Email privacy crash course – Part 5: Ubiquity and People Network
The previous articles in this series covered email Encryption, Metadata/Anonymity and Usability. The various aspects of email privacy are summarized in the following picture. We shall now explore the two remaining important aspects of email privacy solutions: people network and ubiquity.
What is people network?
People network (or simply network) is a measure of your ability to communicate securely with as many people as possible. Some of the email privacy services support secure communication only among subscribers of their own service (except when using message vaults, see below). Subscribing to such services effectively puts you on a “secure island” with friends whom you convinced to subscribe to the same service. Your communication with everybody else, including PGP users who do not subscribe to the service, remains unencrypted.
Message vaults are no substitute for people network
The “secure island” providers sometimes attempt to compensate for their severely limited people networks by offering a message vault service that allows sending encrypted messages to non-subscribers. Here is how it works: the message is written by the sender using browser, encrypted by a password chosen by the sender, and stored in a “vault” at the secure email provider’s server. The recipient gets by email a web link to the vaulted message. The sender communicates the password somehow (e.g. using phone or instant message) to the recipient, and the recipient reads the message using browser, after typing in the password received from the sender.
While this allows sending encrypted messages outside the “digital island”, usability of this scheme is inadequate for day-to-day communications, not to mention the potential leak of a password that was communicated via an insecure channel.
Comparing people networks of email privacy services
The following picture shows a sample of existing email privacy solutions and services, mapped according to their people networks and usability (message vaults are ignored). Since the only truly ubiquitous email encryption system is PGP, people networks are binary – either the service allows encrypted communication with external PGP users, or not.
Server side encryption (SSE) services such as StartMail, TorGuard and Hushmail do very well on both usability and people network, as they allow use of any email client and communication with external PGP users. However, they are not end-to-end and therefore are insecure, as discussed in detail in Part 2. Do not use them.
Protonmail and Tutanota, while doing very well on usability, limit secure communication to subscribers of their own services, and thus their people networks are very limited. Stand-alone PGP clients such as Mailvelope and Enigmail support communication with external PGP users but are difficult to use (see Part 4). Mailfence is a service that allows communication with external PGP clients and is as difficult to use as a stand-alone PGP client.
What is ubiquity and why is it important?
By ubiquity we mean the ability to communicate securely while using any email address and service. There are three aspects to ubiquity:
(1) Ability to use an email service that you are already using, such as Gmail or your work email
(2) Ability to store messages at your existing email service rather than at a dedicated storage of a secure email service provider.
(3) Ability to use your existing email address (as you will see below, when using secure email providers this is not necessarily the same as (1)).
Unlike stand-alone PGP clients, providers of dedicated secure email services usually do not allow (1) and (2), and charge for (3) and for message storage, which can be quite expensive. Their free plans usually provide meagre allocation of message storage and do not allow (1) and (3) at all. A special concern is posed by your ability to liberate your data from such services when you decide to leave them.
The following picture maps ubiquity vs. people network for the same sample of existing email privacy solutions.
Protonmail and Tutanota do poorly on both people network and ubiquity, as they limit secure communications only to their subscribers, require users to store messages at their facilities and charge fees for storage and for use of user-owned domain names. Conversely, Enigmail and other stand-alone native PGP clients do very well on both ubiquity and people network, as they are free and allow use of any email service and communication with any PGP user.
The insecure SSE services and Mailfence do well on people network as they allow communication with external PGP clients, but poorly on ubiquity as they require and charge for storage and domain names. Finally, Mailvelope has unrestricted people network like all PGP clients, but is mediocre on ubiquity as it can only be used with a limited number of webmail services with which it is integrated.
How does all this affect you?
When selecting an email privacy solution, you should consider the solution’s ubiquity and people network, as these may have significant impact on the way you will use the service.
For example, users that occasionally send sensitive messages often use two email clients – one that is easy to use (such as Outlook) for unencrypted communication, and another that may not be as easy to use but has a free and reliable privacy plugin (such as Thunderbird with Enigmail). Doing so allows such users to continue to use their existing email service, storage and address while gaining both ubiquity and secure people network, albeit at the expense of ease of use.
Other users may like the simplicity of secure webmail services such as Protonmail and Tutanota but do not want to part with their Gmail service where they do the bulk of their communications (and store most of their messages). Such users have to use two separate email addresses, which is very inconvenient.
In our next article – Part 6: Make your choice – we provide an overall summary of the email privacy services and solutions, as well as specific guidelines for choosing the right solution.