“Encryption matters, and it is not just for spies and philanderers.”Edward Snowden to Glenn Greenwald
We live in a world where just about everybody has been the victim of a data breach. If you’ve ever been online, chances are various bits of your information has made it into the hands of unscrupulous people. Then of course there are the Googles and the Facebooks of the world, who make a living off getting as much of your data as possible and using it to make advertising to you more effective.
I’d be remiss if I didn’t mention the various governments around the world that collect your data, and use it for who knows what purpose.
I don’t intend this to be a lengthy review of all of the services/tools I mention here. Some of that will be covered in future writings. I do, however, intend to give the reader a few options that are available.
When getting in to the world of privacy, it’s important to consider your threat model. I don’t intend to cover any of that here either (again, that will be a future writing), but it’s important to consider. As a note, if your threat model includes the NSA or other three letter government agencies, then I’d highly recommend taking most of this with a grain of salt. Any organization with virtually unlimited resources can be assumed to be capable of accessing many things that we otherwise wouldn’t think them capable of accessing.
Email. It’s ubiquitous. You’re asked for it in the checkout line. You’re asked for it on just about every website you visit. It’s everywhere! And regardless of how many “email killers” come around, the simple fact of the matter is email will outlast all of them and then some.
But email is terrible. It’s sent around the world like a postcard — anyone can read anything addressed to anyone else. That’s right, email is sent in plain text! Most people don’t even realize that.
Of course, there are ways to secure your email. Some are fairy easy, others not. I’ll give a few suggestions here. Note that these are not full reviews; I’ll get to those a little later on.
When it comes to secure email providers, Tutanota is often one of the top two most mentioned (I’ll discuss the other one below, and of course there are more than just two, however these two are the most commonly mentioned).
Tutanota offers you free end-to-end encrypted emails. They survive purely on premium users and donations for their funding, and for a modest fee of 12 euro a year, you get access to some additional features.
You can see a full review of Tutanota here.
Like Tutanota, ProtonMail provides secure end-to-end encrypted email communications. This is the other most common suggestion for encrypted and private email.
Like Tutanota, you can get a free account, however the service is dependent on premium users and donations to continue operating and building things. ProtonMail has received funding from outside organizations, however. The pricing for upgrading your account is steeper than that of Tutanota as well.
I’ll be posting a full review of ProtonMail soon.
Criptext is a relative newcomer to the secure email playing field. There isn’t much out there on it yet, aside from some official marketing materials. I’m working on a review of this service, which I hope to have completed shortly.
Long story short, Criptext has a new way of going about secure emailing. First, the emails are stored entirely on your device, aside from when they pass through the mail server (incoming or outgoing), with a few notable exceptions (which I will cover in my full review).
Unlike the others mentioned so far, Criptext is not a web-based service, and is available only via downloading an app to your device. Also unlike the others, Criptext uses the Signal protocol for encrypting emails.
Of course I’d be remiss if I didn’t mention the current gold standard in email encryption, PGP/GPG. I’m not going to cover it too much here (that’ll be for another write-up), however if you’re using iDevices, then I highly recommend checking out Canary Mail. It’s not perfect, but it’s pretty good (slight pun intended). I’ll have a review on this posted later as well.
For non-email purposes, I highly recommend Signal. There are a few other solutions out there, but I’ve not had much time to look in to them.
For the privacy conscious, there are several steps that you can take to improve things in this regard.
Dump Google. This seems to be the biggest piece. Use alternatives such as DuckDuckGo, StartPage or SearX. Get rid of Gmail (consider one of the above providers). Don’t use Chrome, use Firefox instead.
Check out https://www.privacytools.io/ for a whole bunch of ideas and suggestions.
Security all begins with defining what your threat model is. A good place to start is the EFF’s Surveillance Self Defense site. The topic is entirely to broad to discuss here in what I had hoped would be a short note.
My intention was to give a few links to resources and tools that you can use to reclaim some of your privacy and security in a world where you have very little by default. Hopefully this information was helpful. Feel free to comment below if you come across anything, or have any additions. This document may get updated from time to time, and the last updated timestamp below will reflect the last time a modification was made.