what can I do about non encrypted email?

For a start please go easy on me as I am a 74 year old pensioner and am not so up on technology like many young people on here! I am looking for some advice on the best way to protect my privacy and anonymity when emailing. At the moment my configuration is as follows:

1)I use an encrypted truecrypt container which contains a portable edition of thunderbird with enigmail.

2)This is configured with a free webmail services such as Gmail. I know Gmail, hotmail etc are not good for privacy, but all messages going through here are encrypted with enigmail. So they are unable to snoop on the message contents.

3)I am also considering routing portable thunderbird / enigmail through Tor so I have complete anonymity – is there an idiots guide to this?

While the above provides a pretty good solution for corresponding with people who have PGP keys, my problem is that many people who I email me do not use PGP or any form of encryption. Examples include insurance companies, banks, lawyers, doctors, receipts for purchased goods , friends who just can’t be bothered etc. How can I minimise my privacy concerns when dealing with these types of contacts? My requirements are:

a)To protect my inbox / sentbox so that if the password to this is hacked then nobody can see the plaintext messages. For this solution I can use the portable thunderbird/ enigmail in a true crypt container –that works very well but the problem is how do I know that no copies remain lurking on the server? (I really would not trust google or hotmail with this. I want a free email service where I can be sure no copies of emails are left anywhere once they have been download to my portable thunderbird / enigmail in the truecrypt container.

b)The problem is I have heard services such as Gmail regularly snoop on your messages. That’s no problem if I use encrypted email as they can’t see what’s in there, but for regular plaintext does anyone know of any free services that don’t have a snoopers policy?

c)I say I want webmail but really I just need something that is free and anonymous which I can configure with my portable thunderbird inside the truecrypt container. I certainly don’t want any records left on the server and as soon as I have downloaded / sent the messages from thunderbird I don’t want them to be shown in any inbox or outbox on the server.

I would be grateful if anybody could help a clueless old guy like me with some suggestions!

 

Some banks and other institutions have a secure messaging feature built into their system which you can use when you are logged into your account. Using that for what you can should keep sensitive information off inadequately secured email systems/paths.

The sending and receiving email providers will see at least some information including the SMTP envelope (mail from and rcpt to addresses). You can get a feel for what they would see by examining the full source of a (encrypted) message that you sent to yourself. To do this in Thunderbird you can select the message and use the CTRL+u key combo.

Others may be able to give you some good advice regarding what email provider would be best for you. Ideally you would not use, or send any email to anyone who uses, an email provider that is (also) involved in targeted/personalized advertising (such as Google, Microsoft, Yahoo... Verizon, AT&T, and some other telco/cable ISPs, etc) because they have that motive to abuse information. However, such avoidance may not be practical. You can't control what email providers other people use, for example.

There are three "places" where email connections/exchanges can be snooped by intermediaries: 1) Between the sender and their email provider, 2) between the sending and receiving email providers, and 3) between the recipient and their email provider. Regarding 1: Make sure you establish secure connections with your email provider. Regarding 2: the sending and receiving servers negotiation whether the exchange will occur over a secure connection. Both sides must support encryption or it won't happen. When choosing an email provider you want one that offers encryption to other servers and uses encryption when other machines offer it. Especially when you aren't using client side, end-to-end encryption. You can test your email provider's support for "STARTTLS" encryption, for free, via the Basic Receiver and Basic Sender tests at http://www.checktls.com/tests.html. Regarding 3: You can't control whether recipients use secure connections to their email provider, but hopefully they do.

 

Hi Wind thanks very much for your reply. I am really grateful for your simple explanation of the three cases where intermediaries can snoop. Obviously there is no way I can address point 3 but if I address points 1 and 2 then the last remaining concern relates to the moral integrity of your own server. How can an individual possibly know that their own server is not spying on them and keeping a copy of their emails, and if they are is there any way to mitigate this other than encrypting messages with something like PGP? I am looking for a server that does not copy anyting or keep a copy of emails in the outbox or inbox (UNLIKE Gmail, hotmail etc do.) I really would not trust a 3rd party hosting emails for all to see, not to mention the fact if a hacker ever hacked into webmail. The only copy / record of emails I want are those that are inside my truecrypt container in thunderbird. I know there is a huge risk in sending unencrypted email in the first place (and in an ideal world everyone would use PGP etc), however I can't dictate how all my friends and family communicate with me, therefore I want to find the safest solution to mitigate these worries.

 

Your post nails the problems of using encrypted mail pretty well ..

Most 'normal' private citizens consider it to complicated and not worth the effort and it can be more than difficult to convince them that they are wrong .
The 'professional' people you communicate with, that's a different story :
It is most irresponsible of doctors, lawyers, insurance-companies and financial institutions to send highly personal information in cleartext over the internet .
You could contact them, provide them your public key and ask for theirs .
If they don't have one, then 'ask' them to get one or you will take your business elsewhere !

Regarding the security of messages on servers :
The only way you can be reasonably certain no messages are stored indefinitely is :
Don't give them the chance or rather : make it as hard as possible .
You need to run your own mail-server, and that opens a whole new can of worms :
Spammers and crackers will almost certainly try to 'hack' a mail-server that is visible to the network .

Regarding the security of messages in transit :
This depends on your threat-model .
Certain TLA's can see (and intercept) nearly ALL traffic on the internet.
While you may be able to prevent them from reading the content, you can not prevent them from knowing the communication took place .
Because PGP not only encrypts, but also signs, messages, there is NO plausible deniability .
Also, one big fault in PGP is that it does not provide 'perfect forward secrecy'
so if your private key ever falls in the wrong hands (or is 'cracked') ALL
messages encrypted with that key can be read in clear-text ..

 

So if I don't go down the road of trying to run my own mail server (don't think I would have the technical abilities or time) what is the best free option. Would something like riseup.net be the best bet? From what I understand if I use Pop3 it will download all emails off the server, but what about the sent box on the server? I don't want anything stored in here, as apart from your own server snooping on you, there is the worry if this is ever hacked. That's why I prefer to keep everything on my local computer.

Also does anyone know if it is possible to configure thunderbird to go through something like Tor so I can be sure the mail sever would not log my ip? Or is this impossible if using SSL with the mail sever, due to SSL creating a direct secure connection and not allowing you to go through a 3rd party such as Tor? Sorry if this sounds dumb but as you can probably guess I am not so up on these things.

 

I think switching to RiseUp! or Austici would be your first and easiest modification. At least with RiseUp!, email sent from a client doesn't get stored in the sent folder, and I think there is an option in the settings, to prevent that for the web interface as well.

You can get Thunderbird to use Tor, but it requires some modification. Since Tormail got taken down, the tutorial is no longer available, but there may be others out there.

I don't really know if trying to use Tor would really be worth it for a "regular use" email account. There will be so much info in the non-encrypted emails you send and receive, that trying to obfuscate with Tor, wouldn't be worth the effort.

Now, if you wanted to *always and only* use PGP (a second account perhaps?) then yes, it *is* possible to have an 'anon' email account. You can only communicate with people that don't know you in real life OR follow the exact same anonymity procedure as you do. <That part is always the stickler - one slip up and it may not work any more.

Hop on Tor/free VPN (rabbit hole #1, can you really trust a free VPN?) and create an account. You'll somehow need to get approved by RiseUp! first. Or try Austici, I think they are free too.

Never, ever connect without Tor/free VPN (say goodbye to phone/tablet email use unless you go down the root Android to use Orbot rabbit hole #2).

Create a new PGP key with absolutely no real info in it. Don't put it on a server - you can give it to whomever needs it. IMO servers were a good idea when we had the fantasy that the masses would flock to PGP - they haven't. A totally anon PGP key doesn't track back to you in any way, unlike a realnameATemailaccounti'vehadforyearsDOTcom key would.

So that's it. Never connect without Tor/free VPN, to the email server. PGP all email with a sanitized key, and make sure the correspondent either doesn't know you, or follows the EXACT same procedures.

Note: I'm assuming you want to do this for free. If you can come up with about $120 a year, I think a AirVPN/Boleh/Mullvad VPN and a Countermail account would be a lot easier. For true anonymity, you'd have to send cash to Mullvad, or learn Bitcoin for Air/Boleh (rabbit hole #3 with anon Bitcoin purchase and "washing"). Countermail takes Bitcoin too, but they do offer a way to pay somewhat anonymously with a credit card. (The purchase will be in your bank records, but there is no way for Countermail to know the account that you bought). Every hour, Countermail encrypts any plain text email,to your public key.

Hopefully some of this will help. You can't avoid getting technical when talking about anonymity/privacy.

PD

 

That sounds fantastic. Do you know of any other free providers that also offer this? I looked for Austici but could not find it?


As for using thunderbird through tor I just came across torbirdy. That looks pretty easy to configure with my portable thunderbird. Does anyone have any experience of torbirdy - can it be trusted?

One last thing you mention orbot for android. If I were to wirelessly tether my android phone to my pc should I use orbot on the phone and tor on the pc. Or is orbot only necessary if browsing the internet directly from the phone?

 

Not for ANYTHING that can be linked to your real identity ..
Does it contain a SSN ?
FORGET about using TOR .
Does it contain a e-mail address that can be linked to you ?
forget about using TOR .

And signing your (encrypted) e-mails sent over TOR with PGP ??
Just think for 5 minutes about how futile an exercise that is !

 

BitMessage seems more secure than standard PGP encrypted email (no meta data worries), but it's for text only, no attachments. You can run it through Tor.

 

Any connection to a (good) email provider will be SSL/TLS...the Tor exit node would be blind. If it's PGP, it *can* contain an SSN, though I personally wouldn't send that info. I would think if one was interested in these methods, they wouldn't have an email address that was identifiable. Same for the PGP key...you can have one that says anything - like Name: None, Email: noneATnowhere.not. These days, I'm not sure if a malicious Tor exit node is worse than an ISP exit node Just encrypt the stream and carry on. But again, if he can come up with $50 a year, I'd use a VPN instead of Tor (but you could use both in that case Tor>VPN).

PD

 

Why would you prefer a VPN over TOR, especially one that you have to pay for? If you are paying for something there will be a cash trail. Also how do yo know a VPN is more trustworthy than your own server?

Please could someone answer this question regarding phone tether:

If I were to wirelessly tether my android phone to my pc should I use orbot on the phone and tor on the pc. Or is orbot only necessary if browsing the internet directly from the phone?

 

Because there is less of a chance (not none, just less) that your connection is going through an explicitly 'evil' box. Yes, proper encryption *should* be able to protect the stream, even through an evil node... but if given the option of choosing a 50% chance of going through an evil Tor node, or a 45% chance that VPN traffic is going through something evil, I'd take the 45. Tor is a big target, as the Silk Road take-down and Freedom Hosting take-down, show...as well as the FOXACID leaks. Anyone can set up a Tor exit node, and rumors abound of the number of government run exit nodes that there are. This is all just personal opinion, I still use Tor for things because I still trust the math...but I mostly just use a VPN.

There is also a speed, and protocol advantage to a VPN.

I don't tether, but it sounds like just running Orbot on the phone would be fine. Interesting...never thought of that...you could do two hop VPN that way maybe? Phone connects to VPN 1, Computer connects to phone hotspot, and connects to VPN 2...will have to try tethering some time.

Edit: Also, there is less chance of a leak with a VPN (when you take the standard VPN leak countermeasures), as it covers ALL traffic on the computer. The Tormail attack bypassed Tor, and sent the IP and Host Name to the FBI via http. A VPN user was protected from the IP leaking...a strictly only Tor user wasn't (which brings us to NoScript use in TBB, but there's a thread for that ).


PD

 

Thanks for your reply Pauly

Regarding the phone tether I think I may post a topic on it's own about this to see what the consensus would be.

As for VPN can you recommend any good providers? M criteria is they must be free or accept annoymous / cash payment.

 

There are like 100 threads on that subject

Start with Air/Boleh/Mullvad...not sure what Boleh accepts for payment. Air and Mullvad take BTC, and Mullvad takes cash too.

Mirimir just listed some others he trusts in another thread, iVPN, and insorg, as well as some others I think.

PD

 

@Davi - Be aware that Riseup.net has a .onion pop3, smtp over server. Oh, forgot to mention they are over ssl.