Sending emails and messages securely

There is a common misconception that email is a secure form of exchanging information. Nothing could be further from the truth…

“But, isn’t Protonmail secure?” I hear some of you say. Sadly, no it’s not. A climate activist in France found this out the hard way when the so-called purveyor of “Secure Email Based in Switzerland”, that many of us rely on, revealed his IP address to Swiss authorities, resulting in him being arrested. Check this article.

The biggest mistake this person made was not using a VPN. The bigger mistake was Protonmail actually complying with this order, which will likely see ripple effects of furious customers canceling their services out of rightful concern. Read more on this.

Emailing and Messaging Securely

So, how come email isn’t secure?

For anything sensitive, I do not recommend using an email address or email itself for communication. Here are a few points as to why:

The “secure” email services that we generally rely on are never fully secure.
Here are two other examples:
– Tutanota, a secure email service, got hacked recently.
– CTemplar, which is a paid, encrypted by default email service, lost a considerable amount of user emails in July, 2021. As of July 11 2021, CTemplar did not provide any details regarding the cause of the incident. CTemplar has just acknowledged all user accounts were impacted, more or less, and some users had lost everything. Such an action does not inspire confidence.

Email, on the protocol level, is not secure by default.
Whoever controls the encryption keys controls everything. Most email services are unencrypted over the wire when email is sent. Also, even if you are using an encrypted email service, the people you are communicating with might not be.

Email is turning into a legacy form of messaging
This is due to its many failures at protecting user privacy, including blatant violations of it. Secure, blockchain-based messaging is the future.
Email = centralized.
Private by default blockchain-based messaging = decentralized.
This is the way forward.

So, what should you use?

If your communication is highly sensitive, consider using end-to-end encrypted messaging apps such as the Desktop version of Session.

To be clear, the Desktop version of Session is the only version of the application that doesn’t have Google Play Services built in. Do not use the mobile app until this has been corrected.

Telegram is a good app, but should not be considered fully secure since not all messages are e2e encrypted.

When using Telegram, it is best to use the Desktop app, and avoid App Store versions. App Store versions are censored by Apple and Google. You can spot an App store Telegram as it has a white border to the icon, so if your Telegram app icon has a white border, it is compromised. The original Telegram is all blue. You can download the proper version of Telegram onto your mobile or desktop direct from their website.

It’s also important to keep in mind, if you’re using these services on an Apple, Google or Microsoft device, you’ll never be truly secure. Discover how to ensure your hardware and operating systems are secure.

Written by: 5u3ht3m0rp

This information was provided by 5u3ht3m0rp, an anonymous expert in cyber security who is dedicated to providing activists the tools they need to remain anonymous and untraceable.

2021-10-26T11:09:27+01:00

About the Author:

Jamie is a "Rebellious vegan pixie" on a mission to help change the world for the better. He's here to assist people as they awaken by providing tools of empowerment.