Today, I use
ProtonMail via Bridge and Outlook. It works reasonably well, but it becomes incredibly slow over time. The smart part is that you can share emails this way while ensuring that all mail is encrypted.
I personally do not like Outlook as it is heavily bloated.
I know you say that ProtonMail is a big lie and that it’s not more secure than other email systems when it comes to handing over information to authorities and for surveillance.
Yes, definitely. They are also a company and need to comply with all laws.
But what is the best alternative then? And above all, a stable and fast system that can still work with Outlook and remains secure?
I think we need to split the issue in three parts:
- Mail client
- Mail transmission and choice of server
- Mail encryption
Proton is like the combination of all of them and you can use all or just parts of the puzzle:
- Client: Proton provides a secure webclient which decrypts all mail that has been encrypted at Proton's servers
- Transmission: Proton offers the latest technology to receive/send mail over secure connections (POP3/IMAP/SMTP over SSL/TLS)
- Encryption: Proton has integrated OpenPGP
Now, let's split the matter in parts.
Client
There are many capable mail clients out there. I guess many people here use Thunderbird and K9 on Android, both of which are open source and support most required features. Popular alternatives include The Bat! or Becky!
en.wikipedia.org
I am not sure if anybody out here would state that Outlook can be trusted, I personally do not like the software as it is heavily bloated with useless features giving hackers a myriad of opportunities to intrude (there really is no need for HTML mails in the first place, TNEF and all the Office features in emails (sic!) is just a security risk). Guys, please write plain text emails. We really do not need HTML and inline images. It makes email fast and secure.
No matter your choice, you want to ensure that
- The mail client only stores data on your premises (your computer or your cloud) and does not transmist anything to his motherhouse.
- SMTP and POP3/IMAP are supported with support for SSL/TLS on all of them.
- There is at least a plugin for OpenPGP and S/MIME (see below)
You most often have the choice between POP3 and IMAP. Both protocols have the same functionality to download incomimg mails from a server, but have slight differences. While with POP3, mails are normally deleted from the server or deleted after like 14 days (Gmail is an exception to this, they move deleted mails to its archive), IMAP offers access to the mailserver while keeping all mails there.
POP3
- Mails can be deleted immediately from the server
- Mails can be left on the server for like 14 days (you can set the number in any mail client), this allows you to access recent emails on all devices like computer and phone
- No mail archive is on the server and can be compromised there
- You can operate with typically less than 500 MB of mail space
IMAP
- All mails are on the server and can be accessed anytime from any device
- You can access the whole mail structure (not just the inbox as with POP3): Inbox, Drafts, Sent, Spam, Trash
- "Collaboration" with many devices (or many people) is very easy as all is synced
- If you fall in coma and your boss has your login, your colleagues can continue working (good for companies)
- You probably need 20+ GB mailspace per year in business
Of course I would only recommend IMAP if you operate your own server and you can ensure that the mails are all encrypted on the server with a public key and that the private key lies on the server but is encrypted with the IMAP password. I am not aware of any such server which is widely used.
Mail Transmission & Choice of Server
Even when all is encrypted (see below), you should ensure all mail is only transmitted in encrypted form. It is like accessing
www.offshorecorptalk.com over HTTPS instead over HTTP. With free Let's Encrypt certificates, there is no reason not to use TLS throughout. Gmail and many other clients are now starting to show padlocks on emails that have only been transmitted in encrypted form:
Transport Layer Security (TLS) is a protocol that encrypts email messages for security and privacy. TLS prevents unauthorized access of messages when they're sent over internet connections. By defaul
support.google.com
If you are operating your own domain, you just need to have a TLS certificate for the MX server and have the server using it when receiving email. It maybe takes an hour to set it up but definitely is worth the effort.
Some furhter reads:
Did you know that SSL isn't just for protecting your website alone? That's right, an SSL certificate for your mail server can also help protect your email.
sectigostore.com
SSL/TLS certificates protect sensitive data by encrypting connections between the client and the server. To improve security, Plesk and the mail server are automatically secured with a free SSL/TLS certificate from Let’s Encrypt during Plesk installation.
docs.plesk.com
Now with the transmission also comes also the choice of server. There are basically two strategies:
- operate your own server
- use freemail / public mail (Gmail, Yahoo, Hotmail, Proton)
Operating your own server is more secure, but you need to buy a domain. Of course, you can use WHOIS pricavy and pay with your registrar and host with cryptos, but this still gives some surface to attack your privacy. However, I personally would recommend that route as it allows you to control your server. While law enforcement agencies have direct APIs to Gmail etc. they won't have this for your own server. You can set up your own server correctly and have all encrypted. Or you can use a hosting company you can trust and use POP3, so your emails stay on your severs just for minutes.
The alternative is to use freemail providers. It often takes only a computer to register and you do not have to disclose any personal information when registering and can stay mainly anonymous. However, even if you use encryption (see below) your mail provider will learn a lot about you: whom you are emailing with, when and how often. You will also disclose your IP address to them and they will have your full location history.
Please note that the mail headers always will use your own IP address. There are a few ways to preven this:
- Use webmail (Gmail, Yahoo, Hotmail do not include IP addresses form email received over HTTP)
- Use a VPN / proxy to send email from your mail client
- Operate your own servers and set up postfix to not include your IP
I'm trying to hide the client IP from emails sent from postfix. here is an example of what I mean: Received: from mail.[removed].com (adsl-75-37-61-254.dsl.frs2ca.sbcglobal.net [75.37.61.254]) (
serverfault.com
Encryption
There are two common ways to encrypt mails: S/MIME and OpenPGP
en.wikipedia.org
en.wikipedia.org
Both work in a similar manner and basically do the same: they encrypt emails so that only the intended recipient can read them and they sign emails so that the recipient can verify it comes from you. While S/MIME relies on certificate sellers to issue the certificates (trust in the reseller is implied and the certificate for the counter part immediately accepted), OpenPGP relies on zero trust and requires you to exchange the certificate with your counterpart yourself (a signed message includes the certificate, you can then add the certificate to your client). While S/MIME certificates usually expire after 3 years, you can have OpenPGP certificates which never expire (although you should upgrade to stronger encryption, i.e. longer key length, from time to time).
While S/MIME is built in in many clients, less clients support the more secure OpenPGP. Thunderbid supports both of them. If there is no support, you can still rely to the command line to use OpenPGP. To create a key use
gpg --generate-key
to encrypt use
gpg --encrypt -r DEADBEEF -o b.txt -a a.txt
where DEADBEEF is the keyname of the receiving party.
You could (notice the subjunctive form) use Proton's built-in OpenPGP feature. But I would not recommend as it stores they keys on the server and you never know who has access to them.
I would say that in gereral both S/MIME and OpenPGP does the job, while S/MIME is more widely used in corporate environments while OpenPGP is the choice of geeks and nerds.
For communication with trusted parties, I would definitely recommend using encryption. You could techinically use Gmail, Yahoo, Hotmail and encrypt all emails. The providers would then only know whom you are mailing to and how often but none of the contents.
Recommendation
My personal recommendation would be to use Thunderbird or any reliable mail clients, preferrably open source. Operating your own mail gives you quite some advantages and I would definitely recommend you to encrypt all your email with OpenPGP (or S/MIME if the counter party has such preference). Of course, I set up my thunderbird to compose plain text emails by default.
