers are allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo was also caught scanning emails in real-time for US surveillance agencies.
And the problem runs deeper than the policies of your email provider.
Where your email service is located can have a huge impact on your email privacy. While jurisdictions like Switzerland have laws that protect your online privacy, others (unfortunately including the United States and its Five Eyes friends) have laws in place to erode it.
Leaving aside all the folks who can legally stick their nose into your email communications, there are also the illegal peeping Toms. While email services take steps to protect your messages from outsiders (aside from themselves), these steps are not foolproof.
Data breaches do result in crooks getting their hands on the passwords of email accounts, which can result in identity theft, fraud, and other crimes. Hackers do manage to get access to people’s inboxes. If some creep gets access to your inbox, there is nothing to stop them from reading your email and stealing all that juicy personal information.
As you can see, email security is a big issue today. There are a lot of different ways in which your email privacy can be compromised. In this guide, we’ll talk about various scenarios in more detail, and I’ll show you how to encrypt your email to protect against at least some of these problems.
Why is email encryption important?
Once you see the scope of the problem, we think you’ll agree that you need to encrypt at least some of your emails.
Data breaches – Breaches of the databases at companies large and small expose hundreds of millions, if not billions of records per year. Some unknown number of those records are email messages, stored on mail servers around the world. Bad guys of all stripes target email messages because they can contain valuable information that can be sold or used for fraudulent activities. Financial data, vacation plans, corporate strategies, and personal data are all juicy targets.
Pervasive surveillance – Years ago, Snowden and others revealed the vast scope of surveillance programs (many of at best marginal legality) that are being run around the world. Since then, the problem has only grown, with governments around the world sucking up every bit of email data they can get their hands on. Private companies are in on the act too, who may collect and sell your email content, or use it to target you with heads.
Because most email services store your data on their servers in unencrypted form, you have no real privacy. Hoping that big providers of free email services like Gmail won’t read your messages and use what they find for their own purposes, is foolish in the extreme.
We know that Gmail, for example, reads through every message you send or receive looking for information like airline reservations to add to your calendar. Then there is Smart Reply, an optional feature that reads messages so it can suggest short replies that might be relevant to the content of that message. While features like these can be useful, they can only work if Gmail can read and understand (at least a little bit) your email messages.
How can you protect your email messages?
There are a few approaches you can take to protecting your email messages from being read by the wrong people. The easiest solutions are ones where the email provider makes sure that only the intended recipient can read the messages you send.
Gmail’s Confidential mode
Gmail’s Confidential mode is an example of an approach where the email provider makes sure that only the intended recipient can read messages. Beyond controlling access to the message, Confidential mode restricts what the recipient can do with the message (no forwarding, etc.), and causes the message to be inaccessible after a set amount of time. This sounds good, so let’s keep going with it.
To use Confidential mode, you compose your message normally. When you are ready to send the message, you select Confidential mode. Gmail displays the following dialog box:
This looks promising. For someone to read the message, they will need to enter the passcode. But there are a couple of drawbacks to this approach.
First is that passcode. Note the sentence circled in red, “All passcodes will be generated by Google.” In other words, Google is in control of the code that gives access to the message, not you, and not the recipient.
Second is the fact that selecting Confidential mode doesn’t hide the contents of your message from Google. Confidential mode protects your mail from everyone except Google. It doesn’t create an encrypted email message. It simply prevents someone from seeing the message unless they enter the password.
A solution like this is only useful if you don’t mind your email provider continuing to have access to your email.
If you really want to protect the privacy of your inbox, you can’t rely on solutions like Confidential mode. It is time to talk about email encryption.
About email encryption
Email encryption is a growing market. According to Facts and Factors, the global email encryption market is expected to grow at a compound annual growth rate of 21.4% fro 2021 to 2026. Clearly there is widespread demand for email encryption.
If we start talking about the details of various ciphers and encryption algorithms used in email encryption, we’ll be here for a very long time… and your email may never get encrypted. So we’re going to try to keep this discussion at a high level.
To protect your email against any and all of the attackers we discussed at the top of this article, we need to use something called end-to-end encryption. This is often abbreviated as E2E encryption (or even E2EE).
Why use E2E encryption with email
E2E encryption means that you encrypt something (email in our case) on your computer or mobile device, and the recipient decrypts it on their computer or mobile device. Why is this important?
Think about how an email message gets from you to the recipient. You create the message in some email program. When you hit Send, the message passes out of your computer onto a connection controlled by your Internet Service Provider (ISP). The message then goes to your email provider, who passes it along another connection controlled by some other service, and so on. Eventually, the message arrives in the recipient’s inbox at their email provider. Then it goes through another set of connections controlled by other entities until it ends up on the recipient’s computer to be read.
That’s an awful lot of steps. At any one of those steps it is theoretically possible for someone to try to read your email. E2EE solves this problem. Done right, no one read encrypted messages except the sender and the recipient.
If you encrypt your email before it leaves your device, and the recipient decrypts it once it arrives on their device, no one in the middle will be able to read it.
Since E2E encryption is the way to go, we’ll show you one way you can do it. But first we have to discuss…
The drawbacks of E2E encryption
While E2E encryption is the only way to protect your email from the various threats out there, it does have some real drawbacks, such as:
- It is more complicated than just sending email the old way. You’ll see what we mean in the next section.
- The people who receive encrypted emails need to know what to do with them. This too will become clear shortly.
- The powers that be don’t much like any kind of encryption. For example, the European Parliament is currently considering a bill forcing all email (and other types of messages) to be scanned for possible child abuse.
- Encryption makes it harder for governments and law enforcement to spy on you, corporations to earn money from your personal data, and social media companies to censor you.
How to encrypt email
There are two ways to E2E encrypt email. On the assumption that you are not prepared to change email services right now, we are going to talk about how you can end-to-end email encryption to the bodies of your messages before letting providers like Gmail and company see them.
Recommended: The alternative approach is to switch to a secure email provider that respects your privacy and builds E2E encryption right into their product. For more on this approach, check out our review of the best private and secure email providers.
How email encryption works
The essence of the process is that regular readable text (also called plaintext) gets converted into encrypted text (also known as ciphertext). The “key” to the encryption process is that the algorithms use an encryption key to turn plaintext into ciphertext. Likewise, the decryption algorithm that turns ciphertext back into plaintext depends on a decryption key.
Encrypting an email message turns the body of the message into ciphertext. Some encryption approaches also encrypt additional parts of the message, possibly including the subject line and/or any attachments.
However, certain parts of the email need to remain unencrypted. For example, the email address of the recipient cannot be encrypted if you want the message to actually arrive at its destination!
Other metadata is also readable, one of the key drawbacks of email in general (but we’ll discuss more secure alternatives below).
Symmetric vs asymmetric encryption
There is one more aspect of how encryption works that you need to know about before we can move forward. Remember that we said turning your message into ciphertext requires an encryption key, and turning it back into plaintext requires a decryption key.
The relationship between the encryption key and the decryption key can be either symmetric or asymmetric. In symmetric-key encryption, the encryption key and the decryption key are identical or related by a simple transformation. In effect, the encryption/decryption key pair is a secret shared between the sender and the recipient.
To send a message using symmetric key encryption, the sender encrypts the message using their copy of the secret key and the recipient decrypts it using their copy of the secret key.
In asymmetric-key encryption (more commonly known as public-key encryption) the relationship between the encryption and decryption keys is much more complex. Each person has both a public key and a private key.
The public keys can be shared publicly and are used to convert plaintext to ciphertext. The private keys are kept secret and used to convert ciphertext back into plaintext.
With asymmetric-key encryption, there is no need for a shared secret. Both parties publish their own public keys and keep secret their own private keys.
To send a message using asymmetric key encryption, the sender encrypts the message using the recipient’s public key and the recipient decrypts it using the recipient’s private key.
Pros & cons of encryption methods
As you might expect, each approach has pros and cons.
Symmetric-key encryption is easier to implement, and generally faster to encrypt/decrypt messages, but requires the sender and receiver to somehow agree on an encryption key and share it (securely). This could require a phone call, face-to-face meeting, or some other creative methods.
Asymmetric-key encryption is more complicated, in that it needs some system for discovering the public key of a person you want to communicate with. Certificate Authorities issue digital certificates that certify that a particular public key is owned by a particular person. Certificate Authorities need to be trusted services for this approach to work, but they make it possible to send encrypted messages to someone you have never communicated with before.
Introduction to Mailvelope
There is an encryption solution you can use to add E2E encryption to several webmail services in addition to industry giants like Gmail and Yahoo mail. That solution is Mailvelope, a browser extension for Chrome, Edge, or Firefox. The extension works by adding optional PGP encryption to services that don’t already have it.
The details of using Mailvelope differ for each service, so we won’t give you a “how to” here. Instead, we urge you to visit the Mailvelope website, as well as the support pages of the email service you are considering, to find out if and how Mailvelope works with that service.
What are the best encrypted email services?
As noted above, we think the best solution is to switch to an email provider that offers support for end-to-end encryption. Many email services offer support for various encryption options:
- One of the most popular encryption methods for email is PGP, which stands for Pretty Good Privacy. Support for PGP is built into most secure email providers.
- Some email services rely on a unique encryption method, outside of PGP. One popular example of this is with the email provider Tutanota.
- Email services also allow you to send a link to an encrypted message that can be accessed with a shared password.
If you are open to switching to a secure email service that supports built-in encryption, we’d encourage you to explore our guide on secure and private email services.
Here are the best encrypted email services:
- Tutanota – Based in Germany; free plans; very secure and open source email with full encryption of email inbox, contacts, calendar, and subject lines. (Tutanota does not use PGP due to concerns over PGP limitations and weaknesses.)
- ProtonMail – Based in Switzerland; free plans; secure and open source email that is based on PGP encryption
- Mailbox.org – Secure and private email based in Germany; fully-featured, support for PGP encryption
- Posteo – Privacy-focused email service based in Germany; anonymous payment options; no support for custom domains; strong PGP encryption standards
- Mailfence – Secure email based in Belgium, free plans up to 500 MB, fully-featured with built-in support for PGP encryption
- Runbox – A private email service in Norway, support for PGP encryption
- CounterMail – Based in Sweden, this email offers strong encryption options (based on PGP).
- Kolab Now – A higher-priced email service in Switzerland, Kolab Now has some good encryption options while also being fully-featured.
- StartMail – Based in The Netherlands, StartMail offers built-in PGP encryption support.
We have personally tested (and use) many different encrypted email services. We not only do this just to write reviews; we take data privacy seriously. Below I’m testing out the feature with ProtonMail to send an encrypted message to a person who does not use ProtonMail.
If you are serious about encrypting your email, it would be wise to first start out by switching to a secure email provider. Finding the best encrypted email service is very subjective and all comes down to your own unique needs. Check out our email reviews for an in-depth look at many providers.
What about encrypted email services based in the US?
Did you notice above that none of our recommended encrypted email services are based in the United States?
There’s a reason for this. And that is concerns about privacy and data security. There are many examples of US tech companies being forced to hand over private data to US authorities. This is particularly important with email services. Here are just two examples that we know about:
- Lavabit – Lavabit was a privacy-focused email based in the US that was forced to shut down when the owner refused to give up the encryption keys to government agents.
- Riseup – Another US email service catering to privacy-minded users, Riseup was hit with data requests and was forced to comply.
Here’s a quote describing the Riseup situation, which could affect any US-based email service:
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
Recommendation: Choose an encrypted email service located in a good privacy jurisdiction. If you don’t, your data could be at risk.
Encrypted email alternatives
One of the fundamental problems with email is metadata.
Email is structured in such a way that metadata is very difficult to conceal from third parties. Email headers can reveal a lot of private data. What’s worse, PGP, the most widely-used encryption protocol, does not encrypt subject lines. This exposes further data to third parties and potential adversaries.
Another problem is that most people simply do not want to use an encrypted email service and/or encrypt messages. This isn’t an easy problem to get around — unless you use an alternative to email.
Best alternative: encrypted messaging service
We’d recommend using a good encrypted messaging service if you are really concerned about privacy and data security. Most encrypted messaging services do a very good job encrypting data, collect little (or no) metadata, and offer stronger encryption than most email services.
Some of our favorite options are Signal, Session, WickrMe, and others. Check out the best secure messaging services for more options.
Conclusion on encrypting email in 2022
In this world where the assaults on our privacy grow by the day, it behooves us to take whatever steps we can to defend ourselves. One place you can fight back is in your email inbox. Unless you want a vast number of entities (from Google AIs to foreign spies) reading your email messages and doing who knows what with the information they find there, you need to encrypt your email.
Remember: If you aren’t up for rolling your own end-to-end encryption system, you can move your most important email connections to one of the private email services.
ProtonMail, for example, has a free version that handles E2EE for you and uses a system much like Gmail’s Confidential mode to send private messages to people who don’t use ProtonMail. And if your encrypted messaging needs aren’t too intense, you can get by just fine with the free version of ProtonMail or another one of our recommended encrypted email providers.
This guide on encrypted email was last updated on May 10, 2022.
Sven / Heinrich—what about SecureMyEmail and Preveil? Are they genuinely secure? Any reason not to use one of them instead of switching to Tutanota, ProtonMail, etc.? Thanks!
This is great information for a newbie. I’m looking for secure email for a business that sends out documents to clients regularly along with e-invoicing (I’m sure that’s another “whole kettle of fish” with regards to privacy!)
The problem is, a lot of clients won’t have secure email – and so the business owner – while hoping to minimise the ability to be scammed or hacked, is also worried it might create resistance from clients.
Are there any secure email systems where you can send to clients and the messages won’t self-destruct, but protect the original sender from having their information stolen etc?
Any ideas on how to achieve the main goal of minimising the ability to hack the business owners and employees information and cause drama or dramatic problems?
Considering a VPN and also secure messenger also. The ability to share calendars would be useful. If you have any ideas – that would be great….or you can just tell me we’re dreaming!
This is ONE of the myriad of issues that I’m working on to help the owner in my capacity as admin on a shoestring 🙂
One more remark (or set of remarks, anyway) before I call it a night and go fix supper.
Besides the obvious benefits of privacy, using PGP/GPG can help keep from sending an e-mail to the wrong recipient. After all, you need a public key for the recipient in order to send the e-mail and if you try sending it to the wrong recipient, you aren’t likely to have their key.
For example, if you are sending an e-mail to email@example.com and you accidentally send it to firstname.lastname@example.org, your e-mail client should complain that you don’t have a key for the destination and should refuse to send the e-mail. Of course if email@example.com doesn’t use PGP/GPG, your browser will happily send it to firstname.lastname@example.org.
One thing that I think is at least as important as the encryption and possibly far more important is the digital signatures you can use if you have a PGP/GPG key.
A few years ago, an employee of a public school somewhere between Amarillo and Lubbock, Texas received an e-mail from either the superintendent or a schoolboard member asking for personnel details such as social security number, birth date, …, for all school employees. The employee dutifully replied with all the details asked.
Sure enough, scammers filed tax returns for all the school employees, each of them with a sizable refund. The amount of time and effort it took for the employees to deal with the consequences of that one action was enormous. A CPA down the street from me told me that they can get it straightened out, but it might take a year or more to do so.
If the school had a policy of requiring the e-mails regarding school business to be digitally signed and to check the signature when replying to e-mails and that policy was strongly enforced, then the problem would never have happened. No e-mail signature should raise immediate and very strong concerns and, at the very least, a telephone call to the purported originator of the e-mail verifying the request and the address. But people don’t sign their e-mails and accept e-mails as being legitimate without question.
I’ve pushed for my company to require signing of e-mails but nobody but me does so. I’m thinking of pushing us to go with someone like ProtonMail or Mailfence to host our e-mails for this very reason.
Sure, encrypting e-mails is nice, but as far as I’m concerned, signing e-mails is far more important. Even if that school district had required encryption, it wouldn’t have helped if the scammer had encrypted the e-mail. Encrypted or not, they needed it to be digitally signed to be confident that the request was legitimate. If we can get people to digitally sign their e-mails, we will be ahead.
1) Distribute your public key.
2) Sign your e-mails.
3) When you receive a public key from others, verify it as best you can.
4) Check the e-mails you receive for a signature.
5) If the e-mails aren’t signed and verified with a trusted public key, treat it as being very suspicious.
6) And if you want, encrypt them, too.
Several people have mentioned using a command line to create and use PGP/GPG keys.
This is far from being a tutorial, but may help you get started. The following are being done as I go on an OpenBSD machine (let’s just call it guardian.example.com) from a user billyjerk. (I’m setting up an account just for this and will delete the account when done.)
First, to create an account using GPG:
guardian$ gpg –full-gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
Key is valid for? (0) 33y
Key expires at Mon Jun 28 23:45:56 2055 CDT
Is this correct? (y/N) y
Real name: Billy Jack
Email address: email@example.com
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
[At this point, it will generate the key and ask for the password. ]
gpg: revocation certificate stored as ‘/home/billyjerk/.gnupg/openpgp-revocs.d/4E815BC30AAC04CB59E7BA1E87BF3C4349BADAFD.rev’
public and secret key created and signed.
pub rsa4096 2022-07-07 [SC] [expires: 2055-06-29]
uid Billy Jack
sub rsa4096 2022-07-07 [E] [expires: 2055-06-29]
And, voila, we have a key.
To get the public key:
guardian$ gpg –export –armor firstname.lastname@example.org
—–BEGIN PGP PUBLIC KEY BLOCK—–
—–END PGP PUBLIC KEY BLOCK—–
To encrypt a text file, foo.bar:
guardian$ cat foo.bar | gpg –encrypt –armor -r email@example.com > foo.bar.gpg
To decrypt the file
guardian$ gpg –decrypt –output foo foo.bar.gpg
Note that it will ask for the password before decrypting the file.
To import a public key from the file publickey-abner
guardian$ gpg –import publickey-abner
gpg: key 69334B3B4BFE0DCC: public key “Abner ” imported
gpg: Total number processed: 1
gpg: imported: 1
Then mark it as trusted:
guardian$ gpg –edit-key firstname.lastname@example.org
created: 2022-07-07 expires: 2022-07-14 usage: SC
trust: unknown validity: unknown
created: 2022-07-07 expires: 2022-07-14 usage: E
[ unknown] (1). Abner
Please decide how far you trust this user to correctly verify other users’ keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don’t know or won’t say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
created: 2022-07-07 expires: 2022-07-14 usage: SC
trust: ultimate validity: unknown
created: 2022-07-07 expires: 2022-07-14 usage: E
[ unknown] (1). Abner
And you can list the key with
guardian$ gpg –list-keys email@example.com
pub rsa1024 2022-07-07 [SC] [expires: 2022-07-14]
uid [ultimate] Abner
sub rsa1024 2022-07-07 [E] [expires: 2022-07-14]
If you don’t specify the key to list, it will list all the gpg keys.
I think it’s pretty much the same on Linux and with gpgv2.
By the way, if you use Thunderbird as an e-mail client, it can handle generating the key for you. It makes it real simple, but I think it creates its own password for the secret key. I don’t know what it takes to be able to use the secret key it generates from another client or from a command line.
If you use evolution, you just generate them from the command line as above. Before you can encrypt an e-mail being sent, you need to mark it as trusted with the –edit-key option.
If you use sylpheed, I think it lets you encrypt an e-mail when sending it, but the last time I tried it, it didn’t seem to handle receiving an encrypted e-mail very well.
And there’s pine/alpine. I’ve never tried encrypting and decrypting e-mail with alpine.
By the way, from the command line, you can encrypt a log file and mail it in one command. From OpenBSD and with the username of the destination changed to protect privacy (I think that protonmail requires at least four characters and it isn’t billyjack because that name is taken by someone else so don’t send e-mail to it unless you know him and billyjack is just a nickname I had in the 70s):
billyjack@guardian: cat ~/tmp/tHexDump-220702-113711.log | gpg –encrypt –armor -r firstname.lastname@example.org | mail -s “tHexDump-220702-113711.log” email@example.com
I hope this helps you get started. There are lots of options and the man page is not always crystal clear.
Ok, havent fully read much about emails and all other than using ‘safe’ ,privacy friendly ones. But if using an email encryption like spike mail app or fairemail or even pgp, will that help when using gmail? Well lets say from google.
The complaint made here about GMail is strange. That third parties can read emails is a necessary component of anything that supports third-party apps. Google’s handling of it is actually very good – it grants only specific data to a specific organisation. There are certainly other things to bemoan from Gmail, but this isn’t one of them. Meanwhile, your article on Gmail specifically’s only evidence that there are privacy problems is a pro-Apple tirade. I agree with The Hated One here, Apple isn’t the saviour of privacy it markets itself as.
The services mentioned here generally get around this issue by not supporting third-party apps like Thunderbird. They also generally don’t support third-party email servers negating the advantages email has as a federated means of communication.
| The complaint made here about GMail is strange. That third parties can read emails is a necessary component of anything that supports third-party apps.
If you use an e-mail client, you can send and receive encrypted e-mails and Gmail can’t read them. All they see is the armored encryption, not the text itself.
For the love of God will someone explain how to install GnuPG on Mac OS –“from source code!” I’m simply astounded that this site has absolutely nothing about gnupg and how to use it! If you’re so concerned about “privacy,” at least include gnupg and not a bunch of “software fluff” that can’t be audited and can be hacked!
I know….they say gnupg is hard to learn and use on the command line. But, if you’re in the know, please provide some guidance on its’ installation and use as a free open source tool for privacy. And please!: I’m not interested in any of the pgp software variants like GPG Tools of GPG Suite. These have to be trusted on faith. I don’t trust any of this software designed by someone else! Especially software that isn’t open-source and audited.
Building from source has proven (in all the many cases I have tried) a fool’s errand. GPG themselves say that GPG Tools is the binary build of GPG they recommend for Mac. I’d personally suggest downloading Thunderbird and using its built-in OpenPGP support ( https://www.howtogeek.com/706402/how-to-use-openpgp-encryption-for-emails-in-thunderbird/ ).
But yes, I’m with you on the fact that the solutions suggested here do not provide proper end to end encryption.
Great article; I am learning this stuff on the fly. Any chance you might do a review of Rob Braxman’s suite of products (VPN and now, private email; https://brax.me/). He does a youtube video series about internet privacy…I’ve learned a lot from him.
Privacy and Security Newbie
First thank you for this website! I have learned so much! This is very helpful in explaining things to the average person without a tech degree. I am trying to do the research and then test things out myself for ease of use and then spread this onto my immediate household as well as extended family and friends who don’t have the time to read/research.
Our household now uses surfshark vpn (I really like how our entire household can put all devices with one reasonably priced service). I am not sure how to add that to our home wifi router and I am also afraid if I do, we won’t get access to some sites? Also, I am not sure what a static IP does if that would help with sites that don’t allow VPNs (like OfferUp)
Surfshark also has an antivirus and so does the store BestBuy, do you have any insight on those?
I have changed my browser to Brave but I am wondering if that is a good idea given it’s in US/5 eyes territory? I also get confused on how to select some settings (what the settings allow/restrict and if I can’t get access is it the vpn, the browser and what settings are ok to change)
Same with the search engine of DuckDuckGo or the new Brave beta search engine should I still use given 5 eyes? I have used Qwant and Swisscows but swisscows often times takes forever to load or gets hung up.
Immediate family and some friends are now using Signal which is great but how can you add new contacts without the default phone app? I deleted the phone messaging app without any issues with phone/service implications.
I have also added HereWeGo instead of using Google Maps (this is good but not as good as Maps so it’s harder for me to convince friends and family to convert here).
Over and above those questions, my main question is with email. I created a free ProtonMail and a free Tutanota mail account. I ended up buying a Tutanota basic service because it was reasonably priced and had a lot of good free email service things like a calendar which makes it easier to convert family and friends. Question is since I am concerned about privacy (US is getting tyrannical) and security (bank and identity hackers) what email should I give out for various items? Should I separate them? Tutanota paid service gives me 5 email accounts (4 aliases that link to main email). So for family or friends that have a gmail, yahoo or aol account should I give them one of the Tutanota email addresses or ProtonMail? What about emails for things like leaving a reply here? PayPal? Bank? Amazon? Church? Doctors and Dentists offices? New friend? Credit cards? Stores/online purchases? I am trying to figure the best approach without making things too complicated and without getting hacked or providing too much info. I am also trying to figure out the best approach to give to family and friends (especially those with social media accounts like Pinterest, LinkedIn or Instagram).
Lots of questions here I know! If you can provide links or tips to any of these especially the email question, I would be grateful to you or any who respond.
Privacy and Security Newbie,
You have asked a lot of great questions and I will do my best to answer.
I am not at all able to help flashing SurfShark VPN to a router. I would reach out to them to try and get them to help you out. As far as not able to access other websites, what I find when using my VPN (not SurfShark) I find that if I change my servers within the VPN I will get a server that will access that site. With a static IP, yes, it solves a lot of those issues, but it removes your privacy since you will be the only one using that address. So there is some ups and downs through this.
Brave is my go to browser. While it is a US base, the operations are very private. Can they log anything, yes, in theory, but from what I see they also encrypt their backsides and it is all open source so that adds a few layers of protection.
Open Source: https://github.com/brave/
Privacy Features: https://brave.com/features/
On this same vein, I use the Brave beta. Not only is it helping them but there is some questionable aspects with DDG. They are good but I trust Brave more: https://restoreprivacy.com/private-search-engine/
If you scroll down under DDG you will find the issues that I am referring to. As for SwissCows, I used and loved them but they changed something and now your searches are counted. How do they know? I don’t know but that sent up a red flag to me.
I also used MetaGar and it was ok. But Brave is the best that I have used so far.
I am not sure what you are asking in regard to Signal. I know it was a little strange for me as well but somehow it started working so I may not be of much help here. If you need a contact manager I would suggest Mobile Tools: https://www.simplemobiletools.com/contacts/.
I also use Sessions which has been just excellent for me. It is harder to get people to switch over but I like it more than Signal.
For maps, I cannot help. I use an old fashioned GPS in my window.
Email is the hard one for me. If you look for my comments, I have and was a major supporter of ProtonMail. I used them and am a Visionary level with them. The logging has caused me to look for other services and I am going to go with CTemplar.
I tried, several years ago, to go with Tutanota but I found their service, their support, and their product was really way under par. YMMV but that was my experience. Just remember, Tutanota is 14 eye, and has agreements with the US. Switzerland had an MLAT agreement which at first I was not worried about but again, when logs were requested by France and they did that, I am a little uneasy now about it. I am going with CTemplar because Iceland has none of those things.
Here are the features of CTemplar and I think it is really well rounded: https://ctemplar.com/features/
I have been using five Protonmail emails for different things so separating them, wherever you go is going to be the best practice. That is what I will do when I get to CTemplar. I am not sure if it matters what service you give them an email to, but Switzerland is a lot stronger in privacy than Germany but please note my comment above.
For all of your options mentioned, the same thing goes. Give them the one you want, make one up and then give that, etc. That is all good.
For making replies here, I never use my real email. In fact it is a fake one that I put in. That is perfectly allowed so it works great and this is the only online forum I use.
Looks like some big powers got to CT Templar and they decided to go out on their own sword instead of betray the people and give up their data. They are closing down. What are email service are you using now?
Here is the news to them shutting down:
We covered it in depth here.
For shopping, dentist or newsletters, you can try disposable or forwarding emails like the ones provided by Simple Login and AnonAddy.
Oh I am more of a newb than anyone here and I just learned of simple login this week. I want to look at annonaddy too. SL is free w few days full trial. But you don’t need the full paid if you set up and play with it during trial you can keep any you create during trial.
Plus for times when an email is required and you don’t want to even share an anonymous one you can use websites like 10min mail (just search 10 min mail or similar) to provide an email that you can see any reply to it for 10 mins (to verify via link for example), but self destructs so you don’t have to worry about being spammed to death.
Thank all who contributed to this! It’s very helpful and appreciated!
This may or may not be useful to you.
I’m setting up a completely separate e-mail address to use for corresponding with banks and credit card companies and for notices from them. The idea is that when I receive a message that appears from them, if it is using that e-mail address, I have more confidence that the message is legitimate. If I get the message to my more public e-mail addresses, I will instantly view them with suspicion.
I haven’t decided yet whether to do this on my ProtonMail account or choose some other account. If it is on my ProtonMail account, any e-mail to the banking address will be filtered, tagged, and starred upon receipt. Any e-mail purporting to be from the bank but to my regular address would not be tagged with the bank tag (AmEx, BOA, Citi, …) even if they give every appearance of being genuine and thus easy to pick out. At the very least, this would draw an out-of-band telephone call using the telephone number of the bank (I pretty much personally know everyone at the local bank) or the number on the back of the credit card.
Unless they start digitally signing their messages, that is probably about as far as we can go.
I currently have a separate account on my workstation for on-line banking (so that I can quickly tell which account I’m logged onto, the wallpaper is of the lobby of Gringott’s Bank while the wallpaper on my usual account is generally related to cowboys and the Old West) and am getting ready to move it over to another computer to use pretty much just for that.
McAfee blocked CTemplar for suspicious so I didn’t go to the site. Why might that be?
How would Office365 business/enterprise work into this equation?
I understand it is owned and operated by Microsoft, but I do IT for a lot of companies that have special requirements like FIPS, HIPAA, PCI, SOX, 21 CFR 11, etc… We are allowed to use Microsoft Office365 business plans with exception of defense contractors but Office365 has US Govt Defense plans as well. Thoughts?
Those are behind a secure network that is monitored 24/7. Keystrokes, mouse clicks, nearby devices, etc. You can expect zero privacy, should state that as well. ,
If your web traffic is encrypted with a VPN then wouldn’t this also include your emails? Or is there a way for them to still be intercepted and read?
Not really, because after your traffic exits the VPN server, it goes to the regular (unencrypted) internet. A VPN encrypts internet traffic between two points: your computer/device and the VPN server, before exiting onto the regular (unencrypted) internet. This article is dealing with encrypting the emails themselves, which is a different topic from VPN encryption for internet traffic.
An alternative is https://delta.chat which is a client that simplifies email encryption (cryptographic key exchange) using Autocrypt and displays emails as chat bubbles like a messenger.
To use it, sign in using existing email accounts (Gmail, Yahoo, Outlook, iCloud etc.). Emails are not stored in Delta Chat server as there isn’t one.
There is also COI (Chat over IMAP https://coi.me )
The issue I see then is that Google, Yahoo, Outlook and who knows what else now has access to your messages.
Is it safer?
As a follow up, the list of those who work with Delta is ok. Not the beat but ok.
Maybe it is secure. But these are questions I have.
Delta Chat is the same as using regular email client on computers (e.g. Thunderbird, Office Outlook) and phones (Android Mail, iOS Mail app). You login using existing email accounts.
In addition, Delta Chat displays email as chat bubbles (in IM format) and helps encrypt email with end-to-end encryption meaning only sender and receiver can read the message. Of course, the email provider you signed up for stores the emails but they are encrypted.
Thanks for the info. I guess my question then is how is it encrypted? If the other end isn’t using Delta?
Not sure. I think it’s only end-to-end encrypted between Autocrypt users such as Delta Chat and other apps here https://autocrypt.org/dev-status.html
Nice list. Where I struggle with most of those services (excluding those offering their own app) is the requirement to tinker and usability, e.g. accessing on my iPhone. We need to balance privacy and security against convenience and usability I know, but for me, pgp on an iPhone (for example) while on the go is not convenient and not accessible to many people like me who are not technically minded.
Take mailbox.org as an example, incredible service, contacts, calendars, push emails, great price AND on everyone’s privacy and security email list. But out of the box PGP is not enabled, in fact emails are not even encrypted at rest. You have to go into settings, activate mailguard, create new keys with a new and separate password, copy and paste them into a separate PGP inbox encryption page and even then, only emails that arrive after that moment will be encrypted. You can also generate your own pgp keys but for someone like me that’s a few afternoons of forums, head scratching, questioning myself and why I bother and a leap of faith installing software I’ve never heard of to achieve. All emails that arrive after that will be unreadable on an iPhone (rightly so) unless via a third party app (clunky to read and send, you need to open in the mail app and then share the attachment with an app to read. No idea how to send yet) or a third party service (privacy issues again). I love Mailbox.org because they are an incredible service and I am sure that the standard package is very secure, but when I see it in a list of encrypted email providers I think that the usability piece also needs to be put into context and readers reminded that these services are not necessarily PGP encrypted straight off the bat. You need to tinker first.
In that respect I think when Protonmail and Tutanota catch up feature-wise (still a lot of functionality needed to take on Gmail) they’ll become mainstream. They have their own apps, its only one password to remember and they handle the complex setup and maintenance rigmarole for you. Until all the governments legislate against them of course.
Is there at least one reason why “Mailvelope” is not mentioned in the article?
Good suggestion. I don’t think Heinrich tested it, but we’ll consider it for the next update.
Heinrich has written very good article. Congrats!
In this respect, I also use Mailvelope and find it practical as of PGP encryption tool. May I request for your opinion about the following. In the past, I have read that it is more secure to use Mailvelope with Chromium-based browser because of the ability to create different profiles which stores the Mailvelope keys within the certain profile without possibility to get exposed through an attack while using another profile without Mailvelope installed. Since Firefox also supports different profiles through about: profiles, is it as secure to use Mailvelope in Firefox as it is with Chromium-based browser these days? Many thanks!
Okay, thank you so much for this! Lots to think about. Find it still not easy, though, to decide what to choose to do. If an e-mail service does not encrypt the subject line, I guess one could leave it empty, or use something more generic. – Let’s say with Protonmail one sends an encrypted message to someone who does not use Protonmail, and then, I imagine, it’s stored decrypted on their e-mail service provider’s server or cloud, can’t that provider read it then if they wanted to? If that was the case, then the encryption would only help on the way to the recipient, but not once it’s there?
[On a different topic: Because I’m not on facebook (for good reasons), I’ve looked for a privacy-friendly alternative and read about diaspora*, Friendica, Mastodon, the Fediverse.]
Thank you for helping a ‘not-good-with-technology’ person like me understand things better so I can try to make informed choices!!
No, if I send an encrypted message to someone who is using Gmail, Yahoo, Outlook, or one of the myriad of other services, they will not see my email. What they will see is an email that says an email is waiting for them. A link is then provided.
Once they go to that link, they are directed to (in my case) Protonmail’s server. There, a decript box with a required password is given. They have to have that password. If they do, they then read the email on the Proton server and not Gmail’s. They can respond from there or delete it, etc.
But Google is not in the picture. I believe the same thing works with Tutanota, but I am not sure. If you send to another Proton (or Tutanota) user from your Proton or Tutanota account, the encryption works automatically.
As far as subject lines, you are right. Just leave it blank. That is what I have done a few times.
Hope that helps.
Indeed it works the same with tutanota mate.
Thank you so much for this explanation, J.M.! I would need to figure out how to get the password to them. Sending it in a regular e-mail probably wouldn’t be good, and with hinting in a regular e-mail they might not get it right. [Not for the first time, for several days can’t send regular e-mail to outlook, hotmail etc., they always come back saying ‘too many hops’, and my e-mail service provider has done nothing to fix this that I’m aware of!]
if it’s a regular contact, you’d better give him the password in real life or with a secure messenger app like Signal/etc (or if both impossible, via WhatsApp)
And then you use the same password each time you send an email.
@Joe and @ C
Correct. I would just talk with the in person, mail them a letter with just the one word on a piece of paper and no other details or make the password hint something that you know they will know and nothing else.
@Joe, thanks. I thought that was how Tutanota works but I am, or was, not sure.
If all else fails, a less secure alternative for giving your recipient the decryption password, that is at least better than forgoing encryption altogether is, via the unsecure available channels (like phone call, SMS text message, unencrypted email) split the password into two pieces and send through two different channels, to distribute the risk between the two channels. This is basically the same concept as two-factor authentication. You can indicate in your own way how to combine the parts, most basically by just saying: “1st half” and “2nd half”.
It really doesn’t hurt if other people have the public key unless you have a very weak key. You could send the public key by e-mail. Or you might upload it to https://keys.openpgp.org for them to download. You could even put it on a thung drive and put it in the mail. He could do the same.
And then, before marking the key as trusted, meet to exchange the fingerprints and then check the fingerprint when you get home. Or check them by telephone.
What you really care about is that the key you give him is the key he receives and the key he gives you is the key you receive. It doesn’t really matter if someone else gets a copy of the key or knows the fingerprints — that the public keys are public does not make them insecure. All that matters is that you each got the correct public key from the other.
By the way, my first PGP key was quite a big different. And more than a bit strange. It was in 1992 or 1993. There was a Saturday afternoon gathering (EFF, I think) at a bar in Houston specifically for the purpose of generating PGP keys. There were maybe 20 or 30 people (my memory 30 years later might be a bit off) who were there for the meeting. At the meeting was a law clerk with a laptop and he would generate the PGP keys for us one at a time and put them on a floppy diskette. I got my key but had absolutely no idea what to do with it when I got back to the office. But I had my own PGP key and that was cool enough for me back then.