Protecting your privacy: how and why
1. About privacy
1.1. Why should I encrypt my mail?
1.1.1. Non-personal secret: negotiations, finance, justice
1.1.2. Personal secrets: private life and feelings
2. All risks suffered by YOUR mailbox
2.1. The route of your e-mail messages
2.1.1. The countless copies of your e-mail messages
2.2. Reading e-mail: on the edge between good and evil
2.2.1. The risk is subdivided between two levels
3. Technical tips and encryption
3.1. For a start: encrypting is much easier than you can think
3.2. How does encryption work?
3.3. What application should I use to encrypt my mail?
3.3.1. What should I do to use GPG? Very easy
3.3.2. But how does it actually work?
3.3.3. What should I do with my public key?
3.4. In few words
4. For the most paranoid ones: anonymous remailer
Police enquiries mention more and more often sentences uttered by the accused as regards the possibility of encoding their letters, and these reflections are considered as an explicit suggestion of their will to carry out illegal acts. With the same frequency, police files contain passages of tapped e-mail messages
From the NSA case through the several inquiries A/I had to face, it is a well-known fact that our lives and communications are monitored. We are striding towards mass control, when privacy will collapse for the sake of law and order, among suspicion paradigms and the fake terror issue.
In a situation where control is always forced onto us as the solution to all evils, we'd like to cast some light into the dangers implied by e-mail communication and into the countermeasures you can use
If you don't know what encode, encrypt, etc. mean, have a look at this page: http://en.wikipedia.org/wiki/Cryptography.
A non encrypted e-mail message sent through the Internet is like a post card without an envelope: postpeople, doorkeepers, neighbours and anybody else who can put their hands on it will easily read the message you've written
We'll never get tired of repeating that using cryptography does not only protect yours, but also your addresse's privacy.
Journalists, lawyers, physicians, accountants: there are many occupations which bind by contract, by ethics or by law to keep professional secrecy. More and more people use the Internet for work reasons, and those who must protect their clients' secrets are obliged to encrypt their e-mail if they don't want their commercial proposals, law files and case histories to get lost in the Web red tape.
If they don't encode their documents, they will be neglecting the necessary measures aimed at keeping professional secrecy and they will be risking significant legal and financial consequences.
You don't encrypt your mail because you have nothing to hide? Very well, but how come do you close the curtains at home then?
You certainly wouldn't like some stranger sitting at the desktop of your Internet provider to grin while reading, for leisure, the messages you're sending to your best friend. If you have never encrypted your e-mail, it is likely that some stranger may have read what you've written...
Your e-mail is exposed to several risks: when you send a message, your mail client contacts a server through a so called SMTP protocol and transmits your message to this server. This transmission takes generally place in plain-text (without any encoding). The SMTP server contacts in its turn the destination server, and this transmission will be carried out in plain-text again.
What's more, every time you send an e-mail message the service
provider's computers will record a copy of your letter. Let's see how it works:
Your e-mail travels along the Internet leaving behind a number of copies.
E-mail messages move through the Web with a sequence of
copies recorded by a mail server (e.g. your ISP's -- Internet
service provider) in another mail server.
If for example you send a mail from your home in the North of Rome to a person living in the South of Rome, your mail will be copied at least thrice:
- Your computer (original copy) sends your message to a first computer at your provider's offices (1st copy);
- in the best hypothesis, the provider's computer sends its copy directly to your addressee's provider's box (2nd copy). But there could be more steps;
- your addressee's ISP's computer keeps a copy of your mail (3rd copy), while waiting for someone to download her mail (end copy).
So just to travel through some neighbourhoods your mail has been recorded at least thrice in 2 different hard disks (2 ISP mail servers) and every time in a perfect copy. And behind these hard disks hide commercial firms, curious IT technicians, all sorts of officials and many more... Besides, these three copies are the best hypothesis: if you give a look at the headers of your incoming mail (every client has an option to do this), you'll se that the steps are many more, as many as the copies of your messages
Theoretically, these multiple copies of your mail should be erased within few hours by each ISP. But the new laws which are being passed worldwide against "cybercrime" provide for the retention of all copies for several months, at least as regards the parts signalling the sender's and the addressee's data.
When you download and read your e-mail, you generally use one of these methods:
- by webmail, with a simple browser.
- with a mail client, by using POP3 or IMAP protocols.
In both cases the bulk of your mail always travels in plain-text, unless you take some particular countermeasures: without them your password and your messages are totally readable when they pass from your provider's box to your computer.
First of all, during its various movements along the Web, a message can be tapped and read. Second, the copied messages in the servers can be read by anyone who can access these computers.
As regards the first problem, you can use encoded communication channels to send your messages to your servers (by using SMTP with SSL support and POP3 or IMAP with SSL).
As for the second problem, it can be solved by using a program for e-mail content encryption. But be careful: you should absolutely use an open-source program, otherwise you can't be sure that it does what it claims. Encryption programs can actually suffer several attacks: someone could want to create a backdoor allowing them to read an encoded e-mail message anyway. If the program you're using is not open-source, that is if the source code is not available and cannnot be examined, then a programmer resolved to grant everybody the possibility of protecting their privacy will not be able to assess the possible presence of backdoors.
If you know how to manage a normal mail program (writing e-mail messages, inserting attachments, etc.), then you should not have problems in managing encryption programs.
GPG, the open-source program we (and many others) advise you, is actually rather simple to be used, also because it can be installed through an ad-hoc plugin on several e-mail clients. In particular, we recommend coupling Thunderbird (mail client) with Enigmail (encryption plugin), which are both available for every operating system.
At any rate, the degree of safety you'll get closely depends on the level of protection you can assure to your private key, that is the file containing the cryptographic mechanisms trigger. If you lose your private key, security will only be delusive. If you want to know what a private key is, read on.
There are two different categories of encryption methods: symmetric and asymmetric.
A symmetric encryption method can, for instance, establish a correspondence
between letters and respective numbers:
A ---> 1
B ---> 2
C ---> 3
and so on.
The drawback of these system is that as soon as you discover how a message has been encoded, there will be no problems in deccoding it.
An asymmetric system is much more sophisticated. Encoding and decoding take place through two different mechanisms: their difference is such, that the encryption mechanism can be made public.
Here's an example to better understand how this system works. A secret agent going abroad must periodically report with her bosses. How can she send her reports? Easy: before leaving, the agent gets from her boss 100 open locks; when she needs to send a message, she puts it in a solid box, closes the box with one of the locks and sends it by mail. Once it has been closed, the box can only be opened by the agent's superiors, who has stayed at home with the necessary key. What are the fundamental aspects of this system?
- When the agent closes the box, nobody can open it without the respective key, not even the agent herself.
- If the agent gets caught, the police cannot decode anything, because they can only put their hands on the locks.
- There's no need for the agent to hide her locks, since they can only close boxes, but they can't possibly open them.
This example is about a secret agent, but encryption is recommendable regardless of your having something to hide. It is crucial to demystify the equation encoding = having illegal things to hide. And if you think about it, this is an equation you deny every day, when you draw your curtains, indeed, or when you avoid curious glances at your monitor while you're writing an e-mail.
Encoding just means avoiding that someone (from your provider's employees to the marketing firms monitoring words used in e-mail messages in order to adjust their company's production) reads what you write, your private affairs.
Moving to the digital realm, we call public key the encryption code (the lock), and private key the decryption code (the key).
If you use an asymmetric encryption code, you'll have two keys, of course: a private key you have to protect very carefully and keep absolutely safe, and a public key, which can be made available to anybody, on a suited website, for instance.
PGP (Pretty Good Privacy) is a software allowing for totally reserved communication even between persons who have never seen each other and who live thousands of kilometres apart. This is possible thanks to public key cryptography.
Unfortunately the latest PGP versions cannot be considered safe, in that users cannot check the program code.
This is one of the reasons why GPG (Gnu Privacy Guard) was created: GPG is a software very similar to PGP which is released under a Gnu license, so that its code can be verified.
For more details about PGP, go to:
For more information about GPG, go to:
After you've installed Thunderbird and Enigmail in your computer, all you need is a pair of keys. To create them, follow these instructions: http://dragly.org/2010/02/13/getting-started-with-encrypted-e-mail-using-thunderbird-and-enigmail
- First of all, you should create a public-private key pair through your encryption software, then you should give your public keys to the people you want to communicate with. You should never give your private key to anybody else.
- When you write an e-mail message, you should encrypt it with your addressee's public key.
- The encryption process inserts a sort of electronic “lock” in your message. Even if your e-mail was tapped while going through the Web, its content could not be accessed because the key would be lacking.
- When your message gets to its destination, your addressee will enter a passphrase (made of more than one word). The encryption software will then use your addressee's private key to ascertain that the correspondent public key has been used.
- Then the software will use the private key to unlock the message encryption and allow mail reading.
It's easy, isn't it?
You can find many tutorials on enigmail/GPG searching on the net
It will now be clear that it is fundamental to spread your public key as much as possible in order to use asymmetric encryption: if nobody has your public key, nobody will be able to send you encoded messages.
One of the servers you can use to publish your public key is:
Use a cryptography software to write your private messages, and configure your mail client so that it sends and receives messages in a secure way (SMTP with SSL support; POP3 or IMAP with SSL).
If you wish to learn more, we recommend you:
Cryptography does have a problem, though: since you have to publish your private key on a server in order to make it available, the mere fact that your address can be connected to a name challenges the concept of privacy. That's why a series of tools known as anonymouse remailer has been created: in fact these tools can totally hide the sender's name.
A good reference on the subject is Andre' Bacard's FAQ. Generally speaking, anonymous remailers are servers functioning as mediators between senders and addressees at the mail delivery stage: thus the real sender is replaced by the mediator. By passing through a chain of several mediators, you get a decent security degree and it can be argued that your mail has been sent anonymously.
For a clever use of this tool, you should pass through many anonymous remailers. If you want to get a good security degree, you need to encode your message first and then to send it through a chain of remailers. Remailers can be used through several clients.
A list of clients can be found here:
SSL or TLS protocols support is embedded in almost every mail server and client, by now. Both protocols add a cryptographic level that prevents your password, for example, from travelling in plain-text through the Internet. Enabling them in a client is rather easy, but not all providers support them.
However, there's a lesson to be learned from the mentioned A/I case, when the postal police used the excuse of an enquiry on terrorism for secretly seizing our server content, with the help of the hosting webfarm: this teaches us once more that it is unsafe to rely on other people for one's individual privacy, and that privacy in the Internet is not much different from the privacy we get while walking in the streets of this truly unfree world.