Email remains one of the most popular means of online communication. However, the level of protection of this technology is not high today, which may compromise the privacy of the users.
Before talking about how you can protect your email, it’s necessary to understand who and what you want to access, and how it affects users.
Correspondence is read by the robots of large companies
The fact that the data in emails sent via various services can be analyzed by automated systems is not a secret. Almost from the very creation of Gmail, the service analyzed content to increase the effectiveness of contextual ads. For example, if a user discussed an Xbox in their correspondence, the advertising network Google started to show more ads about game consoles.
Google later faced lawsuits — in particular from those who did not use Gmail — because their correspondence was still analyzed by the system. As a result, the company issued a statement asserting that it would give up the practice of automatically analyzing the correspondence of Gmail users for advertising purposes.
However, the fact that the owner of one of the most popular email services stated that it no longer reads our emails does not mean that email communication has become more secure. Microsoft has also been confronted with criticism for accessing private correspondence — in particular, during the investigation of confidential information leaks by employees, where the company used data from external users’ email accounts on Hotmail.
After this scandal, the corporation promised to end this practice, but a few years later the Windows 10 User agreement introduced a point allowing automatic collection of data from personal emails and users’ address books. All this shows the attitude of large corporations towards the privacy of mail correspondence and the value of their promises not to violate it.
Correspondence can be intercepted by the secret services
In 2013 Edward Snowden uncovered a large-scale program of surveillance by the USA special services in of its own and foreign citizens. It also included the collection of information via users’ email communications. This means that if the subject or text of an email contained words from a particular list, the correspondence was intercepted via a specially designed spy system embedded in the infrastructure of the largest Internet companies. As American IT services are the most popular in the world, the secrecy of the correspondence of users from different countries was compromised.
At the same time, you must not think that users ‘ correspondence is of interest only to American intelligence agencies — in recent months there has been much mention of email hacking by the Russian special services. This topic is discussed mainly in relation to the United States and French elections, but it is easy to imagine that if special services can hack the email accounts of high-ranking politicians, then the correspondence of ordinary citizens is an even easier target.
Access to important services is tied to email addresses
In today’s Internet infrastructure, email plays a critical role, and it is the email address that often acts as the user ID of many popular services and products. This means that if hackers can gain access to the mail account, they will be able to cause serious damage to an individual or a company. However, according to statistics, 21% of users use passwords created 10 years ago, and 47% of people work with only five passwords, and among the most popular security combinations are 12345 and QWERTY, which makes an attack easier.
As a result, hackers may not only steal personal correspondence that contains a wide variety of data and images, but also extort money by attacking a variety of products and services. For example, if you have access to a user’s email account, hackers can log the Apple ID and use the ‘find the Iphone’ function to lock the smartphone, featuring a ransom on the display. In addition, if the account is compromised, hackers can then access the iCloud and all the information stored there, including private photos and videos.
Why email is so vulnerable nowadays
Email remains a key element of online communication, but this does not improve its security. The development of cloud services has made email even less secure than in the days when it was necessary to organize your own mail server to communicate. Now people upload information themselves to the cloud, and even if they then remove it from their devices, it won’t disappear.
Modern internet users are accustomed to convenience and are not willing to sacrifice it even for their own safety. This is often forgotten by the creators of the tools built to enhance security.
As a result, additional protection is almost always a hassle. Often you need to install additional software and take additional steps to make familiar operations “safe”, as is the case with tools based on PGP technology. As a result, people are more likely to expose themselves to risks than to use protection tools.
How to change this
To make email correspondence secure, you must apply an approach that is already well-proven in messengers — we’re talking about end-to-end encryption. This approach is used in Signal, WhatsApp and Telegram.
When you use this method, each letter is encrypted with a public key on the sender’s computer, but is decrypted with a private key on the receiver’s device. On its way between the members of the correspondence, the message is always encrypted — neither Internet service providers nor even administrators of the protected mail services themselves can access the content of the message.
This eliminates the possibility, for example, of an automatic analysis to collect data for further advertisement or transmission to the intelligence services. However, all of the encryption and decryption work should occur within the email service, so that the user does not have to perform any additional actions. The ease of operation will greatly enhance the attractiveness of secure email services.
What are the market options
At the moment, there are several projects on the market that offer solutions for secure written communication via end-to-end encryption. Some of the most developed services are those of ProtonMail, Tutanota and Safe.ad.
Each one has its perks. For example, in ProtonMail, there is support for PGP technology, which makes the service versatile because PGP is supported by specialized mail clients. On the other hand, this approach does not allow you to encrypt the subject of the letter and the message metadata. The company emphasizes its own infrastructure for sending messages, indicating on the site that its hardware is located in a data center in the Swiss mountains. The developers of the following competing services, in turn, rely more on advanced encryption technologies that protect the correspondence on any server.
One of the first of its kind on the market, service Tutanota, is available in a large number of languages, which is certainly convenient. However, this project does not use two-factor authentication, which can make it less reliable.
In turn, one of the most “fresh” projects is Safe.ad. Although it is not localized and is only available in English, its creators took into account the flaws of products that had appeared earlier. As a result, the service encrypts all the metadata and also provides an encrypted file store. Another important plus is that there are no restrictions on the size of attachments that other secure communications services have.
Conclusion
Email is not yet a truly secure communication tool. The main reason for this is an often reckless attitude of users towards security and privacy issues despite regular news of hacking into large mail service providers.
The emergence of genuinely protected communication tools must be accompanied by intensive diffusion of educational information. A good example is Telegram and his founder Pavel Durov, who has made security and the non-cooperation with any special services one of the major features of the service used for PR.
The activity of the developers of safe messengers and email services together with the growing literacy of users in IB are the ingredients that will make online communication fully secure in the future.
In the meantime, every user has to think about his own protection, and using email services with encryption is a good first step toward security and data retention.
