Using Encrypted Email for Privacy

Do you use gmail for your email address?

Google has very lax privacy rules about the contents of your email.

Basically, your personal emails in Google are a treasure trove for advertisers, and Google.

For true email privacy, we recommend ProtonMail instead.

ProtonMail - secure and private email
ProtonMail – secure and private email

Why ProtonMail?

That’s what we’ll discuss here.

By the way, ProtonMail is the secure email that international journalists use to foil Russian security and intelligence agencies.

Swiss Privacy – Data Security and Neutrality

ProtonMail is incorporated in Switzerland and all their servers are located in Switzerland. This means all user data is protected by strict Swiss privacy laws.

ProtonMail's headquarters in Switzerland - they are subject to very strict Swiss privacy laws and all data resides within Switzerland
ProtonMail’s headquarters in Switzerland – they are subject to very strict Swiss privacy laws and all data resides within Switzerland

From their website:

“ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.”

Having said that, ProtonMail is subject to the rules of law and order in Switzerland – and the Swiss do cooperate with international law enforcement agencies, as you would expect.

End to End Encryption – Automatic Email Security

In Protonmail, all emails are secured automatically with end-to-end encryption.

What’s best about this?

Even ProtonMail staff can’t read your emails.

That means there is zero chance they can sell your data to advertisers or other third parties.

It also means they could not provide your email content to any government or law enforcement agency.

And to be clear – this encryption includes “encryption at rest”.

This means your email contents are encrypted on the server at all times.

Most other email providers DO NOT provide this – they only offer “encryption in transit” – meaning you can use HTTPS to access your email.

But, it will still be stored in “clear text” on the email server.

There’s one important caveat to this end to end encryption – it does NOT include the subject line of your email. The “body” and attachments of email are encrypted, but the subject line is not encrypted.

Why not?

Interoperability with other encrypted mail services using OpenPGP means the subject line can’t be encrypted.

Secondly, there’s no quick way to search emails in your inbox with ProtonMail – it’s because so much of the content is encrypted. But you can easily search the subject lines quickly.

This is a trade-off of security and usability.

You can find full details of this and more in ProtonMail’s Privacy Policy.

ProtonMail's end to end encryption includes encryption at rest - to ensure your email is not stored in clear text on the server
ProtonMail’s end to end encryption includes encryption at rest – to ensure your email is not stored in clear text on the server

Anonymous Sign Up

No personal information is required to create your secure, free email account.

You don’t have to provide your legal name, address – you just have to prove you are human – by donating or by confirming via SMS code.

Further, ProtonMail does not keep any IP logs which can be linked to your anonymous email account.

This means you can access your email, from anywhere, without logging at the server destination.

However, there is one important caveat to this – ProtonMail may actively monitor traffic to your inbox if presented with a legal request approved by Swiss authorities. This is usually done in extreme cases. You can peruse some actual instances in their transparency report.

You can also use Tor to access your email – which we will talk about further shortly.

Your privacy comes first with ProtonMail.

Based on Open Source Software

ProtonMail is based on Open Source software.

They offer a lifetime free account (with some limitations of course), and paid plans.

Their commitment to open source proves they are serious about privacy.

Easy to Use, Modern Features

ProtonMail has a very easy to use, clean user interface design.

You can access ProtonMail via the web, or with an iOS or Android App.

ProtonMail has a very clean, easy to use web mail interface - and smartphone apps
ProtonMail has a very clean, easy to use web mail interface – and smartphone apps

Communicating Securely with ProtonMail

ProtonMail offers end-to-end encryption.

Let’s talk about what that means.

First of all, for the most secure communications you need to be exchanging emails with another ProtonMail user. That way your emails at the source (you as the sender) and the recipient are guaranteed to be encrypted.

If the recipient uses another email provider (Gmail, Yahoo, Microsoft, etc.) you can expect the recipient’s copy of the email will be stored UNENCRYPTED.

Ensuring Privacy with ProtonMail

The second great thing about ProtonMail is they don’t (and can’t) sell your private data to third parties.

It is well known that most of the other email providers do this.

For example, Google shows ads in your inbox (by scanning your private email for relevant items).

ProtonMail doesn’t have ads in the inbox.

But more importantly, due to how their encryption works – they cannot read your email.

The important ramification of this: if you lose your password, you permanently lose access to your emails.

Nobody can “undo” the encryption if you lose the password.

We’d recommend setting a strong password on initial setup, and storing that in a secure password manager.

You may want to also print off a hardcopy and place in a secure vault – just in case.

ProtonMail offers 2FA using Google Authenticator

ProtonMail offers 2FA – Two Factor Authentication.

This is where you have to enter a short numeric code, in addition to your password (hence “2 factors” are used to prove your identity on login).

When 2FA is activated, it takes more than just your password to activate the account.

This is not activated by default, but can easily be setup in the Settings page.

We recommend you use Google Authenticator for 2FA.

ProtonMail does not offer SMS (text messaging) as a 2FA option.

Why not?

The honest truth is that SMS is horribly easy to hijack and it’s not secure.

So, be sure to activate 2FA – and you probably want to securely store your recover codes as well – these are one time use codes that will let you access your ProtonMail if you lose your 2FA device or don’t have it on you.

ProtonMail offers an Onion Service

Here’s another great thing about ProtonMail – it can be accessed using a Tor hidden (Onion) service.

The URL is https://protonirockerxow.onion/ (This link will only work when accessed via the Tor browser).

This means you can access your web mail account via the Tor browser – even in countries that block or censor ProtonMail.

(By the way, that Onion URL was had at great CPU cost – the easy to remember combination is “proton i rocker xow”. Because Onion URLs are cryptographically created in a random fashion – it took them a lot of effort to come up with something memorable.)

Secondly, using the Onion hidden service means you are very “anonymous” when accessing the email server, and the email server’s connection is extra protected as well. This is because using a hidden service means a secure “rendezvous point” is used within the Tor network.

The downside to using Tor to access your email?

It will be very slow – because Tor randomizes your network traffic’s path across the globe.

Tor Browser - Defend yourself against tracking and surveillance. Circumvent censorship.
Tor Browser – Defend yourself against tracking and surveillance. Circumvent censorship.

It also uses multiple layers of encryption (Hence “The Onion Router” – like the layers of an onion).

Having said all that, you don’t have to use the Onion hidden service.

When connecting to webmail in a normal web browser your traffic will be protected via HTTPS from end to end.

This also holds true for the smartphone clients for iOS or Android.

The benefit in using Tor is really to anonymize where you are connecting – or to circumvent censorship.

ProtonMail for Security and Privacy – In Summary

For the ultimate in secure and private email – we recommend ProtonMail.

Just be sure to understand how it works – and how to use it securely.

Remember that subject lines are not encrypted – and that ultimately ProtonMail is bound by the laws of Switzerland.

They are still the best secure and private email service available.

To be more secure, you’d have to “roll your own” – which is not a feasible option for most people.

ProtonMail has smartphone apps for iOS and Android.
ProtonMail has smartphone apps for iOS and Android.