4 Tools to Keep Your Email Completely Private

What’s the worst that could happen if someone gains access to your email account?

You may think not much — maybe a few spam emails will be sent from your account, but once you change your password, it’ll be over, right?

Actually, your email account is probably the worst online account that can be hacked. Once someone gains access to your email account, it’s an easy enough process to use your email to reset your passwords to any other account on the web, from social media profiles to bank accounts.

And hackers and thieves aren’t the only ones trying to break into your personal messages.

In 1986, the US government passed the Electronic Communications Privacy Act. Among other things, it defined email stored on a server for more than 180 days “abandoned.” Thus, all law enforcement agencies had to do to access it was provide a written statement saying that it was necessary for an investigation. This was before most people had ever heard of email. And this is still the law three decades later.

But this may change. In late April 2016, the House of Representatives voted 419-0 for the Email Privacy Act, which would require that the government get a warrant before accessing Americans’ email. But even if it becomes law, there are still many other concerns.

If you’ve ever read your personal email at work (And let’s be honest, who hasn’t?) chances are your employer could be snooping around in your inbox right along with you. Do you really want to risk your boss finding out about your new job search, your medical history, or your opinions of their management style?

Your email provider may also access your emails under certain circumstances and share them with authorities.

Having a strong unique password is an important first step, but it may not be enough to keep your email completely safe from spying.

If you’re serious about keeping your private communications safe, check out the four email privacy tools we’ve profiled below. They’ll help you to secure your email using features like encryption, anonymity, auto self-destruction, and more. Some of them will work with your existing email accounts, while others will require the setup of a new email address.

No matter which tool you choose, you’ll be ahead of the crowd when it comes to email privacy.

Protect Your Email Privacy With These 4 Tools

Your email is under assault. These attacks span a wide range of activities: Google trying to figure out what ads to send you, your boss checking to see if you are looking for another job, or even the government suspecting you of leaking documents to a reporter. But there are easy ways that you can protect your privacy.

Email Snoopers

• Who could be reading your emails?
  • Thieves
  • Hackers
  • Governments
  • Employers
  • Corporations
• Why care that your emails are at risk?
  • Government surveillance
  • Identity theft
  • Hacked email account
  • Corporate consumer tracking
  • Privacy
• What could they be looking for?
  • Bank statements
  • Credit card numbers
  • Medical histories
  • Job offers
  • Contracts
  • Work products
  • Contacts

Protect Your Privacy

• Basics
  • Strong passwords, changed frequently
  • Avoid emailing sensitive information
• Encryption
  • Garbles data to make it unreadable until it reaches the intended recipient
  • Requires a decryption key
  • Simple browser plug-ins and other services can encrypt your emails

ProtonMail

• Founded by:
  • Jason Stockman
  • Wei Sun
  • Andy Yen
• Founded in:
  • 2013
• Cost:
  • Free
    • Free accounts come with 500MB of storage
    • Paid accounts are $5 per month and come with 1GB of storage
• Recipient has to have an account?
  • No
    • If a ProtonMail (PM) user wishes to send an encrypted message to a non-PM user, they:
      • Establish a password that will decrypt the message
      • Communicate this password to the recipient
    • The recipient receives a link to the PM website where they enter the password which decrypts the message
• Notable features:
  • The service is easy to use
    • It does not require installation
  • The company and its servers are based in Switzerland
    • Under Swiss law, they cannot be legally compelled to create a backdoor in their program that would allow access to any government authority
  • ProtonMail does not have access to:
    • Decrypted data
    • Decryption passwords
      • This means that even if they were ordered to hand over customer information, they could only give encrypted messages
  • All PM messages are stored and transmitted while encrypted
  • User accounts are anonymous
    • Personal details are not required for an account
    • PM does not store user activity
    • PM does not save metadata
    • There is no way to scan messages to deliver ads (like Gmail does)
  • Messages can be set to self-destruct
    • This includes messages sent to non-PM users
  • All cryptography used is open source
• Things to keep in mind:
  • ProtonMail servers often reach capacity
    • The service will not be open to any more users until the servers can accommodate them
  • If a user forgets their password, ProtonMail cannot restore it for them
    • The user has two options at that point:
      • Create a new account
      • Reset the account (which will delete all stored emails)
  • The username is just the email address
    • This cannot be changed
  • ProtonMail raised over $500,000 on Indiegogo to start the service
    • PayPal froze the company’s funds around $275,000
    • A PayPal representative reportedly questioned:
      • Whether ProtonMail was legal
      • Whether ProtonMail had government permission to encrypt emails
        • PayPal eventually unfroze ProtonMail’s account, claiming that a technical problem was the cause of it being frozen

Mailvelope

• Founded by:
  • Thomas Oberndörfer (project lead) and others
• Founded in:
  • 2012
• Cost:
  • Free
    • Anyone can donate USD, EUR, or Bitcoins to help keep the project going
• Recipient has to have an account?
  • No
    • However, to send an encrypted email to a recipient, the user must have the public key of the recipient
      • Mailvelope operates using private-public key cryptography where:
        • A sender encrypts a message to a recipient by using the recipient’s public encryption key
        • The recipient uses their private encryption key to decrypt the message
• Notable features:
  • Open source cryptography
  • Conducts security audits through third party companies like Cure53
  • Installs easily as a browser extension for Mozilla or Chrome
  • Works with pre-existing email services, such as:
    • Yahoo! mail
    • Gmail
    • GMX
    • Outlook
  • A three-digit security token (along with a color) is randomly generated when installing Mailvelope
    • If the token is incorrect (either the digits or colors), the users know that the service is not currently safe
• Things to keep in mind:
  • There is no way to recover a lost password
  • No way to check emails on a third-party computer
  • Users must remember to write their messages in a separate pop-up window before encrypting them
    • This keeps the email provider from having access to the clear text of the message

Mailpile

• Founded by:
  • Bjarni Einarsson
  • Brennan Novak
  • Smári McCarthy
• Founded in:
  • 2013
• Cost:
  • Free
• Recipient has to have an account?
  • No
    • However, to send an encrypted email to a recipient, the user must have the public key of the recipient
      • Mailpile operates using private-public key cryptography
• Notable features:
  • Available on:
    • Mac OS X
    • Linux
    • Windows
  • Users download Mailpile onto their own computer
    • Mailpile functions as an email client, not an email server
      • Email clients allow users to read, write, and send emails
      • Email servers receive emails from email clients and transmit them to other users
        • Servers typically list users and store emails
    • This keeps email information on the user’s computer
    • This also means Mailpile is decentralized, which makes the service more difficult to take down
  • Users can use Mailpile with existing email servers (like Gmail, Yahoo! mail, etc.)
    • Their email information would be stored on those email servers, but in encrypted form
  • Users can search through their emails, just as they would with a regular email service
  • Mailpile is open source code
  • Allows users to store their emails:
    • On a USB
    • In the cloud
    • On their computer
• Things to keep in mind:
  • Users need to have a computer or server running Mailpile in order to check their emails
  • Mailpile does not issue email addresses
    • The service requires an email server to send emails (like Yahoo! or Gmail)

Tutanota

• Founded by:
  • Matthias Pfau
  • Arne Möhle
• Founded in:
  • 2011
• Cost:
  • Free with 1GB of storage
    • Tutanota plans to implement special features for paid premium accounts
  • The Outlook add-on costs 9.90€ per month
• Recipient has to have an account?
  • No
    • If a Tutanota user wishes to send an encrypted message to a non-Tutanota user, they:
      • Establish a password that will decrypt the message
      • Communicate this password to the recipient
    • The recipient receives a link to the Tutanota website where they enter the password which decrypts the message
• Notable features:
  • Tutanota and its servers are located in Germany
  • Also available as an app on Android and Apple
    • When Tutanota submitted their app to the Apple store, they were also required by law to notify the NSA of their app’s existence, but the app does not need the agency’s approval
  • Code is open source
  • Unlike many other secure email services, Tutanota also encrypts:
    • Email subject lines
    • Email attachments
  • All emails feature end-to-end encryption
    • This means emails are encrypted from the time senders send them to the time recipients receive them
  • Does not need to be installed
    • This makes the service as easy to use as Gmail, Yahoo! mail, etc.
• Things to keep in mind:
  • User must use “tutanota.de” email addresses
    • Tutanota is working on adding other domains
    • Users can pay to use their own domain names
  • Does not have a way to recover lost passwords

Honorable Mention

• Kolab Now
  • Founded:
    • 2010
  • Located:
    • Zürich, Switzerland
  • Kolab Now is an open source web-based email service that provides user privacy
  • It is a groupware application – specially geared toward allowing organizations to collaborate securely

Technology Helps, but Is No Savior

• Any data sent over the internet is still vulnerable to some degree
• Take what precautions you can
  • Be wary of what you send
  • Be vigilant in tracking your data
  • Secure your data as much as possible

Many people around the world have been concerned by the latest reports of government snooping into our private communications, especially email. Luckily, you don’t have to be a security expert to maintain your privacy. The services we’ve listed above give the average citizen access to cryptographically secure email.

Sources: theguardian.com, protonmail.ch, forbes.com, techcrunch.com, indiegogo.com, zdnet.com, security.stackexchange.com, mailvelope.com, mailpile.is, arstechnica.com, crunchbase.com, vicomsoft.com, techspot.com, lavaboom.com, networkworld.com, pcworld.com, techspot.com, tutanota.com, gigaom.com, tutanota.de, news.softpedia.com, howtogeek.com, lifehacker.com

Sources

• Secrets, lies and Snowden’s email: why I was forced to shut down Lavabit
• Why No One Uses Encrypted Email Messages
• How to Encrypt Your Email and Keep Your Conversations Private
• ProtonMail
• ProtonMail: Increase my storage space
• The Only Email System The NSA Can’t Access
• ProtonMail FAQ
• ProtonMail Is A Swiss Secure Mail Provider That Won’t Give You Up To The NSA
• ProtonMail | Indiegogo
• Request an invite for a free ProtonMail account.
• PayPal freezes out ProtonMail, asks if startup has ‘government permission’ to encrypt email
• ProtonMail Security Features
• How are ProtonMail keys distributed?
• Mailvelope
• Mailvelope Blog
• Mailvelope FAQ
• About Mailvelope
• Mailvelope Documentation
• Mailpile
• Mailpile enters beta — It’s like Gmail, but you run it on your own computer
• Mailpile on Crunchbase
• Mailpile FAQ
• Secure Email and Cloud Alternatives to Gmail and Dropbox
• LavaBoom About
• Lavaboom on Crunchbase
• Lavaboom Tech Info
• Lavaboom builds encrypted webmail service to resist snooping
• Tutanota
• Tutanota releases iOS encrypted email app after notifying NSA
• Interview: Tutanota CEO on Security, Encryption and the NSA
• 10 Secure Gmail Alternatives
• Kolab Now | Wikipedia