I’ve been asked several times why I have not written about email yet. Who has the most private and secure service and how good is PGP encryption are common questions. After Lavabit closed it’s doors and Silent Mail quickly followed I’ve heard quite a few people mention Hushmail as a good alternative. This is when I though I’d better write an article on this as Hushmail is definitely not the way to go for those that want private and secure email, in my opinion.
Why no Hushmail?
– They keep logs and record pretty detailed information on your activities.
– They have no problem handing whatever data and information they have on you over.
So then what?
The whole reason I have not touched on the topic of secure email before is because I have not found it. Lavabit was as close as it got to really secure and private email as far as I know and even that was not as secure as I’d like. Not because the service was bad but the way email works simply prevents it from being completely secure and/or private. Yes there are ways to encrypt your email and there are services like Lavabit that make sure your email is protected while traveling through and staying on their server but one thing you can’t get rid of is the metadata. This was also said by Jon Callas, one of the co-founders of PGP, when Silent Circle shuttered their encrypted mail service. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.” because “There are far too many leaks of information and metadata intrinsically in the email protocols themselves.” A less descriptive but equally clear message came from Lavabit’s owner Mr. Levison in a phone interview with mathaba.net “I’m taking a break from email, If you knew what I know about email, you might not use it either.”
Security has to be part of the design process in order to really work, this was never the case with email. While mailboxes have gotten bigger, POP evolved to IMAP and certain levels of encryption became available, email has never been redesigned to accommodate security and privacy. This is where the metadata comes in. Things like your IP address, sender, receiver, path from your computer to final destination, mail client version and possibly OS, date and time are all visible even though the message itself may be encrypted.
Most of those that used email services like Lavabit and Silent Mail did so to stay as private and secure as possible, maybe even mixing those services with PGP encryption on the endpoints but communications that need to truly be private and secure are rarely done by email unless there is full control. Running your own mail server in your building protected by your firewalls and VPN access with strict control over all the endpoints and the security/encryption they use for example. Layers upon layers of security with complete control is the only way your email can be private and secure (that metadata will still be there though). Something that’s not doable for the average user with the cash and resources to set something like that up and keep it online.
What is a regular user like me to do, I just want my privacy.
Don’t use email if you don’t like what the metadata reveals. Use something like encrypted chat over a secure server or encrypted phone calls. If the metadata doesn’t bother you and all you need is for the mail contents to be private and secure then at least use an email service that is not owned by a US company or hosted in the US, encrypts the data on their server and does not keep logs or encryption keys. This way even if they have to hand data over to a government agency they will not be able to decrypt it.
With Lavabit and Silent Mail gone keep an eye on the soon to be live StartMail. I don’t know what kinds and what levels of security they will offer but I am assuming/expecting/hoping it will be equivalent to what Lavabit offered as that is pretty much the minimum required to be private and secure. Mega is a few months away from launching an encrypted email service too.
For the above mentioned reasons, email can not be completely secure. Even StartMail, when live, can’t hide metadata. Though if a service like Lavabit was used over webmail some parts of that metadata would no longer be an issue. The IP would show that of the mail server, not your computer. A proxy and/or VPN on top of using webmail would hide your location even better as the server logs (if any) would not reveal your true location. The path the email takes to it’s final destination would also not reveal your location and your mail client or OS would not show either as it’s the webmail server that sent it, not the mail client on your computer. These are things to keep in mind when StartMail launches.
Communicating securely and privately is a challenge, always has been. Finding the right method, ensuring the service provider is secure (logs and key storage), ensuring both you and the person(s) you are communicating with take all the proper precautions, etc. Email may just not be the way to go but these days it’s almost impossible not to use it so choose your provider wisely, take all the right precautions and always be on the lookout for something better.
Feedback and comments are welcome!