ProtonMail

ProtonMail

The past couple of years I have been very interested in encrypted email and other encrypted communication methods. This is primarily after learning how wide open the protocols we primarily use are to interception and abuse. Email is a big one where private and personal information is passed around the globe in a format that can be read and intercepted easily. Read more of my thoughts on why email encryption is important. PGP encrypting email is the surest way to use email more securely. However, others need to use it as well. PGP encryption is not considered a simple process for most people so people just don’t use it.

protonmail_logo_purpleI have been following a company based in Switzerland called ProtonMail that has been working on an encrypted email solution that uses PGP encryption rather than some “in-house” encryption solution. This company has also made a portion of their work open source so others can audit their work. It should be noted that the backend of their system is not open source which is not ideal when overall trust of a system is of importance. However, I recognize that what ProtonMail is doing overall is a positive move for more users to adopt secure email as an option while using an open standard like PGP. All other systems I have looked at are completely closed in that they have implemented their own encryption system that requires all encrypted communication to be done through their service. I have had an account with ProtonMail since near when they started in Beta a couple years ago.

On January 26th ProtonMail will be opening up to everyone and moving out of Beta. This means anyone will be able to get a ProtonMail account and easily send encrypted emails and receive PGP encrypted emails. In fact you can reserve your account name now if you want. January 26th is also is when the iOS and Android apps will be made available to everyone, and users will be able to use their own domain names with the service as well. This is huge as PGP encryption can be a hurdle for people as it is, and even more so when mobile solutions are considered. One caveat with ProtonMail currently is that using your own PGP key is not yet available nor is sending traditional PGP encrypted emails to addresses outside of ProtonMail. Once these two items are completed I am likely going to move to ProtonMail as my primary email. Currently an encrypted email to an external user utilizes the ProtonMail servers and an agreed on password between recipients which is a bit awkward but certainly gets the job done when communicating to users who are not using encrypted email. The good news is ProtonMail revealed their roadmap and full PGP implementation is coming in 2016 so encrypted emails will be sendable to users who use PGP outside of ProtonMail. I anticipate that by mid 2016 or early 2017 that ProtonMail will have in place all of the pieces for me to use them as my primary email and also be an email service that I can recommend to friends and family for encrypted email.

Feel free to send me an email at hc.liamnotorpnull@wotsirbffej if you would like to discuss email encryption. You can grab my PGP public key below and send me an encrypted message as well if you are using PGP. I also welcome messages from my PGP encrypted form from my website if you want to send an encrypted email but really have no idea how to go about doing that.

PGP Public Key Jeff Bristow’s ProtonMail

Why Email Encryption?

Why Email Encryption?

Before email if you wanted to send a letter to someone you would write it out, put it an an envelope, seal the envelope, buy a stamp and send it off with your mail carrier. How would you have felt if you got a call that said your letter had arrived but it had been opened and on the pages were food stains, etc? Clear evidence that the letter had been read. Both parties in this scenario would feel violated, and rightly so. Someone had read a private note that was not meant for them.

This happens with email daily, the only difference is we don’t see any evidence of tampering when we get the message. Since Edward Snowden’s leaking of NSA information it is clear that one of the groups reading our emails is the NSA. But it can also be someone in an internet cafe, or a server admin. Email is plain text as it travels from point A to point B. And sometimes those two points go through a lot of servers. But since we don’t see the evidence we don’t seem to feel the same level of being violated. What was thought to be private simply is not when email is used. But email isn’t going anywhere, so what can we do to give ourselves privacy and still use email?

We can promote email encryption. Email encryption makes it so the contents of your message can only be read by the intended recipient. It won’t matter if someone in the internet cafe intercepts your message, or a server admin tries to peek in on what is being sent through his or her servers. They can still intercept the message, but they can’t read it. Just like the postal carrier can see who a letter is from and who a letter is to, with encrypted email this is also all that can be ascertained.

In an ideal scenario we would all use encryption, but we don’t. In fact very few people encrypt their emails. I personally at this time only know two people who use email encryption. There are two main reasons why I don’t think email encryption is popular.

  1. People don’t care enough.
  2. Using encryption takes some learning and some technical know how.

To address these two reasons I will be writing about encryption from time to time outlining scenarios where I believe email encryption is pertinent if not essential. As a Christian and someone who likes to believe that History can teach us valuable lessons,  I believe it is very important that we consider using email encryption, especially for missionaries in various locations around the globe. I will delve into this more in a later blog posting. In addition I will be writing up some ‘How To’ posts regarding how to use the two most common forms of email encryption. OpenPGP and S/Mime. Once you set them up email encryption is fairly painless.

If you would like to send me an encrypted email you can fill out a form on my Contact page. This form will encrypt the message before it even leaves your browser so at no point is the message ever plain text. I would welcome any correspondence on this topic.