Advantages of having an encrypted email

17 Nov 2020 in Blog posts

Encryption, Zero-Access, Data Centers explained and personal thoughts

November 17th, 2020 - Blog post. Last edited: November 28th, 2020.

Advantages of an encrypted mail

• 1. The encryption itself, from end to end
• 2. Zero-access encryption
• 3. Secure datacenters
• 4. Smaller Attack Surface
• 5. Price
• Conclusion
• References

 

Following up on my blog post about the consequences of data breaches, I will be writing about encrypting our emails. Several email providers are great at this, some of them are Protonmail, Tutanota, and Start Mail.

What are some of the advantages of encrypting your email communications? I will list 5 main advantages for you:

1. The encryption itself, from end to end:

Not only the messages are encrypted in the server, but if you exchange correspondence with another user of their platforms or if you send a special message password-protected, the key exchange will happen before sending your message, throughout the whole process until it arrives at the recipient’s inbox, so it remains encrypted at all times, by any means.

2. Zero-access encryption:

To further the resistance in case of a data breach, not even their employees can snoop on your messages thanks to something called zero-access encryption. This is made in two different ways:

• Either the message supports end-to-end encryption, therefore only the sender and the recipient have the keys to decrypt the messages or,
• The emails incoming from other email providers who don’t support end-to-end encryption (i.e. Gmail, Outlook, Yahoo), are immediately encrypted as they arrive in the servers by using the recipient’s public key so that, only the recipient’s private key can decrypt it.

It’s worth noting that the email providers are somehow running scanners against your emails to combat spam, so you can never be 100% sure, however, they guarantee you and the recipient will be the only persons meant to be reading your intimate message.

3. Secure datacenters.

Companies like ProtonMail have invested a lot of money in trying to be the only ones able to store your data so it never goes to the cloud. All the datacenters are theirs so they are the unique provider that has physical access to the servers. Apart from the physical security this provides, they also encrypt their hard drives with several layers of passwords so in the case of a break-in, if the bad actor gets physical access to the hard drives and can seize them, they will have a very hard time trying to retrieve data out of them.

4. Smaller attack surface

Imagine companies like Microsoft or Google. They are massive, aren’t they? They both have tons of services out there, starting mentioning them would lead us to a completely different topic. To keep it simple, imagine a phishing attack. Non-computer savvy people might get an email from Google stating that their Chromecast needs an urgent update. Since they can see the google logo everywhere they relate google to Gmail and therefore might think it’s a legitimate message from the same company. Now think of an email inboxing in an outlook account saying that Microsoft has launched a new model of the Surface pro. Outlook and Surface are related, aren’t they? None of the two examples above can happen with any of the companies stated in the first paragraph, since they only offer mail services (ProtonMail also offers a VPN service).

Yes, I know, these examples aren’t reflecting quite right the reality of a phishing attack but it’s just a demo exercise. They can also breach a different service and gain access to millions of other accounts. Data breaches are very present in our society and you never know when or where your company will be breached. Thus, the smaller the attack surface is, the less likely you are to be breached.

5. Price

How much do you think your privacy costs? Well, we have good news then, it doesn’t cost you a fortune!! Protonmail and Tutanota offer you free encrypted email services. F-o-r f-r-e-e. There are no excuses to treat yourself with some basic human rights. StartMail offers a subscription-only service so I didn’t include it in the hype.

 

Conclusion

All 3 companies I’m writing about are based in Europe. The GDPR law applying in this geographical area makes for these companies to comply with very strict guidelines of human rights under big penalties if they don’t satisfy the regulations. The GDPR doesn’t apply in Switzerland where ProtonMail is based, however, the pending Swiss Federal Data Protection Act (FDPA) expands the purpose of the GDPR in their territory.

Everybody should start using these services to guarantee privacy in case of a data breach. They are free and try to improve the quality of our human right to having secrecy in our communications. Please see the references below for further study.

 

References

Jon Watson, 12 October 2018. Comparitech - “Best email privacy security” [Online]
https://www.comparitech.com/blog/vpn-privacy/best-email-privacy-security/
[Last accessed Nov 28th, 2020]

Anon., 2020. ProtonMail - “Security details” [Online]
https://protonmail.com/security-details
[Last accessed Nov 28th, 2020]

Andy Yen, 22 October 2017. ProtonMail - “Why ProtonMail Is More Secure Than Gmail” [Online]
https://protonmail.com/blog/protonmail-vs-gmail-security/
[Last accessed Nov 28th, 2020]

Anon., 2020. ProtonMail - “Is ProtonMail GDPR compliant?” [Online]
https://protonmail.com/support/knowledge-base/is-protonmail-gdpr-compliant/
[Last accessed Nov 28th, 2020]

Anon., 2020. ProtonMail - “Zero-Access Encryption” [Online]
https://protonmail.com/blog/zero-access-encryption/
[Last accessed Nov 28th, 2020]

Anon., 2020. Tutanota - “Index page” [Online]
https://tutanota.com/
[Last accessed Nov 28th, 2020]

Anon., 2020. StartMail - “Index page” [Online]
https://www.startmail.com/en/
[Last accessed Nov 28th, 2020]

Anon., 2020. Cybernews - “ProtonMail Review” [Online]
https://cybernews.com/secure-email-providers/protonmail-review/
[Last accessed Nov 28th, 2020]

Andreas Knijpenga, 2020. Deloitte - “GDPR Consequences for Swiss Businesses” [Online]
https://www2.deloitte.com/ch/en/pages/risk/articles/gdpr-consequences-for-swiss-businesses.html
[Last accessed Nov 28th, 2020]

Anon., 2020. European Union - “GDPR” [Online]
https://gdpr.eu/
[Last accessed Nov 28th, 2020]

Nicole Beranek, 29 June 2020. EuroCloud - “Revision of the Swiss Federal Data Protection Act (FDPA)” [Online]
https://eurocloud.org/news/article/revision-of-the-swiss-federal-data-protection-act-fdpa/
[Last accessed Nov 28th, 2020]