Email privacy crash course – Part 6: Make your choice
In this article we provide guidelines and recommendations for making your choice of an email privacy solution. You may recall the important take-outs from the previous articles:
- End–to-end encryption is king
- OpenPGP is the gold standard – prefer 4096 bit encryption strength
- Metadata protection is critical – you may and will be surveilled based on metadata
- Anonymity is an important part of any privacy solution
- Solution providers that do not publish their source code should be avoided
- Usability is critical but often conflicts with security
- Some services allow secure communication only among their subscribers
- Some services require use of dedicated email address and storage
You may also recall that we divided the existing solutions into four major types:
- Server side email encryption services
- Stand-alone PGP-enabled email clients
- Browser-based email encryption services with central key management
- Tor-based anonymous email services
In the previous articles we performed a detailed evaluation of performance of a representative sample of email privacy solutions in six major aspects: encryption, metadata protection, anonymity, usability, ubiquity and people network. We shall now summarize the key points and provide guidelines for selecting a solution.
Existing solutions – key points
Server side encryption services such as Startmail, Hushmail, and TorGuard use standard OpenPGP encryption, allow use of any email client, and some of them allow connection to any PGP user using any email service. However, they are inherently insecure as emails emerge unencrypted on their servers, meaning that their encryption is not end-to-end. Do not use them.
Stand-alone PGP-enabled email clients such as Thunderbird, GPG for Outlook, Mailvelope, Mailfence (PGP client + email service) and Mailpile are mostly open-source, provide sound end-to-end encryption and enable you to communicate with any PGP user over any email service. However, they create a usability nightmare for most of the users due to manual key management and manual synchronization of keys with mobile clients. Consider using them if you and your correspondents can tolerate their poor usability.
Browser-based email encryption services with transparent key management such as Protonmail and Tutanota provide excellent usability. However, their users can communicate securely and smoothly only with other subscribers of the same service. Moreover, they charge hefty fees for use of email storage above a bare minimum. Since they store your messages, liberation of data from them when switching to another solution is, at best, difficult. Consider using them if usability is your prime concern and your correspondents are also using the same service.
Tor-based anonymous email services such as SIGAINT provide excellent anonymity and metadata protection, but no end-to-end encryption (except possibly with some difficult acrobatics such as using TorBirdy plugin). They can be used securely only if your correspondent is also a subscriber. Consider using them if you value anonymity above all and trust that your messages will not be read by the operator of the service or an intruder hacking into it.
Throughout this Email Privacy Crash Course we did our best to perform an accurate review of the surveyed email privacy solutions. Email privacy services are complex, and factual inaccuracies may have sneaked in. If you spot them, please let us know and we will edit accordingly.
Must you compromise?
Clearly, none of currently available solutions provide it all – encryption, metadata protection, anonymity, usability, ubiquity and people network.
Operators of all the surveyed services except the Tor-based ones can read your metadata (and therefore will give it away under a subpoena or inadvertently expose it if hacked). The Tor-based services do not encrypt your content end-to-end. Stand-alone PGP clients are difficult to use. The browser-based services with transparent key management do not allow you to communicate with users of other services or external PGP users. The server side encryption services are simply insecure. To make your choice from the existing solutions, you will indeed need to compromise, for example using the guidelines above.
You may want to give a look to the recently announced EasyCrypt email privacy service. It was designed to overcome the limitations of the existing solutions and eliminate the need to compromise on email privacy.