Secure email: Why end-to-end encryption is at the heart of it

Secure email and end-to-end encryption
Everybody wants your data one way or the other. It’s not just the NSA, Google, Facebook or your phone provider. Even your torch app or online store tries to get access to your data. Yet, we have to exchange messages all the time with family, friends, colleagues or government.  This is precisely where end-to-end encryption comes into play (have a look at the image above) by scrambling your data into an unreadable form before it leaves your device, and only the right recipient holds the capability to read it. Following section will discuss different aspects of email privacy and security.  You will learn why end-to-end encryption is at the heart of secure email.

Email and digital communications

We continuously send emails to family, friends or colleagues. On a daily base 215.3 Billion emails get sent. This number is expected to increase by 17% in 2019. Needless to say, email has become the backbone of digital communication. This is what makes email super enticing for both surveillance and mass spying.

Free is not ‘free’

All the traditional email service providers, say it’s all for free. However, in reality it isn’t. One has to give up one’s data while using those services. We believe this is a big deal !

Ever wondered how much google really knows about you ?

Retaining email privacy and security is not easy

The task of taking back control of email privacy and security is not easy.  Following are some of the reasons:

  • User-friendliness versus data privacy and security:

Several services emphasize usability (which is not a bad thing in principle). But this goes at the cost of changing user habits and stealing data. Users end up becoming negligible towards their data privacy.

  • Attempts to outlaw encryption:

The continuous attempts to ban encryption in the US and Europe and the massive efforts of NSA (in global surveillance revelations)  have shown the extent to which encryption can be sabotaged and can be used as a tool to provide an illusion of security and privacy. The reasoning behind proposals to outlaw encryption is that it is used by bad guys (cyber criminals, terrorist, etc…). However, this argument is as shallow as banning mobile phones, because bad guys use them as well.

  • A false impression of security:

This is somewhat an overlooked aspect. Why isn’t there a massive usage of secure email solutions?  The most probable explanation is the lack of awareness and knowledge among end-users. Most people do not know what real online privacy and security means. Somewhere this is absolutely logical as it’s our job to give users easy to use secure email solutions.  We should not  ask people to dive into the technicalities. However, lots of internet organisations simply abuse the trust of their users by either backdooring their applications, or secretly snooping or selling their data.  In some cases they even provide secret access to spying agencies without any legal court order at hand.

‘True’ end-to-end encryption is at the heart of secure email

Users have to put a level of trust in their provider irrespective of the (so called) claims of “zero-knowledge” of various service providers out there. These providers pretend to “know nothing about you”. However this is not true. We’ve seen various cases of highly-audited and technically sound mechanisms of secrecy that still leak information (i.e., meta-data: to, from, time, message count, account creation time, …).

This kind of information can be anonymized to a certain extent either by hiding it, replacing it or even encrypting it. Unfortunately we haven’t seen a mechanism yet that allows for complete protection against this kind of information leakage though, some interesting research projects do exists: DIME, LEAP, ….

We believe the starting step is to set the record straight. We do not want to give a false impression of “we know nothing about you” but instead show a high level of transparency that will lead to legitimate trust.

In our opinion, end-to-end encryption plays a crucial part in achieving secure email. It protects the user’s message content by providing confidentiality, integrity and authenticity.

At Mailfence – a secure and private email service, we believe that it is extremely important to safeguard online privacy in order to preserve our basic values and freedom of speech. The opposite – all-round surveillance – is just too dangerous. We think together we can make a change and stop our society from being monitored 24/7.  It can be done by all taking small yet effective steps.  If you agree with us, join the movement for secure email and share our message.

Get your secure email!

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word !

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...

3 Responses

  1. August 2, 2017

    […] Secure email: Why end-to-end encryption is at the heart of it […]

  2. August 2, 2017

    […] also: Secure email: Why end-to-end encryption is at the heart of it, OpenPGP encryption best […]

  3. August 29, 2017

    […] Secure email: Why end-to-end encryption is at the heart of it […]

Leave a Reply

Your email address will not be published. Required fields are marked *