Whether on a mobile phone, computer, car, game consoles – an email connection is available almost everywhere. It can be said that anyone who uses the internet also has one (or more, long live polygamy! – for email addresses, I don't want activists on my neck) email address. These addresses verify us on the Internet, we need them to register for services or receive messages from friends or reminders of the services we use. Of course, we also get desperate cries on calls from the services we no longer use.
Emails offer an easy way to communicate, unfortunately they have not been developed with the background of private data protection. This means that e-mails are in principle sent as postcards through the Internet to the respective recipient.
But there is SSL?
Right. There is. There are also airbags, if it pops right you are at least directly wrapped– but still dead. SSL is a method of closing traffic between two points. If I send a postcard from Basel to Lucerne, it will be sent to the receiver via various stations and nodes, just like an email.
Sending a Postcard
I write the postcard, this can be read by anyone near me. I bring this in a bag to the post (the postman can read it). The postman wraps them in a sack (no one can read it anymore, unless he sits in the sack, let's do that). The sack is sent to a branch and taken out of the sack, oh, the postcard can be read by strangers again. Then the sack story repeats... Until at some point the card is brought from the postman to the receiver (in a sack or does he always hold the card in his hand?).
This is almost identical with a normal email. The sack represents the encryption via SSL. This is valid for transport routes. We do not know if the postcard is still transported in a sack after the first transport.
Now let's take a look at the example by email
I write an email, who sees my screen (or has hijacked my PC) can read along. I send the email via email program to the server, which manages my emails (Post office). If I have SSL configured, it's pretty Safe (PGP – Pretty Good Privacy). The server then transmits the email to the relevant server of the recipient via various nodes on the Internet. I have no influence on this transport. So, I don't know if the data is transferred securely. I also do not know whether the provider stores my email encrypted? And when he does, he holds the keys in his hand –certainly not a good privacy. The recipient then picks up the message from his server. Also, there I do not know if the transmission takes place encrypted. As you can see, emails are by no means a secure means of communication.
And it turns out – secured mails are possible!
A method to send email securely is to encrypt it before shipping (s/mime, since Uncle Google will provide enough guidance). However, this has the disadvantage that all recipients also have to make use of it to read the email. So, the transportation is not encrypted, but directly the text I write – only the recipient has the key to make the message readable again. In principle, this would be like writing the postcard in a language that only the recipient understands. If someone else wants to read this stuff, he won't have a clue..
A cheer for Protonmail
I'm lazy and do not want to encrypt and teach others how to read my mails – that's why I use Protonmail. The Swiss startup offers free email addresses based on the zero-knowledge principle. Everything is encrypted and only I alone know the key. If I forget the key, I'm screwed! Without my key, everything will be lost – and that's good! All email sent from a Protonmail address to another Protonmail address is automatically secure. If I send an email to an external address and want to secure the content, the guys have a solution ready as well. The recipient receives a link via email, where he then has to type in a password that I have defined so that the message can be decrypted. Of course, I can also use the email address like any other email address.
But don't I have anything to hide?
This may be the case today. What if one sends emails about eating at a steak house and in public he claims to be vegan. It's ok for now. But if that guy ever candidates for some political job and gets hacked? What if you write an email that you go out every Wednesday night and some hackers see the mail and know exactely when nobody is at home?
Conclusion of story
Send as many unprotected emails as you want, I don't care. But when it comes to confidential content, put it on a secure email provider, like for example Protonmail. There are also paid mailboxes or the opportunity to act as patrons. For me, it goes without saying that I do not want to use the great service free of charge.
Cheers and take care of your privacy, trollfarmer