Encrypted Email
Here's my broadcast detailing the problem with email in an Email Hackathon. it shows how your IP address is revealed.
Email Hackaton
Caution! Caution!
If you watched that broadcast, you will see that there really is no evading the problem of tracking of email. Yes there are products that offer some encryption of email. Here are two companies that are well known.
TUTANOTA
Protonmail
However, they do nothing to encrypt the 'Subect', or the meta-data in the headers which include IP addresses. Their true encryption only comes to play when both parties are on the same platform. And even then, there's a lot of trust involved especially since these companies can see your unencrypted email.
The true solution is to avoid email and instead rely on Encrypted Messaging apps like Brax.Me, Telegram, Whatsapp, Signal, etc. However note that WhatsApp is owned by Facebook so they will send the metadata over to the Facebook side.
The other well known option for encrypting email is PGP. This is where your contacts exchange PGP keys with you (a tedious process and not something you do with casual email). The problem with this is the same. It does not encrypt the subject or the metadata because the actual email protocol standard is based on plaintext.
Also at the time of this writing (June 2018), flaws in PGP were discovered in several email clients including Thunderbird. I don't like using PGP so this doesn't matter to me. Thunderbird Email client is still my preferred client.
Another detail I mentioned in the broadcast is the attack vector that email exposes. Someone can send you something called a 'beacon' which is often automatically opened by email clients even when you don't open a message. This is true of products like Microsoft Outllok or Mac Mail. This will actively reveal your IP Address.
The solution is to use an email client that does not open up these 'beacons' by default. I have tested Mozilla Thunderbird as being a safe email client to fight back against Beacons.
Here's my broadcast detailing the problem with email in an Email Hackathon. it shows how your IP address is revealed.
Email Hackaton
Caution! Caution!
If you watched that broadcast, you will see that there really is no evading the problem of tracking of email. Yes there are products that offer some encryption of email. Here are two companies that are well known.
TUTANOTA
Protonmail
However, they do nothing to encrypt the 'Subect', or the meta-data in the headers which include IP addresses. Their true encryption only comes to play when both parties are on the same platform. And even then, there's a lot of trust involved especially since these companies can see your unencrypted email.
The true solution is to avoid email and instead rely on Encrypted Messaging apps like Brax.Me, Telegram, Whatsapp, Signal, etc. However note that WhatsApp is owned by Facebook so they will send the metadata over to the Facebook side.
The other well known option for encrypting email is PGP. This is where your contacts exchange PGP keys with you (a tedious process and not something you do with casual email). The problem with this is the same. It does not encrypt the subject or the metadata because the actual email protocol standard is based on plaintext.
Also at the time of this writing (June 2018), flaws in PGP were discovered in several email clients including Thunderbird. I don't like using PGP so this doesn't matter to me. Thunderbird Email client is still my preferred client.
Another detail I mentioned in the broadcast is the attack vector that email exposes. Someone can send you something called a 'beacon' which is often automatically opened by email clients even when you don't open a message. This is true of products like Microsoft Outllok or Mac Mail. This will actively reveal your IP Address.
The solution is to use an email client that does not open up these 'beacons' by default. I have tested Mozilla Thunderbird as being a safe email client to fight back against Beacons.