Your regular email service isn’t as private as you might like. Here’s how to start using encrypted email.
Email is one of the most insecure forms of digital communication. Back when email was invented, security and privacy were not on anyone’s minds. No one had any idea that email would become such an essential tool, or that governments, corporations, hackers, and spammers would pose such a major threat to the internet’s stability and security. People were just glad that email actually worked.
But now, just a few decades later, it’s clear that email is woefully, and perhaps incurably, obsolete when it comes to modern-day standards for security and privacy.
Email: Unsafe at Any Speed
I won’t go into all the technicals details about why regular email is so insecure, but here’s a rough breakdown.
Typical email providers use HTTPS to encrypt their connections with you, so you don’t have to worry about your ISP or local Wi-Fi hackers reading your emails.
But after that, the story gets more complicated. Your email provider (e.g., Google) keeps copies of your emails on their servers, and they have the capability to read and analyze them, or hand them over to law enforcement or to the NSA.
In fact, Google admits that they do read (by means of automated software) all the emails that you send or receive via Gmail—mostly to improve their advertising platform.
But that’s not all. Say you’re a Gmail user and you send an email to a Yahoo Mail user. This means that Google has to route your email from their Gmail servers to Yahoo’s servers. This last journey is typically not encrypted, which means that any eavesdropper can read your emails as they’re being sent between email providers’ servers.
Unfortunately, this last obstacle is the hardest to surmount. If your recipient doesn’t know how to use encrypted mail, or they’re using a regular email provider like Gmail, there’s nothing you can do to keep your emails from being read—except for one thing: avoiding email in the first place, and using encrypted messaging instead.
Step 1: Switch to Encrypted Messaging First
While this guide is about switching to encrypted email, I’d be remiss if I didn’t first offer a much simpler alternative to help you meet your communication needs. As encrypted messaging apps are ubiquitous worldwide, I’d recommend using them as email replacements before you try encrypted email.
Encrypted messaging apps use what’s known as end-to-end encryption to prevent anyone except the sender and the recipient of the message from reading what’s being sent. Not even the company that made the app can read your chats or eavesdrop on your calls (nor can the NSA).
Popular encrypted messaging apps include:
- Apple’s iMessage
Almost every smartphone owner in the world has at least one of these apps installed, so using them instead of email is a no-brainer. And unless your phone itself is compromised (e.g. someone steals your passcode or takes screenshots of your messages), your communications will remain private.
Of course, you should avoid messaging apps that don’t use end-to-end encryption. These include Facebook Messenger, Instagram, Twitter, Skype, and most other apps made by social networking companies (and free email services). If you do use these apps, you should always assume that your messages are being stored, monitored, and being made available for the reading pleasure of advertisers, government spooks, foreign hackers, and even malicious third parties.
Step 2: How to Open and Use a ProtonMail Account
If you need to use email to send sensitive information, or if you’re simply fed up with Google recording every detail of your personal life by reading your emails, it’s time to switch to a more secure email provider. That’s where ProtonMail comes in.
ProtonMail, currently the world’s largest encrypted email service, was founded by a group of scientists who met at CERN. In many ways, ProtonMail is the indirect descendant of Lavabit, the encrypted mail service once favored by Edward Snowden. (When the US government demanded that Lavabit hand over its private encryption keys, its founder decided to shut the service down rather than comply with the request.)
ProtonMail uses end-to-end encryption to automatically protect emails sent between ProtonMail users. You can also send encrypted emails to non-ProtonMail users, though you’ll need to exchange a password with the recipient ahead of time (or use PGP—we’ll get to that later).
Most importantly, ProtonMail can’t read your emails, nor can they make them available to third-parties. That’s because emails are stored on their servers in encrypted form, and only you have the decryption key.
Making an account is easy. To start, head over to ProtonMail.com and select “Sign Up” at the top right.
You’re given the option of signing up for a free account or a paid account. The free account is fine for most users who are starting out with encrypted mail, but if you ever find yourself needing to send more than 150 messages per day, you can always upgrade to a Plus account for the very reasonable price of $4 a month. (The rest of this guide is based on options available for the free plan.)
Once you’ve selected your plan, it’s time to pick an email address. For maximum anonymity, I suggest picking a username that can’t easily be associated with you (so don’t use your first name or last name!). For my username, I’ve decided to pick a random three-character string. (If you signed up for a paid plan, you can add additional email addresses to your account later).
You also have the option of picking an email domain: either ProtonMail.com or ProtonMail.ch. ProtonMail itself recommends that you use .ch for maximum security. Since the .com top-level domain is controlled by a US-based company, it could be subject to a domain seizure, which would prevent you from sending or receiving emails. The Swiss .ch domain is less likely to be seized, so I recommend that you select .ch, just in case.
Once you’ve picked a strong password (I don’t recommend setting a recovery email—just pick a strong password and store it in a secure password manager) select “Create Account”. Press “Confirm” if you get a warning about the recovery email. You will also need to complete a Captcha.
ProtonMail will now take a moment to create encryption keys within your browser. These are the keys that are used to encrypt and decrypt your emails.
Without going into too much technical detail, the idea behind ProtonMail’s security is that your emails are always encrypted, and ProtonMail does not have the technical ability to decrypt them. They don’t store your password, nor do they ever see what your password is.
(ProtonMail used to require two passwords. They’ve since successfully implemented a system that preserves the same level of security while requiring only one password. You can still switch to two-password mode, but switching will diminish the service’s ease of use. ProtonMail also encourages you to stick to one-password mode.)
Once your account is successfully created, you’ll be greeted with a settings page where you can enter your “from” display name that people will see when you email them. You can also download ProtonMail’s apps for Android and iOS.
Before you start using your account, I suggest visiting mail.protonmail.com/security (under Settings > Security) and enabling two-factor authentication (2FA). This will require you to enter a passcode from your phone every time you log in, making it harder for a hacker to gain access to your account even if they find out your password.
You will have to scan a 2FA barcode into your mobile device in order to confirm the change. I recommend using an open-source authenticator app, such as FreeOTP.
And that’s it! You’re ready to start using encrypted mail.
When you press “Compose” in the top left (or hit “c” on your keyboard) you’re presented with an normal-looking email composition screen. Any emails you send to other ProtonMail users are automatically encrypted—there’s no need to make any additional changes.
However, if you want to send an email to a non-ProtonMail user, you can optionally encrypt the message by pressing the padlock at the bottom left of the email composition window. The recipient will receive an email with a link to a ProtonMail page where they can then enter the password to view your email.
You should have previously agreed on a password with the recipient, preferably in person, or through a different secure channel (of course, things will be easier and more secure if both of you use ProtonMail instead).
You can also set an expiration time for your emails (click on the hourglass next to the padlock). Once a message expires, it will be deleted from your sent folder and from your recipient’s account. If you sent an encrypted email to a non-ProtonMail user, they will be unable to view your message (but remember that the email that they got containing the link to your message can’t be deleted by ProtonMail). Of course, regular unencrypted emails sent to non-ProtonMail users can’t be set to expire.
ProtonMail has made email encryption fantastically simple. For most users, the level of privacy that ProtonMail offers (for free!) will be sufficient to keep you safe from hackers, snoopers, and advertisers. However, if you’re looking for an even greater level of security, ProtonMail won’t do on its own. You’ll need a stronger encryption protocol, like PGP, which I’ll be discussing next.
Step 3: Encrypting your Emails Using PGP
When you send an encrypted email to a non-ProtonMail, you need to exchange a password with the recipient beforehand. But that creates several complications. What if email is the only channel you have to communicate with your recipient? How do you exchange a secret password under those circumstances?
The problem here is that the password used to encrypt the email is the same as the password used to decrypt it. But what if we had two passwords—one for encryption, another for decryption—and arranged things such that the encryption password could be public, while only you have access to the decryption password?
In other words, what if anyone could send you an encrypted message that only you can decrypt?
That’s the basic concept behind asymmetric encryption (also known as public-key cryptography). You have a public encryption key that anyone can use to encrypt a message for you, but only you have access to the corresponding decryption key.
Here’s a simple analogy: imagine that I mail you an open padlock whose combination is known only to me. You can use that padlock to lock a briefcase containing a message meant for me. Once you lock the padlock, you’re no longer able to open it—nor can anyone else who intercepts it. Once I receive the locked briefcase in the mail, I enter my secret combination and unlock the padlock. Voila! You were able to send me a secret message without having to exchange a secret password with me.
With this introduction out of the way, let’s talk about how to use a common encryption tool that relies on asymmetric encryption: PGP, or Pretty Good Privacy. While PGP has limitations, it’s still quite common—and at the very least, you should have a basic grasp of how to use it.
Unfortunately, ProtonMail does not yet offer full PGP integration. However, I’m going to show you a method that will allow you to send and receive PGP-encrypted messages using any platform (yes, even Gmail!).
You should start by downloading a PGP utility. Mac users can download GPG Suite from GPGTools (GPG is simply an open-source implementation of the PGP standard). If you’re on Windows, you can use GPG4Win. (This guide will continue with instructions for GPGTools on macOS.)
Once you’ve installed and opened GPGTools, you should see a window prompting you to create a new key pair.
Enter your name, email, and a strong password. Then click “Generate Key.” (Note that others will be able to search for your public key if they have your email address. You can add more email addresses later.)
You’re now given the option of uploading your public key to a PGP key server. This is akin to distributing your open padlock so that others can easily send you encrypted messages. If you don’t upload your key, you’ll have to distribute it some other way (like handing it to your friends in person).
Now you’re ready to send and receive encrypted emails.
Let’s say you want to send an encrypted email. As an example, let’s try sending a PGP-encrypted email to the Electronic Frontier Foundation. Your first step is to find the recipient’s public key. In the GPG Keychain that we’ve been using, click on “Lookup Key” and enter the EFF’s email address, “firstname.lastname@example.org”. GPG Keychain should find the public key associated with that email address.
Click “Retrieve Key”. The key should soon be visible in your keychain. To verify that this is the right key, you can compare the fingerprint of the key (an abbreviated version of the full public key) with the one posted at www.eff.org/about/contact. If the fingerprints match, that’s good evidence that you’ve found the right one.
Now open a text editor on your computer and type the message that you want to send (do not type the message into your email application).
Next, select the text of the message, right click, and select “Services > OpenPGP: Encrypt Selection to New Window”.
In the window that opens, you should choose the recipient of your message. It’s a good idea to select “Sign” at the bottom as well—this will help others verify that the message actually came from you.
Now press “OK”. You may need to enter the key password that you created earlier.
If everything goes well, GPGServices will display the encrypted version of your message. It should look like a long string of gibberish.
You can now copy and paste this entire message into your favorite email application and send it to your recipient. Once they receive it, they will use their private key to decrypt it. No one else—not even the NSA—will be able to read what you sent.
If you receive an encrypted message, you can decrypt it by following these steps in reverse. Copy and paste the message into a local text editor on your computer. Then select the text, right click, and choose “Services > OpenPGP: Decrypt Selection to New Window”.
Once you’ve entered your password (if necessary) you should see the decrypted message. If the message is signed, you will also get a “Verification successful” pop-up if the signature is genuine.
That’s it! You now know enough about PGP to be dangerous.
Of course, there’s a lot more to learn. If you’re interested in privacy and encryption with PGP, you can start with this primer from the EFF.
You may discover that there are several web apps and browser extensions out there that allow you to send PGP-encrypted emails. However, I would highly discourage you from using them, simply because it’s difficult to know if they can be trusted. Performing encryption and decryption directly on your computer with GPGTools or a similar open-source tool will always be the safest and most universally-compatible way of using PGP.
Limitations to Email Encryption
Email encryption is no panacea. Depending on your threat model, you may even decide that email encryption simply doesn’t meet your privacy or security needs.
For instance, email encryption only encrypts the message itself, not the email headers or any related metadata (which includes the time the email was sent, as well as the identity of the recipient, among other factors). It’s well known that the NSA and other organizations have built surveillance platforms based solely on communications metadata. If you need to hide the fact that you’re communicating with a specific recipient, encrypted email won’t work.
PGP also has a lot of downsides, mainly with regard to the problem of distributing and authenticating public keys. It also doesn’t hide the identity of your recipient—you’ll have to use anonymous email addresses and only connect to them using Tor or an anonymous VPN.
Even ProtonMail admits that if you are the “next Edward Snowden” or have a “life and death situation that requires privacy” you should probably not be using ProtonMail.
You also need to watch your physical security: if your devices are compromised, or a hacker installs a keylogger on your laptop, your messages will no longer be secure.
So why should you use encryption? If nothing else, using ProtonMail or secure messaging apps will help keep advertisers, competitors, and hackers from accessing your private information. If you regularly deal with sensitive information, or need to communicate privately with business partners or within a small organization, using ProtonMail or any app with end-to-end encryption (perhaps even in combination with PGP) is an excellent way to stay private.
I hope this guide has been useful to you. If you have any questions or suggestions, be sure to leave them in the comments below!
Need safe VPN recommendations? Check out our curated list.