According to recent PRISM revelations, messages sent via major email providers are screened automatically by intelligence services. In this article, we’ll show you ways to help protect your privacy from this type of monitoring.
When monitoring e-mails, intelligence services (or even criminal hackers) use three types of vulnerabilities on our privacy.
- Like all unencrypted data transfers over the internet, unencrypted emails can also be intercepted and the addresses and contents of the text can be easily read or analyzed
- Anyone with direct access to a provider’s email servers can see personal mailboxes. According to whistleblower Edward Snowden, the NSA even has direct access to encrypted emails stored on Outlook.com
- Using stolen credentials, anyone can access the mailboxes of other users
In addition, email addresses and IP addresses are usually not anonymous. Behind every email address, there is usually an easily identifiable person, even when fake names and abbreviations are used.
Luckily, for all of these technological problems, there are also technicological solutions!
1. Email encryption
Emails usually use plain text, but you can actually send emails which are encrypted, then share the decryption key with the recipient using other channels. This is the safest solution for most vulnerabilities. Independent program packages such as Gpg4win or Symantec Desktop Email Encryption can encrypt messages, often using special email programs (for example, Gpg4win uses Claws Mail). Many of these programs are further developments of encryption software Pretty Good Privacy (PGP), developed in the 1990s.
Gpg4win with Certificate Manager Kleopatra and Claws Mail
Web-based services like Sendinc or Lockbin aren’t quite as safe, but considerably easier to use. With these services, you can send encrypted mails directly via a Web form. The downside? You have to entrust all data to a specific provider.
2. Secure E-Mail provider
Those who distrust services such as Gmail, Yahoo! Mail and Outlook.com can switch to alternative providers. The demise of Lavabit, the service used by NSA whistleblower Edward Snowden, means one less option, but there are alternatives in the mix.
Posteo, a German-based start-up currently working on translating their full services in English, advertise with similar promises of privacy and data protection like those offered by Lavabit, including transmitting all data with SSL encryption and storing it using asymmetrical encryption on their server.
You can register and pay for Posteo anonymously: no connection or inventory data is collected about users, and the servers encrypt all email data, as well as address books and calendars.
3. Disposable email addresses
Another interesting option is to send an email with a so-called ‘disposable email address’. These addresses often have a lifetime of only a few minutes and, in many cases, don’t even require you to log in. You remain anonymous upon request and none of the data will appear in your inbox.
4. E-mail messages with expiration dates
Instead of encryption, another option is deciding on the lifespan of an email. This is also handy for keeping control of email data held by recipients. The idea was first presented by Project Vanish.