Bill Franklin, worked at Lavaboom
Mise à jour il y a 173w
// Insofar as is possible this is a non-technical answer to the question. Tl;dr: I list secure email providers at the end of this post. //
Email is inherently insecure, it was built with private communications in mind but realistically an email is as insecure as a postcard.
When I send an email from Oxford to San Francisco from Gmail to Yahoo! Mail my email is susceptible to numerous interception techniques either in transit or on Google or Yahoo!'s servers. In this scenario my Email has 7 interception points: On my computer, in transit to Gmail's servers, on Gmail's servers, in transit from Gmail to Yahoo!, on Yahoo! Mail's servers, in transit to my friend's computer, and finally on my friends computer. And a chain is only as strong as its weakest link, so if both my friend and I work hard to protect our computers from hackers we still rely on Gmail and Yahoo! protecting our email.
Who wants to hack you
There are 3 groups we want to protect against when sending an email. Government agencies (read: NSA), the email provider, and hackers (read: organised crime). You can't protect against two and not the third, if Gmail can access your emails so can the NSA and if the NSA builds a backdoor into a service that backdoor is accessible by others. You have to stop all three groups accessing your email because if just one group has access, then all three have access.
Reasons they want access to your email:
NSA: Mass surveillance and individual targeting.
Gmail: Keyword scanning for advertising.
Hackers: Spamming, stealing bank details, identity theft, the list is limited only by imagination of how you can make money with stolen personal details.
Below is a diagram from Brian Krebbs, a security researcher, which shows your email is more valuable than you think.
How you are vulnerable
There are various methods of intercepting your email at any one of those 7 access points. A quick method (read: 1 hour) involves hacking into a location in Cardiff where the Transatlantic Communications Cables (TCC) begin, setting up a node to intercept the email and then waiting for me to click 'send'.
The NSA is able to use all 7 of the access points I've mentioned. From what I've learnt from Jacob Appelbaum and Glen Greenwald's articles on the NSA's 'collect it all' culture it's likely that they are making use of all 7 and others that I don't know about.
See this NSA powerpoint slide.
PRISM is a surveillance program started by the NSA (later with involvement from the UK's GCHQ) that collects your emails. Notice how Microsoft, Yahoo! and Google - the world's largest email providers, with a combined 1.2 billion users - were first to be part of the program. Email is still the number one method of communication on the Internet, with more users than Facebook or any other service. So its importance to folks like the NSA is clear - if you're sending an email you should assume its ending up on Prisms servers and Ed Snowden's former colleagues have easy access to it.
Outside technical privacy flaws inherent in Email, we can also take a look at the laws protecting the privacy of email users. The majority of email users send email with a United States email provider, this includes Gmail, Hotmail and Yahoo! Mail. As we saw with the demise of Lavabit, that's not the safest place for your emails or your privacy.
- After 180 days of sitting on a US email provider's server your email becomes US public property, source: No One Is Talking About The Insane Law That Lets Authorities Read Any Email Over 180 Days Old.
- One survey showed 55% of US employers monitor and read their employees' email, source: Smart Policies for Workplace Technologies.
- Lavabit's story is worth reading, it was the email provider of Edward Snowden up until it was closed last year. We can conclude that no email is safe from prying eyes while on a US company server, I believe Ladar Levison wrote something similar as a PSA on Lavabit.com before he lost his appeal earlier this year.
- Read Glen Greenwald's No Place to Hide: http://www.amazon.co.uk/No-Place...
Metadata, or data about data, is also important. For example the metadata of this Quora answer will be the time it was written, the writer, how long I was on the Quora site for, my location, what browser I'm using, what exact computer I'm using, local time on my computer... the list is so long that I wont continue. To put this into perspective, there is usually more metadata attached to emails actual data. Metadata follows you throughout the web and is arguably more valuable than actual data. Fantastic talk by one of my heroes, Mikko Hyppönen: How the NSA betrayed the world's trust -- time to act - he briefly delves into the 'it's just metadata' argument.
When you send an email all of this metadata is sent with your email. When you reply or forward an email you include all the metadata from the previous email. For example, if a group of people are having a conversation over email then with the simple hack I mentioned above you could gain access to the usernames and locations of everyone in the conversation and the subject of discussion all without ever reading the emails. More: What Your Email Metadata Told the NSA About You. This is a great tool for freaking people out, I thoroughly recommend spending a minute using it: a people-centric view of your email life.
A final thing to mention is the fact that when you send an email to someone using Gmail, even if you're not a user, you automatically give Google everything about you - you don't need to agree to their terms and conditions (which includes reading your email, last week's news: A Good Result That Raises Questions, Google Uncovers Child Porn in Gmail). This goes for all US-based email clients.
Ce que tu peux faire
So email is insecure, data and metadata reveal an awful lot about you and you're setting yourself up for a major privacy invasion by using Gmail, Hotmail and Yahoo! Mail. But there's hope. As Ed Snowden said earlier this year: "We're past the point where citizens are entirely dependent on governments to defend our privacy, we don't have to ask for our privacy, we can take it back" (Reset the Net).
"All intelligence services... all of them, are afraid of easy to use, secure communications tools." - Jacob Appelbaum.
Asymmetric encryption is the answer, it's one of the things we can rely on and it's easy to use. I'll list secure email providers at the end.
Step 1. Use encrypted email:
Pretty Good Privacy (PGP) encryption is a tool which allows you to turn the content of emails into meaningless gibberish for all but the sender and receiver. There are easy to use email clients that make this possible. More info: https://en.wikipedia.org/wiki/Pr....
Step 2. Use a non-US email provider:
Using geography to protect your emails is a start but not reliable, I'm writing a blog post on it currently. For example the privacy laws of Germany or Switzerland are better than the privacy protections offered in the United States or the UK. But the US government can still send its citizens subpoenas even if they're in Switzerland. But taking your email outside the US is essential for privacy, even using Naver would do, I doubt the NSA have access to the Korean email provider and even if they did, they don't have the man-power to translate billions of Korean-language emails.
Step 3. Don't trust your email provider:
Taking your email out of the US is a start, but the ideal (easy to use) solution would be a zero-knowledge email provider. Zero-knowledge means the company cannot access your emails unencrypted and only ever has access to encrypted data. More info on this: http://zeroknowledgeprivacy.org/.
Step 4. Host your own email server (minor technical ability required)
Rolling your own email server isn't as hard as it sounds and it removes a couple interception points from the 7 I mentioned above. It means you're the admin of your email and you'll be the guy the NSA will ring up to build a backdoor into your server.
Here's a list of email privacy solutions:
Mailpile is a self-hosted email client: https://www.mailpile.is/
I work for Lavaboom: https://lavaboom.com/en/
There's also a very good list here: http://prxbx.com/email/
Robert Uomini, Ph.D. Mathematics, University of California, Berkeley (1976)
Répondu il y a 95w
Actually, ANY email account can be made extremely secure in the way you mentioned by at least two means:
- Encrypting the content.
- By using ChiaraMail’s Envelope Content Splitting technology.
In the former case, there is the problem of communicating the decryption key to the message recipient (key management). Gmail is probably the best at using this technology.
In the second case, you don't have to deal with the issue of key management because the content isn't sent through the mail network; instead, it's sent securely to a content server and is fetched on demand by the recipient. Google “Envelope Content Splitting” for more information.
That said, ChiaraMail is shutting down operations and its products are no longer available due to lack of interest. It seems that Americans have little interest in securing their email.
Nawaf Gantare, Propriétaire de Wizblogger (2015-present)
Répondu il y a 90w · L'auteur dispose de réponses 143 et de vues de réponses 626.1k
There are many safe and free email service that encrypt your email and doesnt allows access to anyone even the government. But i would say that the free ones will always backfire you.
Recently i came accross a service named LAVABIT .They were shut down in 2013 for not disclosing the email account of edward snowden. This i would say that this service is the best as they will close down their whole service but will not give your details to anyone.
secondly there are many encrypted email providers that i found on the internet.Some of them are
Juan Pablo, extensive open source user, tester, developer. Imagine the impossible together.
Répondu il y a 170w
You should have a look at https://tutanota.de
It's an encrypted mailbox so they don't have any data about you. Also it doesn't log ip addresses. Plus interface is also in Spanish. Recently Tutanota published a transparency report: Transparency Report & Warrant Canary
Judging from this I'd say they really mean it when they say they want to protect your private data. I would never trust an email service that is based in the US; the laws are just not privacy-friendly and data seizure is too easy. So Gmail, Hotmail, Yahoo are out. It's not easy to find a reliable service you can trust.
Elena Smith, Vice President of Operations at Global B2B Contacts LLC
Répondu il y a 161w
There is no free email service provider across globe.
Global B2B Contacts is a leading provider of quality Business to Business and Information Technology mailing, email and telemarketing lists. Founded in 2006 and headquartered in Kansas City, Missouri. Global B2B Contacts is a full service marketing company that provides corporations with leading edge E-marketing solutions.
With over 8 years of expertise in providing advanced data enhancement solutions and by executing the complete process of Database cleansing/appending and custom Email database building in-house, we endow our clients the rapid turnaround, quality control and the accountability they entail.
Check our out website - http://globalb2bcontacts.com/ema...
Mark Waugh, works at Sandwich Express
Répondu il y a 171w
Gmail is a successful apparatus that helps us stay in contact with the world
Gracious, Gmail, despite everything I recall when I first knew about you. I was still a youthful chap at the time, yet I recollect seeking after a welcome to join the administration. It appeared as though it was a welcome just beta, or not open to the general population, for such quite a while. As I sat tight for my welcome to get a record, I watched numbers scroll upwards on a little ticker as Google made a point that it offered a great deal more stockpiling than Yippee! furthermore, Hotmail, its greatest email rivals at the time.
The upbeat day at long last did arrive. I got a welcome and opened up my Gmail account. From that point forward, I haven't generally utilized whatever other email administrations. Gmail takes care of business for me, in addition to some. However, would could it be that makes Google's email benefit so incredible, and why would it be a good idea for you to utilize it? The accompanying are only a portion of the reasons I utilize Gmail. I think you'll think a great deal of the accompanying things are really cool, as well.