Monday, January 23, 2017

Email and Privacy

Email has never been a secure thing. Email isn’t secure because it was never meant to be the center of our digital lives. It was developed when the Internet was a much smaller place to standardize simple store-and-forward messaging between people using different kinds of computers. Email was all transferred completely in the open – everything was readable by anyone who could watch network traffic or access accounts (originally not even passwords were encrypted). Amazingly, email sent using those wide-open methods still (mostly) works.
Today, there are four basic places where most people’s email can be compromised:
• On your device(s)
• On the networks
• On the server(s)
• On your recipient’s device(s)
The first and last places – devices – are easy to understand. If someone can sit at your computer, grab your phone, or swipe through your tablet, odds are that your email is sitting right there for them to read – You do use a lock screen or password on your devices, right? Same thing goes for your recipients’ devices. But even passwords and lock screens sometimes aren’t much help. While a few email programs encrypt the email messages they store on the device, most don’t. That means anyone (or any program) that can access the device’s internal storage can probably also read email and get to file attachments. Sound far-fetched? It doesn’t have to be a person; rifling through email is one of the most common things malware does.
Networks are a little tougher to understand, and covers three basic links:
• Your connection to your email provider (whether that be your ISP, Google, Outlook, Yahoo, Apple, or someone else)
• Any network connections between your email provider and your recipient
• Your recipient’s networking connection to their email provider.
If you’re sending email to someone on the same service you use (say,, you have at least the first and third potential network vulnerabilities: your connection to and your recipient’s connection to If your recipient’s email is elsewhere (say a company or school) then you have at least one more: the connection between and your recipient’s email provider. The reality of network topography means each of those connections involves a series of routers and switches (perhaps a dozen or more), probably owned and operated by different outfits. If one connection is secure, there’s no guaranteeing any other connection in the sequence is secure. And if you’re concerned about things like the NSA’s PRISM surveillance program, indications so far are that some of it happens at these interim network points.
Servers are the machines at your email provider or ISP that physically store your email. If someone cracks (or guesses, or steals) your email password, they probably don’t need your devices; they can log in to your email provider directly and read any email stored there. That might be only a few messages, but it could be weeks, months, or years worth of email – including at least some messages you’ve deleted. But that’s not the only risk. Most email services store your messages as plain text. So, any attacker who can access those servers (say, via a security flaw or by stealing an admin password) can easily access all the stored email and attachments. Why don’t providers protect stored email? Partly because of the overhead that would create, but storing the email unencrypted lets people search their messages (you like to search your email, right?) and enables services like Gmail to automatically scan mail for keywords to sell advertising (and you like advertising, right?).
You want secure email? Get ProtonMail.
ProtonMail developed by CERN and MIT scientists, is a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data secure.
ProtonMail is based in Switzerland, so it won't have to comply with American courts’ demands to provide users data.

In worst case, if a Swiss court ordered ProtonMail to provide data, they will get only the heaps of encrypted data as the company doesn’t store the encryption keys.

ProtonMail has gained an enormous amount of popularity during its developing stages.

ProtonMail encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers, making it significantly more secure for those looking for an extra layer of privacy.
ProtonMail is not infallible and does have some disadvantages, but for you and me, the average person, with no business interests on the line, ProtonMail will work.
There are also secure messaging that works the same way as Proton mail, with encryption. A few of the popular sites are Telegram and WhatsApp.
Always be aware of what you email and text and say in phone calls. Most law abiding citizens might sound a little shady if all communication was intercepted and looked at as a whole. I’m not advocated anything illegal but I do guard my privacy. Being aware of your communication, practicing COMMSEC, is something that can make a difference in your preparation. Privacy is assured Americans by the Constitution, in spite of what a politician, intelligence agency, or law enforcement agency may tell you. Benjamin Franklin said:
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
The Patriot act is overreaching by our government under the guise of security. I understand how it got to be law, but it should be repealed or changed to be constitutional. We give up liberty in its present state.
Be aware, and be safe.
Semper Paratus
Check 6