The Problem With “Encrypted” Email Providers
E-mail, for better or worse is one of the most widely used communication methods over the internet. Even though it has its fair share of problems. It’s way better than using something like Discord or Instagram or whatever else kids nowadays are using.
Why email is was cool
- Decentralization: You don’t go to email.com to create an account, you use whatever provider you want to use. You have choice, you can even host your own
- Simple: By default, email is just plaintext. Simple, and readable. If you’re sending HTML e-mail, you’re doing it wrong.
- Openness: The foundation for email is IMAP
and SMTP. You can even use
curlto read email. You don’t need a web browser. Just need a clients that can understand both protocols and you’re set.
Why email sucks now
Gmail: EVERYONE uses gmail. In terms of setup, gmail is tremendous hassle, you need to configure extra things to make your e-mail client actually work like an e-mail client. Thankfully g-mail does lets you use IMAP & SMTP, but its not as simple as it should. Naturally, every effort is made to keep you inside their webapp. Because e-mail is one of the few (the only?) decentralized technology left in widespread used, the fact that everyone defaults to Gmail destroys its greatest superpower.
HTML: HTML mail is stupid (as stated above). It introduces security risk, results in larger messages, and renders unreadably by some clients, and more. No normal person sends HTML mail; it is the exclusive domain of spammers and automated newsletters. 1
Why “Encrypted” Email Providers are Problematic
When you first start worrying about privacy, you will hear two names being thrown around constantly: Tuta Mail & Proton Mail (more obviously exist, but these are the most common ones). Using this services might give you a false sense of security since they will only work as advertised if you use them correctly.
E2EE should be done at the client level, not a the provider level.
The very definition of E2EE is that no plaintext leaves your device, your messages are never read by the server, EVER. However, the way this services work is incompatible with the interoperability of e-mail.
Imagine you send a E2EE message to a g-mail user; How would they even read that? They don’t use proton, they can’t decrypt the message. For standard email to go through, it has to be send as plaintext over the wire. Then what’s the point of encrypting it in the first place? (To clarity: Proton doesn’t actually encrypt messages to external providers to then decrypt them, that would be dumb) (You can configure a symmetric passphrase, tho)
Now imagine two Proton Mail users communicating with each other. Since both are using the same client, they can understand each other and the encryption is actually useful. However, you need to use the clients provided by the services, you can’t bring your own. Technically is possible to setup a normal client with Proton Mail, but its a hassle. To my understanding is not possible to do the same with Tuta Mail.
A big problem with web apps is that you’re trusting the server to deliver clean JavaScript every time you hit refresh. If a government forces Proton to server a malicious JS payload to one specific user, the user most likely won’t even notice its browser is handing over the decrypted keys. Local clients don’t suffer from this dynamic payload vulnerability.
Using these services is better than using any other “normal” provider.
To be fair, this article isn’t complete hate to this companies. The fact that people are concerned enough about privacy that this companies can even exist, is a net positive. If you don’t plan on using a normal email client there’s no issue with using this services.
A thing I always like to remind myself, is what’s important, the reason I started using mainly free software for things. Privacy, freedom, control. Reducing bloat, customizability, performance, minimalism, efficiency are just lucky side effects. Yes, I care about minimal software, following the suckless & unix philosophies and everything. But the most important thing of all, is and always will be privacy.
The self-hosting trap
Some privacy advocates propose hosting your own email server. While I find this to be a worthwhile endeavor, it isn’t actually great for privacy, depending on your threat model.
Imagine you use your own email server to talk to two different
people. You want to ensure they can’t pin down your exact identity, so
you give them different aliases: foo@zekar.xyz and
bar@zekar.xyz. Because that domain name is so unique, it
takes zero effort to figure out that any *@zekar.xyz
address belongs to the exact same person. Furthermore, if your registrar
doesn’t mask your data, your real name might be tied directly to the
domain registration.
I only recommend hosting your own mail server if you want people to know it’s you, and if you have the immense time and resources required to maintain it. Running a mail server is easily one of the most demanding services you can self-host due to IP reputation and spam filtering.
The real solution
What I recommend is just using cock.li or similar
services.
Simply because they don’t ask for personally identifiable information at registration. Just a username and a password and nothing else. For some reason, that’s very hard to find nowadays. Of course, they support the traditional protocols, IMAP and SMTP (even the old POP!)
How can you trust such a ridiculous name?
You can’t. Cock.li doesn’t read or scan your e-mail content in any way, but it’s possible for any e-mail provider to read your e-mail, so you’ll just have to take our word for it. No “encrypted e-mail” provider is preventing this: even if they encrypt incoming mail before storing it, the provider still receives the e-mail in plaintext first, meaning you’re only protected if you assume no one was reading or copying the e-mail as it came in.
Taken from the cock.li frontpage
This ties back to my earlier point. The same trust to place upon Proton or Tuta to encrypt your emails before they read them, is the same trust you place upon cock.li to not read them.
However this trust shouldn’t be necessary.
The real solution
The only way to ensure your emails are private, regardless of which provider you use, is to get yourself a GPG key and encrypt (and sign) your messages locally on your client.
If you’re wondering: no, this doesn’t mean you have to copy and paste encrypted data manually. Most clients handle encryption natively. Inconvenient? Actually not that much, just keep your key safe, and share it with everyone you wish.
The catch
The only problem with encrypting your mail is the same problem of every private communication method. Try to convince your normie friends to encrypt their mail? Good luck. (Try to convince them to even use e-mail instead of discord lol)