Private Email & Messaging Platforms for Communicating In Confidence
Using the internet with any expectation of privacy is becoming much more rare. A new privacy scandal seems to pop up as soon as the last one goes away. While it may be more difficult to keep your communication private online, there are a few companies providing top-notch messaging products with a heavy focus on privacy.
ProtonMail is an encrypted email service that was founded in 2014. It uses end-to-end encryption so emails remain in encrypted form from the user’s computer to ProtonMail’s servers. In January of 2017, ProtonMail had over 2 million users. ProtonMail is based in Switzerland, which has notoriously strong privacy laws, including the Swiss Federal Data Protection Act.
Hushmail offers encrypted, private email tailored to enterprise use for healthcare and legal professionals. It began providing secure webmail solutions in 1999, so it’s an established player in the field. Users can choose to send emails in encrypted or unencrypted form. For emails sent to other Hushmail users, they will be encrypted by default. Non-users can view emails on a secure webpage.
Mailfence is an encrypted email service that uses OpenPGP encryption and digital signatures. It is available in a free form with limited storage capacity. Paid plans are also available for those looking for more features and storage. You can also find a mobile version here. If you currently use Ymail, Gmail or Hotmail, you can import your account into Mailfence for more privacy.
Signal uses end-to-end encryption and is “painstakingly engineered” to keep your communication private. Signal is an Open Source project, and is supported by grants and donations, meaning it can put users first, by putting people over profits. It emphasizes delivering a “fast, simple, and secure messaging experience”.
Telegram offers a private, cloud-based messaging platform for desktop and mobile users. It has grown to over 100 million monthly active users. Telegram uses end-to-end encryption, and is considered one of the most secure messaging platforms. You can send self-destructing messages that will disappear from both your and the recipient’s device after a set amount of time.
Wickr Me is a messaging solution designed with privacy in mind. Wickr pushes the notion that privacy is for everyone. It uses end-to-end encryption and perfect forward secrecy. Like Search Encrypt‘s chooses not to store any of your data on our servers, Wickr never even sees your communications on its servers. In addition to Wickr Me, the company offers Wickr Pro and Wickr Enterprise, which are designed for private messaging on a larger scale. These both offer voice and video functionality, while Wickr Me offers voice alone.
Additional Steps To Protect Your Messages
While these services will keep your messages and emails more private than their non-private alternatives, it’s important to consider the other ways someone could access your messages.
Keylogging: Keylogging software can get installed on your computer via man-in-the-middle attacks so the attacker can see everything you type on your computer. This could compromise your passwords or credit card numbers without your knowledge.
Passwords: The last level of defense against hackers is your password. If your password is “password1” or anything similar, you should change it immediately. Keep in mind that if someone gets access to your email password, they could likely find other sensitive information within your emails. We recommend using longer, more complex passwords and a secure password manager like KeePass, LastPass or Dashlane.
Encryption Isn’t Perfect
Keep in mind that no encryption or security method is perfect. Researchers recently found flaws in Apple Mail and Mozilla Thunderbird which allow attackers to extract decrypted text from encrypted email messages. Traditionally email is sent in plaintext, but are protected in part by TLS (transport layer security). For politicians, journalists, or activists, this level of protection may not be enough. They may use Pretty Good Privacy, or PGP, an encryption protocol used to protect electronic communications.
Unfortunately, many of the most widely used email encryption methods have seen flaws or security threats recently. PGP users are advised to immediately “disable and/or uninstall tools that automatically decrypt PGP-encrypted email” according to a post on the EFF’s blog.
“Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such asSignal, and temporarily stop sending and especially reading PGP-encrypted email.”
As with any other steps you may take to protect your privacy, there are always vulnerabilities. That is why it’s important to use multiple data and privacy protection measures. We recommend using a VPN, a private search engine, and extensions like tracker- and ad-blockers to keep your data as safe as possible.
Originally published at choosetoencrypt.com on May 14, 2018.