Email security: Difference between revisions
m minor text change |
|||
(37 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
When communicating with other people by email | When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they scan your files. | ||
Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined. | |||
Boylovers should | Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service. | ||
=== Free secure email === | |||
*[https://tuta.com/ Tuta.com]: Company in Germany with free end to end encryption [[encryption]] and keeping minimal logs, smartphone apps available, they use quantum-resistant cryptography. | |||
[https:// | *[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and no logs, Proton will ask you for a recovery email address during account registration, do not enter anything that can be linked to you. | ||
[https:// | *[https://mailfence.com/ MailFence]: Belgian company offering OpenPGP encrypted email but they say nothing about logs, proceed with caution if you want your IP hidden use a VPN when opening an account. | ||
The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref> | |||
The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall. | |||
=== | === Paid email services === | ||
*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, they keep no logs and payments are not connected to email accounts. | |||
*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch. | |||
===Disposable Email=== | ===Disposable Email Address=== | ||
The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses | The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses do not need registration and if combined with a [[Proxy and VPN]] can provide a good level privacy but if forum accounts are approved manually it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and the domain name of the address it often gives away that it is a disposable email address. A disposable email address is best used for forums set to automatic registration, they can be read by everybody, make sure to pick a random username to avoid somebody else picking up the same username as you. | ||
*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages. | |||
*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email. | |||
==Email encryption== | |||
If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power. | |||
The person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it. | |||
* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages. | |||
== References == | |||
{{Reflist}} | |||
[[Category:Technology]] | [[Category:Technology]] |
Latest revision as of 14:14, 9 June 2025
When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers [1], and they scan your files.
Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography [2]. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.
Boylovers should have into account that email services offering email encryption only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.
Free secure email
- Tuta.com: Company in Germany with free end to end encryption encryption and keeping minimal logs, smartphone apps available, they use quantum-resistant cryptography.
- Proton.me/mail: Company in Switzerland offering free email with encrypted inbox and no logs, Proton will ask you for a recovery email address during account registration, do not enter anything that can be linked to you.
- MailFence: Belgian company offering OpenPGP encrypted email but they say nothing about logs, proceed with caution if you want your IP hidden use a VPN when opening an account.
The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. [3]. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. [4]
The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall.
Paid email services
- Posteo: Company in Germany, servers encrypted, they keep no logs and payments are not connected to email accounts.
- StartMail: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.
Disposable Email Address
The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses do not need registration and if combined with a Proxy and VPN can provide a good level privacy but if forum accounts are approved manually it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and the domain name of the address it often gives away that it is a disposable email address. A disposable email address is best used for forums set to automatic registration, they can be read by everybody, make sure to pick a random username to avoid somebody else picking up the same username as you.
- GuerrillaMail: Disposable address without registration needed, it can also be used reply to messages.
- TrashMail: Forwarding address, you create an email address that can be used to forward messages to a different email.
Email encryption
If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.
The person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.
- MailVelope - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.
References
- ↑ N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html
- ↑ Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/
- ↑ ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/
- ↑ Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/