Prevent Email Snooping
Email security and privacy concerns have been an ongoing problem. The confidence of logging into your favorite email program without any concerns of prying eyes, is long gone. The good news is that there are a few well known services on the market that can help restore a bit of that confidence. Provided is a small list of some of the more talked about services on the market.
ProtonMail was developed by Andy Yen, a PhD student at CERN in Switzerland, who became concerned about the NSA spying on the emails of scientists and other private citizens. He and some of the other young students at CERN got together to develop an end-to-end encryption system that the NSA couldn’t get into.
“We encrypt the data on the browser before it comes to the server,” he explains. “By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key.”
Most of ProtonMail’s team works on the project part-time. “We’re all CERN or MIT scientists,” says Yen, “so we’re doing research on computing, mathematics, physics that’s actually closely related to what we do on the secure email. Encryption is very mathematical so we have four PhD physicists working on this.”
A recent article by The Register highlights a potential security flaw in ProtonMail, though. A security researcher managed to hack into the system and plant dummy code intended to represent a potential virus. He was not able to crack the encryption or read emails, but he did manage to get his code into user’s systems, thus demonstrating a security flaw. ProtonMail claims to have patched the security flaw and says that this is no longer an issue.
Countermail is a Swedish service that claims to be the only reliable protector against MitM (Man in the Middle) attacks, in which an attacker impersonates the communication service itself and thus gets access to all messages. Qualsys’s SSL lab gives Countermail an overall grade of “A,” and so far no major hacks or security flaws have been detected. The service charges $19.99 for a three-month subscription, or $99 for a full year.
The main criticism of Coutnermail is not a security flaw, but a potential user error that the service does not prepare for. This is loss of password. In a widely-read review of Countermail, Hacker10.com advises readers to “Be very careful to remember your password because if you lose it, it can not be recovered and your data will be lost for ever.”
CryptoHeaven dubs itself as the “world’s safest email“. It offers a “no-knowledge” security solution, meaning users maintain their own keys and nothing readable is stored on the service’s own servers. That means that even if CryptoHeaven itself is compromised, its users can still be confident in the security of their communications. As a private reviewer comments, “When you first run the client, you create an RSA key pair and set the key length & prime certainty. The private RSA key is then encrypted with what CryptoHeaven calls your passcode, a hashed and salted output of your username & password…That sounds like a lot of win!” The service is also set apart by the fact that it offers an entire communications suite (instant messenger, voice mail, etc.) in addition to its email client.
Another point in Cryptoheaven’s favor is its location in Toronto, Canada. The Canadian government is not aggressive with its spying program (unlike the United States and a few European governments), and so this server location is protected by international boundaries – although this could change at any moment, as many governments are ramping up their spying efforts and the US government has a documented history of extending its spying program internationally.
Enigmail is not an email service as such, but rather a plugin for SeaMonkey and Mozilla Thunderbird. It encrypts data sent through these mail services using a GNU Privacy Guard. Launched in 2001, it is a widely used open-source security solution. Users have a private, password-protected decryption key that they can share with as many or as few of their contacts as they wish. This reliably keeps third-party viewers from getting into the email.
Significantly, a report by the Freedom of the Press Foundation found that encryption was one of the only reliable ways to prevent NSA spies from accessing email. They went on to specify Enigmail as one of the more reliable and user-friendly encryption products on the market for this purpose.
By Gustav Steinhardt