The internet is by no means new at this point, neither are computers. We’re all connected by these devices that put all our information in public, and many of us don’t have the first clue how any of it works. If you send email, it’s the equivalent of mailing a postcard. Anyone can see everything you’re typing to your friends, whether you realize it or not. We had certain rights with physical mail that simply haven’t transferred to digital communications. I don’t know about you, but I want these rights back, and first step towards regaining our digital privacy is learning to use email encryption. Each level adds an additional layer of security to your email. The level of security you use is up to you, but you need to be aware of the real world applications of the technology you’re using in order to make an informed decision.
Level 1 – Choose the Right Email Provider
Every email provider has their good and bad points to consider, but for the purposes of security, Gmail is what you want. There are two important security measures I’m going to discuss below that work best with Gmail, and both are necessary. I’m no fan of Google and their data mining/tracking, but the reality is that Gmail is free, easy to use, and compatible with every necessary security measure. If you’re up to no good, there are other ways of getting caught, but with a Gmail account, anybody can enjoy the benefits of secure communication employed by governments and corporations worldwide.
Hotmail/Outlook is a popular free email service/client, but it’s incompatible with the encryption methods necessary to keep your email secure. Yahoo provides free email as well, but they only allow you to check the messages on their server. In order to download the messages to your email client, you must pay to upgrade your email account. Since neither of these companies allows for free security, shun them both, and stick to Gmail. Now let’s walk through how to create a safe Gmail account.
Level 2 – Download an Email Client
When you check your email online, the messages are stored on your email provider’s servers. This is akin to storing your mail at a PO box rather than taking it home with you to read it. You may not be doing anything illegal, but there’s no reason anyone else should be holding your mail. By downloading an email client, you’re transferring your email off someone else’s servers and on to your computer’s internal hard drive. So what is an email client, and which one do you choose?
There are three commonly used email clients: Lotus Notes, Outlook, and Thunderbird. Lotus Notes and Outlook are traditionally utilized by corporations. They have many enterprise security features (meaning they’re useful for businesses), but cost money to purchase. On top of this, they often aren’t compatible with the encryption software available on the consumer market. In order to protect yourself for no cost, download Thunderbird, which is made by Mozilla, the people who make the Firefox internet browser. Not only is this program free, there is a variety of security add-ons that can be installed.
Once you install Thunderbird, you’ll be prompted to connect your Gmail account. Be sure to change your settings to download messages and delete them from Google’s servers. This makes it more difficult for someone to spy on you, as they have to physically be on your computer to do so. With any luck, you’re able to see who’s physically at your computer.
Level 3 – Tales from the Encrypted
Once you have Thunderbird installed, you need to set up PGP (short for Pretty Good Privacy) encryption. To do this, download and install the Enigmail extension. When you encrypt your email, you’re placing the postcard emails you normally send into an envelope. You won’t be anonymous–people can still see the from/to addresses–but the information you send will be unreadable to anyone but the recipient.
What PGP does is set a key for you on your computer. You’re also given a key to give anyone you want to email. Once you exchange keys with someone, you can securely email each other. If anyone intercepts the email, they’ll see only gibberish unless they have both keys to unlock the email. Even if one of your keys is compromised, they won’t have the other, and therefore cannot read your email. This encryption is mathematically uncrackable for the time being, and it is the same level of encryption used by every government and corporation in the world. If it’s good enough for them, why not you?
Level 4 – Go Full Anonymous
The steps above protect you by putting your data in your hands and hiding it when it’s anywhere outside of your computer. None of these options will make you anonymous, however; they’ll only keep the information you send hidden. People can still see who you are and who you’re emailing. In order to provide anonymity in email, you have to utilize a trick from the Tor project.
Do you remember the old Willy Wonka movie where Mike TV is disintegrated and “teleported” from one spot to another? Tor (and torrents) works the same way: instead of sending information directly to someone, a peer-to-peer network is set up, so your information is shredded into confetti and put back together as needed. This provides a level of anonymity because nobody can see the full view of where you’re browsing. They may be able to get a general idea, but they’ll never know for sure. This is the best strategy for online anonymity.
In order to provide this level of anonymity to email, an expert level of skill is needed. You must configure your email client to send emails as encrypted binary data split up into various Usenet newsgroups. Any email coming in or out of your account is scattered throughout Usenet. While the level of anonymity provided by this is fantastic, it slows down your email response time–it can take hours or even days for the data to be shredded and put back together. Because of this, it’s slow, very difficult to use, and is only practical when truly necessary to hide something. I won’t delve too far into the specifics of how this is done, but you can learn a bit more about how to become Anonymous.