Tech Tip: Is Email Secure?
Image by Daria Nepriakhina from Pixabay

Tech Tip: Is Email Secure?

We spend a lot of time discussing how to make your messaging private. Signal is still the gold standard for texting for most people, but what about email? Can you trust the privacy of your email messages?

The simple answer is, not really.

The longer answer is, it depends on your threat model. Two key questions are, what are you trying to protect and who are you trying to protect it from?

As a very early form of text communication between computers – before the Internet was barely than a sparkle in ARPA’s eye (no, really – the standards for email go back to 1977) – email was not built with security in mind.

If you’re using a service like Gmail, your email is probably secure when being sent – people on your WiFi network can’t snoop on it (in Gmail, look for a green or gray lock icon in the security line when you click on message details):

Even with that security, the servers exchanging your emails still have to route them to the right inbox – revealing the address. Without it, every bit of your email is unencrypted, readable to anyone who can see it.

And the message is still unencrypted: Anyone who gets into your inbox sees it.

PGP is Pretty Difficult

The Pretty Good Privacy program, originally developed in 1991 (in response to then-Senator Joe Biden’s attacks on private communications) can be used to encrypt the content of your email, but it’s difficult to use. Especially on mobile, the tools are still clunky.

PGP also doesn’t encrypt the subject line, sender or recipients of an email, and requires you to securely exchange a key (a file, or string of characters) with people you’re emailing.

Is it possible?

The best way to securely use email is to make sure both users are on an encrypted service like ProtonMail. ProtonMail offers a mobile app and a web-based client for email, but you can’t use another program like Apple Mail or Microsoft Outlook.

But again, both users have to be on ProtonMail. For now, if you can, stick with Signal for encrypted text & voice communications. In a future article, we’ll talk about using OnionShare to share files.