To guide, inspire and prepare Wyomingites and their fellow Americans to act against existential threats to their liberties and to Western Civilization from radical revolutionaries and Emperors who have no clothes.
Emerging Threats
Preparedness
Harden Digital Life Series – Part 4: Encrypted Email
Understanding and adopting encrypted email is a vital step in hardening your digital life.
End-to-end, zero knowledge, open source, encrypted email is not overly complicated to use. But you need to understand the positive, negatives, and essential tightening steps. Later articles will go more in-depth on how to lock down ProtonMail and Tutanota.
PROTONMAIL & TUTANOTA
I could list and offer you the dozen or so iterations out there but there are only two that tick all boxes, and only one, ProtonMail, that I can truly recommend. Tutanota is a very solid backup or second email stream. I employ Tutanota for one separate communication stream with one other person and all other group communication is exclusively with ProtonMail.
ProtonMail – Swiss based, open-source and end-to-end encryption
Based in Switzerland, ProtonMail is protected by the swiss Federal Data Protection Act (DPA), offering some of the best privacy protection in the world. ProtonMail is designed with the principle of zero access and zero knowledge, so the email servers and staff have no possible way of reading or sharing your emails.
ProtonMail's servers (which store no unencrypted email content) are under 1,000 feet of rock in a swiss bunker that can supposedly survive a nuclear bomb. A team of CERN Large Hadron Collider scientists began development in 2013 after following the Edward Snowden events.
The encryption and web interface are completely open-source, and the tech community has confirmed the high level of security. Unlike Gmail, ProtonMail is encrypted BEFORE it is sent to the servers, so any potential hackers or agencies can only retrieve a random set of numbers, letters, and symbols. Approx. 60 million users as of 2021 makes it a sizeable user base to hide among.
Pros
- iOS and Android App
- Can use own domain
- Two-step verification
- Self-destruct message capability
- Zero-access construction
- Report phishing option
Cons
- Can be expensive
- Keeps Ip logs and subject lines of emails are not end-to-end encrypted (important to remember)
- No support for hardware-token based 2FA
Free plan offers 500MB of storage and up to 150 emails a day. Paid plans start at $4 a month and can be paid for with cryptocurrency.
Tutanota – German based, Open-Source and end-to-end encryption
Tutanota is popular and highly recommended within the tech community. It uses end-to-end encryption and is externally audited open source, as with ProtonMail.
Pros
- iOS and Android App
- Phone number not required for sign up
- Automatic encryption of entire mailbox and address book
- Subject line, headers, body, metadata, and attachments are encrypted. Ip address is deleted
Cons
- No search function, so impossible to search through past emails
- The App is imperfect and can be glitchy at times
- 14 eyes country
Free plan offers 1GB of storage and paid plans are 1 Euro a month that includes support and 5 aliases
PROTONMAIL VS. TUTANOTA
Both are equal in terms of security, and Tutanota is much cheaper for its paid plans. But Switzerland's privacy laws are the best and have enabled ProtonMail to build an incredible product with little blowback. It is more user friendly, and its range of extra services are growing – Proton Drive, Calendar, and VPN showing that they are truly building a long-lasting clean and reliable product. Assuming the Swiss continue their long privacy record…
PROTONMAIL CONTROVERSY
ProtonMail has enjoyed a perfect record regarding legal requests up until recently. https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html
A swiss court forced the company to hand over IP addresses which had logged into a certain 'climate activist' email account. Reading between the lines, it is clear the activists had been emailing externally with threats from the account, which flagged up their account. All ProtonMail activities need to be with other ProtonMail accounts. We should certainly keep an eye on these requests, and if you are concerned about the IP address being logged it is worth having an 'always on VPN' – this will be discussed in a later article.
HONORABLE MENTIONS
Mailfence https://mailfence.com/
Belgium-based End-to-End encrypted mail service but not open-source code
Hushmail https://www.hushmail.com/
Canada-based encrypted email but strong verification by other email and cell phone is required. Canada does not have the best privacy laws.
Disroot https://disroot.org/en
Netherlands-based encrypted mail service, open source but only maintained by volunteers
BE THE BEST PROTONMAIL USER
Assuming you follow this articles advice, and opt for ProtonMail, you must ensure everyone is using ProtonMail in the group you wish to exchange private emails with and consider the following security steps.
Learn the privacy matrix
You and your team MUST keep ProtonMail ring-fenced to benefit from its encryption. ProtonMail to ProtonMail always.
Set a strong password
As discussed in our first article on hacking LINK, a strong long unique password is a must. This is likely the most important step you can take. What is the point in using a privacy focused email service when you give away access with a hackable password?
Set up 2FA
ProtonMail currently supports two-factor authentication with one-time-use code apps like Google Authenticator or Authy. Follow the steps on the ProtonMail knowledge base to enable it: https://protonmail.com/support/knowledge-base/two-factor-authentication/ and be sure to save your backup codes somewhere safe.
Monitor access
ProtonMail allows you to audit each connection your account makes with its servers. This allows you to do a few awesome things.
First, you can view all the IP addresses (locations) your account has been seen on, which is great for making sure it was you, and only you, who's been in your ProtonMail account. In 'Security', under 'Authentication Logs', be sure to enable 'Advanced' view.
Also, you can manage which sessions are currently active on your account, and revoke any session that is no longer required, or suspicious, under 'Session Management'.
If you do find an unknown IP address logging into the account – try to be sure it was not you, we can often be mistaken. If convinced, then change passwords straight away and set up 2FA if not already deployed, report to ProtonMail customer service, and consider deleting the account. The response also depends on your personal threat model. In a later article a good offset is explained and involves regularly saving emails to an encrypted hard drive and deleting all emails saved on the account – maybe once every month depending on risk.
Hacker Blocking
Sometimes, hackers, or even advertisers, use sneaky tricks in email to get through your privacy. One common technique - tracking beacons can be embedded into images in your emails. Tracking beacons are tiny 1 x 1-pixel images embedded somewhere in an email. when the pixel loads, the sender is alerted to who opened the email, when, on what device, and where (Ip address).
Make sure ProtonMail only loads images and other remote content if, and only if, you request it. Under 'Account' select 'Email Content'. Make sure 'Load remote content' and 'Load embedded images' are both set to Manual.