Will email ever really be private and secure?

12. August 2013 Security 7

I’ve been asked several times why I have not written about email yet. Who has the most private and secure service and how good is PGP encryption are common questions. After Lavabit closed it’s doors and Silent Mail quickly followed I’ve heard quite a few people mention Hushmail as a good alternative. This is when I though I’d better write an article on this as Hushmail is definitely not the way to go for those that want private and secure email, in my opinion.

Why no Hushmail?
– They keep logs and record pretty detailed information on your activities.
– They have no problem handing whatever data and information they have on you over.
Hushmail is not a good alternative for services like Lavabit and Silent Mail! Just have a look at their privacy policy and make up your own mind, maybe they are private and secure enough for what you need but for those that want/need a service like Lavabit or Silent Mail I’d say signing up with a service that has a tainted reputation is not a good idea, just my two cents.

So then what?
The whole reason I have not touched on the topic of secure email before is because I have not found it. Lavabit was as close as it got to really secure and private email as far as I know and even that was not as secure as I’d like. Not because the service was bad but the way email works simply prevents it from being completely secure and/or private. Yes there are ways to encrypt your email and there are services like Lavabit that make sure your email is protected while traveling through and staying on their server but one thing you can’t get rid of is the metadata. This was also said by Jon Callas, one of the co-founders of PGP, when Silent Circle shuttered their encrypted mail service. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.” because “There are far too many leaks of information and metadata intrinsically in the email protocols themselves.” A less descriptive but equally clear message came from Lavabit’s owner Mr. Levison in a phone interview with mathaba.net “I’m taking a break from email, If you knew what I know about email, you might not use it either.”

Security has to be part of the design process in order to really work, this was never the case with email. While mailboxes have gotten bigger, POP evolved to IMAP and certain levels of encryption became available, email has never been redesigned to accommodate security and privacy. This is where the metadata comes in. Things like your IP address, sender, receiver, path from your computer to final destination, mail client version and possibly OS, date and time are all visible even though the message itself may be encrypted.

Most of those that used email services like Lavabit and Silent Mail did so to stay as private and secure as possible, maybe even mixing those services with PGP encryption on the endpoints but communications that need to truly be private and secure are rarely done by email unless there is full control. Running your own mail server in your building protected by your firewalls and VPN access with strict control over all the endpoints and the security/encryption they use for example. Layers upon layers of security with complete control is the only way your email can be private and secure (that metadata will still be there though). Something that’s not doable for the average user with the cash and resources to set something like that up and keep it online.

What is a regular user like me to do, I just want my privacy.
Don’t use email if you don’t like what the metadata reveals. Use something like encrypted chat over a secure server or encrypted phone calls. If the metadata doesn’t bother you and all you need is for the mail contents to be private and secure then at least use an email service that is not owned by a US company or hosted in the US, encrypts the data on their server and does not keep logs or encryption keys. This way even if they have to hand data over to a government agency they will not be able to decrypt it.

With Lavabit and Silent Mail gone keep an eye on the soon to be live StartMail. I don’t know what kinds and what levels of security they will offer but I am assuming/expecting/hoping it will be equivalent to what Lavabit offered as that is pretty much the minimum required to be private and secure. Mega is a few months away from launching an encrypted email service too.

For the above mentioned reasons, email can not be completely secure. Even StartMail, when live, can’t hide metadata. Though if a service like Lavabit was used over webmail some parts of that metadata would no longer be an issue. The IP would show that of the mail server, not your computer. A proxy and/or VPN on top of using webmail would hide your location even better as the server logs (if any) would not reveal your true location. The path the email takes to it’s final destination would also not reveal your location and your mail client or OS would not show either as it’s the webmail server that sent it, not the mail client on your computer. These are things to keep in mind when StartMail launches.

Until then, have a look at the EFF suggested alternatives like Autistici/Inventati, Riseup and MyKolab. I have no personal experience with these services but being suggested by the EFF means something. As always do your own research and read the terms, conditions and privacy policy carefully. Use webmail over SSL or your own mail client with encryption on top of a secure service. Using encryption on your computer can be done with GPGMail for OS X or by using a 3rd party email client like Thunderbird which has an optional add-on for encryption. Keep in mind both you and the receiver need to have these encryption methods installed for it to work and remember that this encrypts the contents, not the metadata. It should also be worth mentioning that PGP has potentially outlived it’s usefulness. I don’t know enough about it yet to say if this is true or not but the summary as explained here makes sense.

Communicating securely and privately is a challenge, always has been. Finding the right method, ensuring the service provider is secure (logs and key storage), ensuring both you and the person(s) you are communicating with take all the proper precautions, etc. Email may just not be the way to go but these days it’s almost impossible not to use it so choose your provider wisely, take all the right precautions and always be on the lookout for something better.

Feedback and comments are welcome!

7 thoughts on “Will email ever really be private and secure?”

  • 1
    Aliki on August 12, 2013 Reply

    Unfortunately this seems to be a sign of the times. In order to get any privacy we will have to resort to messenger pigeons.

    • 2
      asdf on June 5, 2014 Reply

      Countermail is the way to go… diskless servers, encryption keys on USB sent to you… Hushmail is a joke… Just read their Privacy Policy…

  • 3
    Jay on August 12, 2013 Reply

    That’d be kinda cool… There are alternatives and ways to layer security on top of using a secure service and that will suit most people. Email is the standard so it won’t go anywhere anytime soon but using a secure messenger (Adium on Mac, ChatSecure on iOS for example) can be used for communications that really need to be as private and secure as possible. Now that the world is aware (thank you Ed Snowden) maybe we’ll see more and better alternatives surface in the next few months/years.

  • 4
    Freddy on August 13, 2013 Reply

    Seeing Lavabit meltdown, it would be interesting to see how this relates to non-US based email encryption services such as http://salusafe.com and if it we could expect similar abrupt shutdowns of offshore servers?

    • 5
      Jay on August 13, 2013 Reply

      Looks like an interesting service. I’ve read about cryptoheaven last week and was unaware salusafe was a service they offered. Will check it out. Canadian services are not beyond the reach of US agencies as seen with Hushmail in the past, I’m not sure if the physical server location makes a difference.

    • 6
      Jay on August 14, 2013 Reply

      The client app and mail pickup service online all seem to require Java. Naturally I am hesitant to use Java.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.