Rethinking Email for Privacy and Security
Most of the people I know in the world of cybersecurity rightly focus on deeply entrenched matters: server virtualization and containerization, software sandboxing, and helping to train employees to avoid social engineering hacks. But there’s one technology that we all continue to use that hasn’t really evolved at all since the 1960’s: EMAIL.
Email was born before the Internet, making it nearly fifty years old. The technology was intended as a way for a limited, known number of users to communicate with each other on a shared Unix mainframe. For that purpose, email was ideally suited. However, because it was born in an era when very few people had access to computers, the notion of security wasn’t a priority with email’s underlying technology. Secure Sockets Layer (or SSL) — one of the first protocols employed to help secure email communications — was developed by engineers at Netscape in the mid-1990’s, a full thirty years after email was born.
But despite the availability of newer messaging technology like texting, social media, Slack and even video chatting, email is not only still going strong, it’s actually thriving. In 2017, 296 billion emails were sent on average… per day. Those kind of numbers are mind-boggling. Businesses and individuals use email at an almost alarming rate. During the time I worked at Nike (2014–2016), most of the staff I knew LIVED in their email inboxes: it was — even more than Slack — the endless hole from which no light could escape. Ok, that’s a bit dramatic, but you get my drift. Most of us continue to depend on email as it was originally designed, which is nothing short of miraculous and — I say this as your friend — highly questionable because:
Email isn’t very safe, very private or very convenient. Additionally, because most people keep and use multiple email addresses, it’s a very unmanageable solution.
Let’s take a look at the most glaring vulnerabilities of email and offer a few solutions to help reduce or eliminate them.
Vulnerability: One-Factor Login
“If you spend more on coffee than on IT security, you will be hacked. What’s more, you *deserve* to be hacked.” — White House Cybersecurity Advisor, Richard Clarke
By default, all it takes to gain access to most any email is a username and password. That’s it! Only requiring one security challenge to gain access to your data is referred to as using one-factor authentication. Now ask yourself: what would happen if a malicious hacker gained access to your credentials? What legal, medical or financial information would be available with such access? Worse, what damage could be inflicted upon you, your friends, your family and your business partners with such access? Ask Mat Honan: a popular writer for such publications as WIRED, Honan was famously hacked in 2012 and saw his Gmail, Twitter and iCloud accounts all get hijacked, defamed and then outright destroyed. So, you know: that pretty much sucked for Mat, but it was almost 100% preventable. Let’s take a deeper look…
It’s important to learn a bit about how malicious hackers gain access to your credentials. Three of the most common methods include:
- Man in the Middle (or MITM) attacks
- Using key logger software.
- Employing old-fashioned social engineering.
MITM attacks, as the name suggests, a third party getting between you and your desired target without your knowledge. One method to accomplish this occurs on free Wi-Fi hotspots. A malicious hacker might connect to a free Wi-Fi network and then configure his laptop to be a public Wi-Fi hotspot with the same network name. Unsuspecting users who connect to this bogus network are then subject to whatever tools the hacker might employ. Wireshark, a well-known tool for closely examining all transmitted data (also known as “packet sniffing”) can then be used to help capture credentials the user passes to any website. For those who like pretty graphics, here’s what a MITM attack looks like:
Key logger software, as its name suggests, is malicious software that — once installed on a target computer — can capture or log every keystroke that’s entered. If you type your usernames and passwords, then you should assume that this would also be passed remotely to a hacker. Users of Apple computers shouldn’t assume that they’re protected from this kind of vulnerability simply because they use a Mac: key loggers are made for all operating systems, including OSX. Key logger software can be installed by someone who gains physical access to your computer or by leveraging the power of Social Engineering.
Social Engineering, as its name suggests, employs methods of using socializing to take advantage of another human. A malicious hacker, with a bit of cunning and strategy can sometimes yield potent and dangerous results using social engineering. Phishing scams — where an official looking email might fool users into thinking they are logging into GMail — are one such method. Calling different employees at a company while posing as someone from the IT department is another. These simple con games (and that’s exactly what they are) can sometimes cause terrible damage to a company if an employee accidentally gives server access to an outsider. Think about how often you write checks, provide your date of birth or social security number, or post personal information about yourself on social media. Now think about what might happen if a malicious hacker were to gain access to these data. Yeah: I know. Now consider what kinds of leverage those data might provide if the hacker chose to use them to seek other data about you. It was this last method — Social Engineering — that provided hackers with some of his personal information which they then leveraged to attack him.
Implement two or more factors of authentication. As I’ve discussed in previous articles, one of the simplest ways to help protect against one-factor authentication is to require everyone, including you, to pass through multiplesecurity checkpoints to gain access to your email. While this adda an extra 5–10 seconds of time to your login process, it may save you lost weeks or even months of damage control due to a malicious hack. The rationale behind using multi-factor authentication is sensible: if your email credentials were stolen, any malicious hacker would still be forced to provide a second (or third) challenge to gain access to your email. As secondary and tertiary factors of authentication usually require a piece of hardware that only you carry — a smartphone or USB dongle, for example — many malicious hacks can be thwarted. Fortunately, the most popular webmail services offer the use of two-factor authentication and help pages to learn how to activate them.
Pro tip: To best leverage multi-factor authentication, I highly recommend using the free app “Authy” on your iOS and Android devices. It’s biggest advantages over Google’s own Authenticator app is that it allows TouchID confirmation on newer iPhones, stores encrypted backups of your data, and allows your 2-factor authentication (or 2FA) codes to be shared across a number of devices. That makes it an ideal tool for individuals, families or small businesses who may use different iOS and Android devices to generate challenge codes.
Time Required to Implement:
If you’re not familiar with 2FA, I’d factor an hour of time to download Authy, set up the app on your smart devices and then step through the process of linking your webmail (and other sensitive) accounts. Authy even provides easy-to-follow guides on how to setup 2-factor authentication. As a result, I now use Authy for far more than just email: I also use it for Dropbox, Twitter, Amazon & Facebook accounts because I absolutely NEVER want those accounts hacked.
Vulnerability: Sending Data Via Clear Text
“Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.” — Bruce Schneier
If we assume that we’re always at risk when working online (and we are!), then sending email is a very risky proposition, indeed. That’s primarily because — by default — email is sent in clear text, a format that’s not encrypted. That makes the content of your messages very easy to read by curious or malicious individuals that work for your ISP or for your company network. It also makes it possible to view and capture your email address so that whoever intercepts the message also knows who sent it.
The most common method to capture emails sent in clear text utilizes the tool I mentioned earlier: Wireshark. Wireshark is a well-known application that specializes in packet-sniffing, something that sounds dirty, but is actually a powerful method for digital snooping. Users residing on the same computer network as you — a WiFi hotspot at a coffee shop or hotel, for example — can run Wireshark and monitor all traffic on that Wifi network, including both web and email protocols. To illustrate what a packet sniffer looks like, here are a few screenshots I found online to illustrate the example of sending the same email with and without protection. Image #1 shows an email sent in clear text; Image #2 shows an email being sent using SSL/TLS, a standard email encryption protocol.
One brief, but important sidebar: it’s important to remember that anything you transmit in clear text can be seen and captured by a packet-sniffer. This includes both email and logging into unsecured websites as well. In one notable story from 2013, users logging into Tumblr from their iOS devices were accidentally routed via the unsecured (or http) version of the website instead of the secured (or https) version. As a result, investigators found that they could use Wireshark see both the usernames and the passwords of anyone logging into Tumblr on the same WiFi network as shown here:
Purchase and use a commercial VPN. Corporations have been using virtual private networks (or VPNs) for years because the software ensures that all network data is encrypted. Individuals can purchase and use VPN services as well, usually for about $60-$70/year. It’s a powerful tool if you can afford it. Here’s why: even if you and a would-be hacker were on the same public WiFi network, your data would be encrypted by using a VPN and thus rendered nearly inaccessible. I’ve written extensively about how to pick and choose the best VPN services to protect both your data and your privacy. There are only a small group of VPN providers that work hard to protect you in both ways. For that reason, I’m a fan of the following five VPN programs:
- NordVPN (in Panama)
- Cactus VPN (in Moldova)
- My Private Network (in Hong Kong)
- Boleh VPN (in Seychelles)
- IBVPN (in Gibraltar)
Add the HTTPS Everywhere extension to your web browser. Backed by the Electronic Frontier Foundation (EFF) and the Tor Project, this amazing and free piece of software helps force your browser to only surf to secured websites. Click here to grab the free extension and starting using it on the Chrome, Firefox and Opera browsers. Safari users, you’re out of luck on this. The EFF has explained Safari isn’t covered due a limitation that Apple’s placed on Safari’s code.
Time Required to Implement:
Downloading, enabling and configuring good VPN software should only take 15–30min of time. Downloading and enabling the HTTPS Everywhere browser extension should take 2–5min. I can’t think of two better investments of your time than these, honestly.
Vulnerabilities: Transmission, One-Factor Receiving & Eternal Email
“If privacy is outlawed, only outlaws will have privacy.” — Philip Zimmermann
I’ve grouped these last vulnerabilities together for a reason: because they both question and disrupt old, unchallenged concepts about email.
Concept #1: email requires transmitting your message from point A to point B. For those who believe that sending encrypted data isn’t safe enough, suppose we re-designed this core functionality of email to halt the transmission of data? This raises an obvious question: if there’s no transmission of data, then how could our emails get sent? The short answer: they wouldn’t be sent.
Concept #2: even if we implement multi-factor authentication on our email accounts, we can’t force our email recipients to do the same. If we can’t be 100% certain that all of our recipients are protecting our data, then we can’t be 100% certain that our data is safe. But what if we could force our recipients to have and use multi-factor authentication?
Concept #3: we have no control over how long our messages last on other people’s servers. With the amount of space that free webmail providers like Google, Yahoo and Microsoft offer, there’s hardly a need to ever throw emails away. Therefore, even if we’re diligent about deleting all sensitive messages from our own servers, we can’t force others to do the same. Or can we? But what if we could prevent sensitive messages from being stored on other servers in the first place?
Send links not messages. SendInc has rethought the concept of sending emails and replaced it with sending links to your messages instead. In short, the company keeps your messages on its secure Amazon servers and then sends links with public keys to your intended recipients. Recipients see your personal email- — something they’ll recognize as yours — and, upon opening the email, simply see a bright, orange link for them to click:
Clicking that link, takes them to your secure message, which resides on SendInc’s servers. The free version features some great tech, while the paid versions allow you to add even more powerful features like custom message expiration (how quickly you can expire your email!), message retraction (you can unsend a message!!!) and message auditing for those individuals and companies that need to track such matters.
Force recipients to use a password in order to view email. InfoEncrypt is a very clever, 100% free service that allows you to send encrypted emails that don’t pass through their servers. Although it utilizes AES-128 bit SSL encryption — not the strongest security available — they also require you to create a password to encrypt and decrypt your message. Provide this password to your intended recipient (via some method other than email, of course) and you’ve got a decent, easy-to-use method of forcing two-factor authentication upon your recipients. Go to their website, enter your message, provide a password for encryption/decryption and software on your computer will encrypt your message, protecting it with your password. You can now send this encrypted message via any normal method (email, text, etc) and know that snooping eyes won’t be able to decrypt your note. All that’s required is for you to give the password to your recipients (using some different form of communication) for them to view and read the message intended for them. Magic!
Combine sending links, forcing the use of a password and expiring messages. There’s a reason that ProtonMail gets my highest-recommendation as the ultimate email solution. Designed by scientists at CERN and MIT, the system is thought to be NSA-proof; headquartered and kept on servers in Switzerland in a secure vault 1000 meters under rock, it’s in a physical fortress and governed by far stricter privacy laws than those of the USA; offering groundbreaking security features a free tier, there’s no reason not to use ProtonMail. I’m told it will also make you breakfast and give you a back rub, but I’ve yet to see those features work. 🙂
Initially, ProtonMail looks just like any other webmail interface. But once you’ve logged in, you’re presented with a second-factor challenge, a password that decrypts your account. If you include two-factor authentication using Authy (and you should), that’s three-factors: quite secure.
Once you’ve logged in, ProtonMail is just as easy to navigate and use as any other webmail service. But the comparisons end once it’s time to compose messages. Sending messages that protect your privacy is where ProtonMail excels. By default, messages from one ProtonMail user to another are encrypted. However, you can also encrypt messages to anyone outside the ProtonMail system. This function works similarly to how InfoEncrypt works, but is more seamless because it’s built right into the system.You’ll still need to choose an encryption/decryption password for your message but ProtonMail allows you to include a hint for that password when your notification is delivered! Very convenient! Recipients don’t receive your email, but rather a link to view that email on ProtonMail’s servers, encrypted to everyone who doesn’t possess the password.
Finally, ProtonMail allows you to set an expiration time on the message. This tool ensures that only the intended can view messages you want only them to see. By default, ProtonMail messages don’t expire. If you choose to leverage this amazing tool, the longest expiration you can set is for four weeks. I personally set sensitive messages to 2 hours or less. Occasionally, someone misses that window of opportunity. That’s fine with me: I’d rather be safe than sorry when it comes to very sensitive communication, so I’m always willing to resend. It’s worth the peace-of-mind.
Vulnerabilities: Using Only One Email Address
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” ― Stephane Nappo
The demands of modern life and business require that we have multiple email addresses for different functions. I personally maintain different email addresses for each of my businesses. However, I also have personal email needs as well:
- I belong to various groups and organizations with web portals that require an email address for signing up and logging in.
- I’ve subscribed to various newsletters and services which require a valid email address — one that can be confirmed — to sign up.
- I shop for goods and services online. Every new store from which I purchase always requires a valid email address to register before I’m given access to shopping.
In the early days, I had only one email address and I’d give it out to any person, company or service that asked for it. I quickly found my inbox overrun with spam from solicitors and advertisers. Email’s ubiquity and popularity forced me to rethink how I used the technology with an eye towards my privacy and security. My initial strategy was time-consuming and inconvenient: I created a bunch of free customized email addresses for all of my needs. Having that many email accounts and passwords failed. Miserably. Instead, I needed a new tool — if one even existed — to better manage a host of email addresses. More importantly, my solution needed to be cheap or free, easy to use, and very convenient.
Leverage the power of customizable email aliasing. I discovered 33mailwhile doing research for another article of mine about restricting personal data. The free service seemed to offer exactly what I was looking for in an email strategy solution: unlimited, free, customizable email addresses; a simple, easy-to-use interface that auto-forwarded me every email; and the ability to halt spam instantly. 33mail works by giving you a base email address which you can customize as much and as often as you like. If your 33mail username is “VeryImportantPerson”, that becomes your customizable email alias: _____________@VeryImportantPerson.33mail.com. Put anything you like before the @ symbol and it will go your 33mail account, and be auto-forwarded to you. Simple!
The company’s premium service ($1/month) offers no advertisements, use of my own customized domain, and a higher monthly data cap.
Pro-tip: when you sign up for any online service, provide a custom 33mail.com email address instead. I recommend that you create every email address based on the name of the service or person with whom you’re interacting. For example:
- if you’re signing up for Netflix, then use the following as your sign-up email address: “Netflix@VeryImportantPerson.33mail.com”
- for the Sina Weibo, use “SinaWeibo@VeryImportantPerson.33mail.com” as your signup email address.
- if you’re signing up for the home decor website Houzz, just use… actually just DON’T sign up for Houzz. They spam you way too much: trust me on that.
33mail auto-forwards every email from every alias you create to the personal email account you provided during the sign-up process. Here’s what a typical 33mail email looks like:
33mail emails contain all relevant auto-forward information at the top of each email in a box, making it easy to identify. Inside of each of those boxes, is another special tool: a link to block all further emails from that specific alias. Just click the link once and all emails to that address are blocked! 33mail even sends you a confirmation email to let you know it’s ben done. I made a short video to demonstrate how this works, using the email you see pictured above:
Using 33mail as a solution has eliminated a great deal of hassle: I just continue to receive emails in my personal email inbox without ever needing to provide that address to anyone other than 33mail. Even better, I can REPLY to any of my auto-forwarded 33mail messages as I would to any other “normal” email. My reply gets routed through 33mail’s servers, removing any header information (called MX records) relating to my actual email address. Just remember: remove any info from your emails before clicking send, including all the 33mail auto-unsubscribe links in the free service tier!
The free, basic tier is enough for most casual users, but I’ve enjoyed the service so much that I signed up for the $1/month paid tier. No matter which tier you choose, stop giving out your personal email address, friends. Instead, sign up for and start using 33mail instead for more privacy and security.
So that’s it for this first installment, friends. I hope you’ve got a few new tools to use in your on-going effort to protect your privacy and your data. To briefly review, here are the tools to help you fix the most common email and data communication problems:
- Implement two or more factors of authentication by using the free Authy app on your iOS or Android device to manage your authenticator codes.
- Purchase and use a commercial VPN to help encrypt all of your internet data, both email and websurfing.
- Install the free HTTPS Everywhere browser extension for Chrome, Firefox or Opera.
- Use SendInc for free to send links to your emails instead of the actual emails.
- Use InfoEncrypt for free to encrypt and password protect emails that you can send in any common email program.
- Use ProtonMail for free to combine sending links, forcing the use of a password to view your emails and expiring messages in one powerful tool.
- Leverage the power of customizable email aliasing by using the free 33mail service to create unlimited, customizable email aliases.
If you’ve got a great tool that you use, please leave a comment so we can all share together! Until then…