GeekPolice Tech TutorialsLog in

 


How to Secure Your Email

Share

20180325
How to Secure Your Email

How to Secure Your Email



Most email services provide a secure HTTPS connection. They are therefore secure. However, this is no good if the email service simply hands over your information to an adversary, as Google and Microsoft did with the NSA!

The end-to-end email encryption is the answer lies, where the sender encrypts the email, and only the intended recipient can decrypt it.  

Most people regard Pretty Good Privacy (PGP) as the most secure and private way to send and receive emails. Unfortunately, PGP is not easy to use. At all.

This has brought about a low number of individuals willing to utilize PGP.

With PGP, only the body of a message is encrypted, but the header, recipient, send time, and so forth, is not. This metadata can still be very valuable to an adversary, even if it can’t read the actual message.



Despite its limitations, PGP remains the only way to send email very securely.

PGP was once open source and free, but is now the property of Symantec.  The Free Software Foundation has taken up the open source OpenPGP banner, however, and with major funding from the German government has released GNU Privacy Guard (also known as GnuPG or just GPG).

GnuPG is a free and open source alternative to PGP. It follows the OpenPGP standard and is fully compatible with PGP. It is available for Windows, OSX and Linux.



Although the basic program uses a simple command line interface, more sophisticated versions are available for Windows (Gpg4win ) and Mac (GPGTools ). Alternately, EnigMail adds GnuPG functionality to the Thunderbird and SeaMonkey stand-alone email clients.

K-9 Mail is a well-regarded email client for Android with PGP support built in. It can be combined with Android Privacy Guard to provide a more user-friendly PGP experience.

PGP is a genuine agony to utilize. Such a major agony, actually, that few individuals trouble. Mailvelope is a browser extension for Firefox and Chrome that enables end-to-end PGP encryption inside your browser.

It works with popular browser-based webmail services such as Gmail, Hotmail, Yahoo! and GMX. It makes using PGP about as painless as it gets. However, it is not as secure as using PGP with a dedicated email client.

Encrypted webmail services such as ProtonMail and Tutanota . These are much easier to use than PGP and, unlike PGP, hide emails’ metadata. Both services now also allow non-users to securely reply to encrypted emails sent to them by users.

They will also not scan your emails to sell you stuff. However, never regard them as being anywhere near as secure as using PGP with a stand-alone email program.

Protonmail is much more secure than most webmail services.

Unfortunately, to work, both ProtonMail and Tutanota implement encryption within the browser using JavaScript. This is fundamentally insecure.


Did you find this tutorial helpful? Don’t forget to share your views with us.
remove_circleSimilar topics

Comments

No Comment.
Permissions in this forum:
You cannot reply to topics in this forum