Truly private email addresses are not as easy to come by as you might think. Hundreds of different services claim to offer their user's enhanced security to protect them from anybody trying to snoop on their communications. Still, many of these services have serious flaws that may put users’ data at risk, while others may be difficult to use correctly. If you do not understand how this all works, there are also many pitfalls and mistakes you could make yourself, potentially compromising your privacy. In this article, we will provide a general introduction to how to use Email like a hacker, which should arm the reader with enough knowledge to ensure their privacy while also providing reviews of some of the best services and software products.
A Beginner’s Introduction to Email Encryption
The main thing that you need to send private email messages is encryption. There are two ways this is used: encrypted messages and network connections. You must make sure you are using both to protect your privacy comprehensively.
Encrypting Messages
When you encrypt a message, you effectively lock it so that only somebody with the correct key can unlock it. The message will be scrambled to anybody else and seem like complete nonsense. These keys come in pairs, a public and private key, so you can use somebody’s public key (which they can freely share) to scramble a message in a way that can only be unscrambled using their private key.
Some service providers will keep hold of your private key themselves and decrypt it for you when you want to read a message. This may seem easier, meaning you don’t permanently lose access to your messages if you lose your password. Still, it also means that the company providing this service can access and read your messages. Even if you trust the company not to abuse this power themselves, it opens up the possibility that hackers could breach the company’s servers and gain access to both your messages and the key to decrypt them or that they could be forced to hand over the contents of your messages to a government spy agency. The best privacy protection is therefore offered by services that use client-side decryption. This usually means you have a password to generate your private key and unscramble your emails on your device. Because the company does not have access to your private key, it cannot read your messages and pass this ability on to anybody else. Perhaps the main problem with email encryption, however, is that both the sender and the receiver need to be using the same system, and you need to know the public keys of anybody you want to communicate with in advance. If both people use the same service provider, this is not a problem, as the system will automatically know the public key associated with their address. So, in that case, you can use the service just as you would an ordinary email provider, and your messages' contents will be protected. But if you are using different providers, or if the person you are communicating with has an account with a popular provider like Hotmail or Gmail, which doesn’t use encryption, things get slightly more complicated. This is important to know because it would be easy for a beginner to sign up with a company offering private encrypted email and then presume that they are protected whatever they do, but that is not the case. One common way to get around this problem, offered by many service providers, is to create a website link that includes the key to decrypt your message and email the link to the person you want to communicate with. This means the message can still be stored in an encrypted format, and only somebody with the exact link to it could read it. But of course, it does mean that anybody monitoring your recipient’s email or web browsing can access the message. This problem can be partly solved by setting messages to be deleted after a certain period in the hope that any would-be spy will get there too late. You can also set a password that needs to be entered to decrypt the message. Still, of course, this does mean that you need to find a secure way to share this password with the person you are emailing – fine if it's a friend you talk to in the flesh, but perhaps more difficult when it is somebody you only communicate with online. The truly paranoid can get around this problem using the self-destructing message method described further down the page.
Encrypting Network Connections
You start composing the message on your device when you email somebody. This message is then sent to your email provider, who sends it to the intended recipient. An encrypted connection ensures that an outside observer cannot place themselves between you and your email provider and intercept your messages. The most common system by far is called ‘SSL’. This is the method you use to log in to your online banking accounts when the green lock symbol appears in your browser address bar, and it does not require you to exchange keys – make sure that the website address starts with ‘HTTPS’ instead of ‘HTTP’ and that you can see a padlock symbol. Most service providers who offer encrypted email should use SSL as standard, but I thought it was worth mentioning for a couple of reasons. Firstly, when a company says it offers encryption, you need to make sure that you know exactly what they mean by that. For example, Hotmail lets users set encryption as a default, but this only applies to the network connection and does not protect the contents of your messages themselves. Secondly, some apps and desktop clients will only operate through HTTP and might break this protection.
A Beginner’s Guide to Anonymous Email
Even if you take every step possible to ensure that the contents of your messages cannot be read by anybody else, you are still not completely protecting your privacy. An observer may still be able to see who you are communicating with, how often, at what times, and so on. This kind of ‘metadata’ can reveal much more than most people realize. There are two ways to counter this threat.
Anonymous Account Creation
By anonymizing your account, you can ensure that whatever an observer can glean information cannot be connected to you personally. Creating an anonymous email address is surprisingly difficult, as most services will, at the very least, ask you to enter a secondary address that they can use to send you notifications or reset your password if you forget it. Many will also ask you for other personal information. If you want to register with a company that requires a secondary email but are concerned about the privacy implications, then there are things you can do. For example, Guerilla Mail and Mailinator can create temporary disposable addresses without providing personal details. These temporary addresses are perfect for signing up with other providers anonymously. To ensure that you cannot be connected to your email account, you should probably also ensure that you only access your account through a private network like TOR (see how to use TOR). If you don’t do this, it may be possible for an observer to track when your device is accessing the service and correlate this with when messages are sent, allowing them to associate your account with your real identity. Some services will send your messages over the TOR network. For example, Mail2Tor offers an anonymous and encrypted email system (you’ll need to have TOR installed for that link to work). I haven’t included any TOR mail services in the recommended services you will find further down the page because I couldn’t find enough public information about precisely how they work or what advantages and disadvantages they may have.
BitMessage and ‘Everyone Gets Everything
Another way to prevent spies from using this metadata against you is to use a system based on the principle of ‘everyone gets everything. This means that instead of sending your message directly to the recipient, it is broadcast over a peer-to-peer network. Everybody on the network will receive the message, but only your intended recipient can read it. This makes it more difficult for an observer to be able to tell who you are sending the message to and make it impossible to tell whether a message has been received or opened. One of the best examples of the ‘everyone gets everything’ principle is BitMessage, which uses the Bitcoin protocol. This is not an email system, it is an alternative messaging system. However, excellent service is available at BitMessage.ch, which provides an email-style interface to this protocol and allows you to send to and receive from ordinary email addresses.
The Best Anonymous & Encrypted Email Providers
This is not a comprehensive list, but it offers several recommendations. If you know any other services you think are worthy of inclusion, please feel free to add suggestions in the comment section, and I will consider adding them to the list.
ProtonMail
With Android and iOS apps and a web version, this is one of the more user-friendly options. All messages are stored on the company servers in an encrypted format and transmitted using end-to-end encryption. When you create an account, you get two passwords – one for accessing your account and one for decrypting messages. Your decryption password is used client-side and never shared with ProtonMail, so they cannot access your messages. When sending messages to non-ProtonMail users, you can hit the encrypt button to send a link and set a password they must enter to read the message.
You can even include a password hint, so if you know them well, you may be able to set a question only they can answer rather than having to communicate a password in advance. The code running this service is open source, as are all the encryption libraries it uses. They claim to offer anonymous registration with no personal details required, but they do ask for a secondary email. Free accounts are available, but there is a waiting list, so you need to request an invite and wait for them to contact you when they have enough capacity for new accounts. I had to wait a few weeks when I registered.
Counter mail
This service offers very strong security in addition to privacy and anonymity. Special security measures include diskless servers that boot from a CD and the option to purchase a USB key, making it impossible to access your account from any machine that does not have that physical key inserted into the USB drive. It uses OpenPGP, which means you can communicate with people on other services that use this open standard. There are also plenty of extra features like an auto-responder and a PGP chat feature. Their servers are set up not to collect IP address information and to use anonymous headers, so you may not need to worry about accessing the service through TOR. By default, they will generate keys for you on their servers, but encryption occurs on your device.
I am told that if you generate your own PGP key pair and send them a support message with your public key (don’t include our private key!), they will set up your account so you can use this, which will protect yourself against CounterMail themselves being able to access your message contents. There is a one-week free trial, after which you have to upgrade to a premium account, which you can pay for using bitcoins.
Tutanota
This user-friendly and secure system can be accessed from mobile apps or popular client software such as Outlook. Keys are generated locally on your device. Unlike ProtonMail, this is done with only a single password rather than separate passwords for account login and encryption (don’t worry, they don’t have access to your password). It features end-to-end encryption and encrypts your contact list and messages – a thoughtful extra feature. You can create accounts anonymously. They do not collect IP address information, and they strip IP information out of headers. It is also open source, so anybody can inspect the source code to ensure it works as stated. You can create a free account with 1 GB storage and buy premium features such as the Outlook addon and extra storage space using bitcoins.
These Messages Will Self-Destruct in 3…2…1…
You may like to learn how to send self-destructing messages because it's cool and makes you feel like James Bond. But it may also be useful when communicating with somebody using a different/insecure email provider. Cloakmy.org is a fun service that lets you send encrypted messages that auto-destruct as soon as they have been opened. These messages are only visible to somebody with the correct link and can optionally be protected by an additional password. The auto-destruct feature means that messages are deleted from the site’s servers once they have been opened and only exist in the browser of the person who has opened that message. Because of this, you can be 100% sure that only one person can ever receive these messages – if any attacker manages to view them. They will auto-destruct before the rightful recipient arrives, and you will know exactly what happened. As I explained earlier, private email services will allow you to send messages to users of non-secure services by emailing them a link with an optional password. But what if you have no secure way to share the password? This will probably only appeal to the paranoid among you, but here goes – pick a password for sending messages from your private email to the recipient's address and encrypt it in a message on Cloak my. You can share the password needed to view this Cloak message over any insecure channel because you know that if the person you are communicating with manages to view the message, nobody else will be able to. If somebody else gets there first and intercepts the message, you will know about it because it has already been deleted. Still, all that will have been revealed will be a throw-away password, and you can make a new one and share it again before sending your real message.
If you’re Even More Paranoid Than That…
Ensure that the microphones are disabled on all your devices before using any of these services. Hackers can break your encryption by listening to barely audible sounds from your device’s processor.
