Can a Secure Email Provider Be Private? How a Secure Email Manages to Address Privacy Concerns
Can a secure email provider be private? Email privacy and security concerns and expectations have seen a massive rise in 2013. At that time, Edward Snowden revealed that the major US internet companies were secretly transmitting their users’ data to the NSA. After the scandal broke, it became evident other programs of mass surveillance had been set up in many countries in the internet ecosystem. Various dedicated email privacy solutions were launched after the revelations. These providers focus on ensuring their users’ email confidentiality, integrity, and authenticity. End-users expectations are now much higher regarding email privacy – (you can find a poetic illustration here). But how can secure email services satisfy legitimate expectations of email privacy?
Common email privacy is similar to a postcard privacy
The email was never meant to be the centre of our digital lives. At its beginning, the Internet was a much smaller place. It standardized simple store-and-forward messaging (SMTP) between people using different computers. The messages were entirely transferred in the open and anyone who could watch network traffic could actually read them. As Wikipedia writes, “an email is much like a postcard, the contents of which are visible to anyone who handles it”.
Amazingly and unfortunately, email still mainly works in the same way today. Some steps have been taken to improve email security, though.
Steps taken to improve email privacy and security
Email users can now benefit from partial encryption during their email journey from sender to recipient. It’s possible thanks to protocols like STARTTLS and SMTP STS. It certainly brings some security, and thus, some privacy to emails, when it works. The trouble is, not every provider supports it, and not every provider that supports it provides end-to-end encryption.
Experts increase the security of email accounts (SPF/DKIM/DMARC, …). Their goal is to step up the email security on the whole.
But despite this, the emails you send daily from your conventional email account are still readable to anybody capable of intercepting them. And there are many people out there having the skills to do so.
Does it mean we should give up on email communication ? No, it doesn’t. We integrated email way too far into our digital world. Now, it holds a near-universal status on almost every device. It’s not going to disappear anytime soon.
The bottom line is that email as we know it today has never been secure. The myriad ways we send, receive, store, and use email messages make securing and enhancing email privacy a challenging problem. Also, the lean towards ‘excessive’ convenience over security by various service providers has neglected the requisite approach of having the right balance between security and convenience.
Encryption and email confidentiality
Well, Snowden said “Encryption works” – and we believe it should be end-to-end encryption, and not partial encryption (which we’ve seen in the case of STARTTLS, SMTP STS).
Another crucial aspect of this end-to-end encryption methodology is encryption protocols, ciphers and key lengths and implementation of such end-to-end encryption mechanism. This is where Mailfence comes into play and provides a securely implemented end-to-end encryption facility using strong open-source and publicly accepted protocols (OpenPGP), ciphers (RSA/AES, …) with strong key lengths (4096 bits/256 bits, …).
Now, coming back to the end-user expectations – the first thing to highlight is that email encryption is not synonymous with email privacy. While email body and attachments encryption plays a key role, other factors also strongly affect your email privacy :
- Metadata & Anonymity : to, from, date, time, IP etc… of email messages allow surveillance. They paint a reasonably informative picture of the target even with encrypted content & attachments.
- Public availability : the ability of people willing to use compatible tools and adaptable ways to communicate with you securely and privately.
- Technical accessibility : email services must remain straightforward and user-friendly to stay accessible to most people. Better usability is arguably the biggest obstacle to any email privacy-conscious solution when it comes to mass adoption. Most people tend to give up on their security and privacy whenever it becomes difficult to understand and use a particular system.
How Mailfence meet email security and privacy expectations
Let’s go through the barriers to secure email adoption listed above and examine how Mailfence has addressed them :
- Metadata & Anonymity : Mailfence strips by default your IP address from email message headers, and encourages you to use it over hidden services (for e.g, Tor…) with or without anonymous re-mailers (schleuder, …). A dedicated onion domain (an anonymous domain whose name is part of a public key encryption of a website address, and which can’t be reached with a conventional browser, but with Tor network) has also been planned for this purpose. Keep in mind that Mailfence offers private and secure services, but is not an anonymous email provider.
- Public availability : Mailfence’s goal is to offer the most interoperable solution possible. To this purpose, our private email uses OpenPGP. It’s a time-honoured open source protocol with a decentralized trust mechanism that is available to the masses and is compatible with tons of other tools out there.
- Technical accessibility : Mailfence is an easy-to-understand and user-friendly suite. Its private and secure email service gives you control and freedom. It’s thanks to the ability to choose between secure and private common email and encrypted email. It’s obviously an even more secure and confidential option. Also, Mailfence allows you to communicate with both external (other service) users and internal (Mailfence) users without any restriction. Along with full freedom and control over your privacy. Moreover, you don’t need any third-party add-on/plugin and can use Mailfence on all devices running a modern browser.
Mailfence is a secure and private email provider
Mailfence doesn’t just meet email security and privacy expectations, it’s also a collaborative suite offering a calendar with polls, a contacts and groups management, a chat service and a documents storage platform, all private and secure. Test its ease of use now by subscribing to our free plan. It includes 500 GB of storage data.
If you want to learn more about email security and how to protect yourself against the most common cyber threats, you can also check out our Email security and privacy awareness course. Feel free to look at our tips to keep your account secure. And remember : Email privacy is a right, not a feature !
Share This Article
Patrick is the co-founder of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.