Using PGP encryption for email

crazycells

Hi,

I wonder about others’ opinions about PGP (Pretty Good Privacy) encryption in email inboxes. Or if others are concerned about the privacy of their email inboxes.

I recently learned that emails are not meant to be confidential or encrypted. At least, during its inception. However, since many email servers/providers are trying to sell “us” as a product, and additionally governmental surveillance programs are increasing day by day, I am more and more interested in encryption for my email inboxes. I am not interested in targeted ads or promotions.

So the main aim is to decrease the amount of my data to be circulated between marketing companies.

I wonder if this is a concern for others and how they solved these problems.

phenomlab

@crazycells great topic. PGP has been around for years, and it’s predecessor (if memory serves me correctly) was World Secure. As I’ve said countless times to many people, email is not a secure transport by default, therefore, unless you’ve taken steps to secure (encrypt) the traffic stream, you should not expect any level of privacy.

PGP works well but requires Public Key Encryption in order to work. Using symmetric and asymmetric algorithms plus an array of proxying, there are no known ways of breaking it. However, PGP itself was acquired some time ago by Symantec, so if you want to go the truly open source (FOSS) route, you’ll need OpenPGP.

The huge advantage of PGP is it’s ability to send a message without needing to share any form of keys, so if you’ve never met the recipient, you can still send a message and have it completely secured in transit.

Being the huge privacy advocate that I am, I’m a big supporter of anything like this.

As a final note, Proton Mail is well worth a look, and with a paid subscription, you can incorporate your own domain email.

crazycells

@phenomlab Yes. As you pointed out, I was talking about OpenPGP Additionally, Proton Mail is one of the services I use.

After Robinhood and T-mobile data breaches in the US, unfortunately, my “good” email addresses are out there in the dark web. So, I was researching how I can re-structure my email inboxes, and several months ago I encountered with Simple Login app. It is an open-source project too. Have you heard of them? It is an email relay service with alias either in random or custom domains. And you can create unlimited alias and disable them very easily after they are breached.

I actually bought the premium version 1 month ago and last week Simple Login company is bought by Proton Mail, so I believe this application will be around for a much longer time. It natively supports OpenPGP just like Proton Mail. I have already added my custom domains there for email.

I was thinking maybe I can add these public PGP keys in Simple Login and open the emails with private PGP keys on my computer (I guess with Thunderbird? since it supports OpenPGP natively). So, emails are never read by the email servers.

I wonder your opinion about this strategy. This will require to trust Simple Login servers, but I trust them more than I trust Gmail, Outlook, or GMX Servers

phenomlab

@crazycells said in Using PGP encryption for email:

Have you heard of them?

I haven’t to be honest, but will certainly be taking a look

@crazycells said in Using PGP encryption for email:

I was thinking maybe I can add these public PGP keys in Simple Login and open the emails with private PGP keys on my computer (I guess with Thunderbird?

Yes, I see no reason as to why not.

@crazycells said in Using PGP encryption for email:

I wonder your opinion about this strategy.

Definitely a step in the right direction, and I’m certainly interested in terms of progress.

crazycells

@phenomlab said in Using PGP encryption for email:

Definitely a step in the right direction, and I’m certainly interested in terms of progress.

Until I master PGP encryptions, I am only trying this using my outlook account. I added the Public PGP key to the simple login server and the Private PGP key to the Thunderbird app, and it works great so far.

When I log in to the outlook web version, I cannot see any content of the email but encrypted files at the attachment, but when I open Thunderbird I can see the full email with no problem.

Of course, the ideal situation would be encryption from one end to another; but I am happy with this method too at least none of the emails can be scanned in Gmail or Microsoft servers. I trust the Simple Login server more than I trust Gmail/Outlook…

I will update you about the progress.

phenomlab

@crazycells for webmail, you’d need to install and configure PGP there for that to work. Without it, the messages will be encrypted and unreadable

crazycells

@phenomlab said in Using PGP encryption for email:

@crazycells for webmail, you’d need to install and configure PGP there for that to work. Without it, the messages will be encrypted and unreadable

I think the web version can stay like this. I do not mind this since I can reach emails from Thunderbird on my Desktop.

Do you know how can I reach these encrypted emails from my phone (for Gmail and Outlook accounts)? I know protonmail is natively supporting PGP, so their app should be OK.

phenomlab

@crazycells using Proton Mail is probably going to be the easiest I think. I know extensions exist for browsers in terms of PGP but I don’t think they work on phones.

phenomlab

@crazycells have you seen this ?
https://gnupg.org/

crazycells

@phenomlab said in Using PGP encryption for email:

@crazycells have you seen this ?
https://gnupg.org/

nope, I will check this out. I hope it is not an app that I have to copy-paste the text into it to decryption

Additionally, I have found this PGP-friendly email client for mobile:

https://canarymail.io/

I have not tried it yet though. I will update you after trying…

phenomlab

@crazycells looks really nice. Will check that out

EDIT: Just had a quick look at this application, and it seems to take it upon itself to install the pro trial (see screenshot) which basically means you get used to all of the features then have them redacted if you choose to take the free version. This feels a little bit on the sneaky side to me

I’ve uninstalled based on this. The reviews aren’t that great either - although there are not really enough to base a decision on.

crazycells

@phenomlab thanks for pointing this out. I will look for alternatives.

phenomlab

@crazycells You might want to have a look at Fair Email - it’s one I use because it respects privacy - plus, if you want the pro version, it’s much cheaper.
https://email.faircode.eu/

crazycells

@phenomlab I think this is not available for IOS, I could not find it in App Store.

phenomlab

@crazycells Mmmm - yes, sadly, it is only Android (which I use). There are alternatives, but not sure what they are like
https://www.topbestalternatives.com/fairemail/ios/