One Thing To Do Today: Email, not making the perfect the enemy of the better.

TL;DR – Protonmail, Tutanota rank as the easiest to use “secure” free email as service options. Might also consider Fastmail in conjunction with Virtu or Mailvelope, but haven’t tried that out yet.  Email still not gonna be “dissident safe.”

Email is the nudist messaging option. It just was never meant for claustrophobic constraints of encryption. Turn around for one second and its just stripping down past its metadata… wheeee! Let it be free, y’all, let it be free! Secrets for everyone!!!

…

Sorry about that. Brave souls have been designing atelier for emails with enough buckles and buttons to slow down the strip show while remaining easy enough for the novice user.  While security concerns remain, signing up for either Protonmail or Tutanota will improve privacy because the encryption model means they can’t participate in the casual data collection of data from the bodies of emails like other free email services.  Heck, even Fastmail would be an improvement. Bolt on encryption services like Virtu or Mailvelope don’t really protect email on the originating server so much, so I’d advocate a full switch from a free service. “Normals” moving to services that honor privacy will be the only wakeup call that Gmail, Hotmail and Yahoo! will head.

I’ve heard arguments that switching to encrypted mail might  “raise suspicion” in the wrong places.  Heck, that’s an excellent reason for me and my vanilla email to move up the email security food chain.  I can be hay in a needle stack.  That said, nothing mentioned represents the holy grail of communication security. Protonmail itself does an excellent breakdown of the vulnerabilities in their service.

The thing is, we shouldn’t have to switch to GPG on self hosted servers to get identical legal protections for electronic communication and file storage that that paper based communication has. Narrow reforms to 1986’s Electronic Communications Privacy Act have passed in the House. Some agencies are trying to make it weaker. Call or write a letter to your Senators to tell them you want the strongest version possible of S.356 to pass.

Recommended Reading

Protonmail

• Protonmail’s own threat model.
• 2016 BestVPN “ProtonMail 3.1 Review (2016)“
• 2015 Wired, “Mr. Robot Uses Protonmail, but it Still Isnt Fully Secure“, if needed little help breaking it down from Stackexchange.
• 2014 Stackexchange, “Is email encryption, as claimed by ProtonMail, possible?” Excellent information in general, but for example, ProtonMail is now fully open source.

Tutanota

• 2016 BestVPN “Tutanota private email review (+ vs ProtonMail)“
• 2015 Techcrunch “Tutanota, An Open Source Encrypted Gmail Alternative, Heads Out Of Beta“