Simple Measures for Email Security
Practice secure behavior!These pages include a lot of fancy talk about encryption. Ultimately, however, all this wizbang cryto-alchemy will be totally useless if you have insecure behavior. A few simple practices will go a long way toward securing your communications:
- Logout: make sure that you always logout when using web-mail. This is very important, and very easy to do. This is particular important when using a public computer.
- Avoid public computers: this can be difficult. If you do use a public computer, consider changing your password often or using the virtual keyboard link (if you use riseup.net for your web-mail).
- Use good password practice: you should change your password periodically and use a password which is at least 6 characters and contains a combination of numbers, letters, and symbols. It is better to use a complicated password and write it down then to use a simple password and keep it only in your memory. Studies show that most people use passwords which are easy to guess or to crack, especially if you have some information about the interests of the person. You should never pick a password which is found in the dictionary (the same goes for "love" as well as "10v3" and other common ways of replacing letters with numbers).
- Be a privacy freak: don't tell other people your password. Also, newer operating systems allow you to create multiple logins which keep user settings separate. You should enable this feature, and logout or "lock" the computer when not in use.
Use secure connections!
What are secure connections?When you check your mail from the riseup.net server, you can use an encrypted connection, which adds a high level of security to all traffic between your computer and riseup.net. Secure connections are enabled for web-mail and for IMAP or POP mail clients. This method is useful for protecting your password and login. If you don't use a secure connection, then your login and password are sent over the internet in a 'cleartext' form which can be easily intercepted. It is obvious why you might not want your password made public, but it may also be important to keep your login private in cases where you do not want your real identity tied to a particular email account.
How do I use secure connections?In the web browser, if the location starts with https:// then you have a secure connection. Your web browser should also display a little padlock icon either in the location bar or in the bottom corner of the window.
The limits of secure connectionsThe problem with email is that takes a long and perilous journey. When you send a message, it first travels from your computer to the riseup.net mail server and then is delivered to the recipient's mail server. Finally, the recipient logs on to check their email and the message is delivered to their computer. Using secure connections only protects your data as it travels from your computer to the the riseup.net servers (and vice versa). It does not make your email any more secure as it travels around the internet from mail server to mail server. To do this, see below.
Use secure email providers
What is StartTLS?There are many governments and corporations which are sniffing general traffic on the internet. Even if you use a secure connection to check and send your email, the communication between mail servers is almost always insecure and out in the open. Fortunately, there is a solution! StartTLS is a fancy name for a very important idea: StartTLS allows mail servers to talk to each other in a secure way. If you and your friends use only email providers which use StartTLS, then all the mail traffic among you will be encrypted while in transport. If both sender and recipient also use secure connections while talking to the mail servers, then your communications are likely secure over its entire lifetime. We will repeat that because it is important: to gain any benefit from StartTLS, both sender and recipient must be using StartTLS enabled email providers. For mailing lists, the list provider and each and every list subscriber must use StartTLS.
Which email providers use StartTLS?Currently, these tech collectives are known to use StartTLS:
- universities: berkeley.edu, johnhopkins.edu, hampshire.edu, evergreen.edu, ucsc.edu, reed.edu, oberlin.edu, pdx.edu, usc.edu, bc.edu, uoregon.edu, vassar.edu, temple.edu, ucsf.edu, ucdavis.edu, wisc.edu, rutgers.edu, ucr.edu, umb.edu, simmons.edu.
- organizations: action-mail.org, no-log.org
- companies: speakeasy.net, easystreet.com, runbox.com, hushmail.com, dreamhost.com, frognet.net, frontbridge.com, freenet.de, blarg.net, greennet (gn.apc.org)
What are the advantages of StartTLS?This combination of secure email providers and secure connections has many advantages:
- It is very easy to use! No special software is needed. No special behavior is needed, other than to make sure you are using secure connections.
- It prevents anyone from creating a map of whom you are communicating with and who is communicating with you (so long as both parties use StartTLS).
- It ensures that your communication is pretty well protected.
- It promotes the alternative mail providers which use StartTLS. The goal is to create a healthy ecology of activist providers--which can only happen if people show these providers strong support. Many of these alternative providers also also incorporate many other important security measures such as limited logging and encrypted storage.
What are the limitations of StartTLS?However, there are some notable limitations:
- Your computer is a weak link: your computer can be stolen, hacked into, have keylogging software or hardware installed.
- It is difficult to verify: for a particular message to be secure, both the origin and destination mail providers must use StartTLS (and both the sender and recipient must use encrypted connections). Unfortunately, it is difficult to confirm that all of this happened. For this, you need public key encryption (see below).
Use public-key encryptionIf you wish to keep the contents of your email private, and confirm the identity of people who send you email, you should download and install public-key encryption software. This option is only available if you have your own computer. Public-key encryption uses a combination of a private key and a public key. The private key is known only by you, while the public key is distributed far and wide. To send an encrypted message to someone, you encrypt the message with their public key. Only their private key will be able to decrypt your message and read it.
The universal standard for public-key encryption is Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG). GPG is Free Software, while PGP is a proprietary product (although there are many freeware versions available). Both work interchangeably and are available as convenient add-ons to mail clients for Linux, Mac, and Windows. For information configuring your mail client to use public key encryption, see our mail client tutorial pages. In particular, see the tutorials for Apple Mail and Thunderbird. Otherwise, you should refer the to documentation which comes with your particular mail client. Although it provides the highest level of security, public-key encryption is still an adventure to use. To make your journey less scary, we suggest you keep these things in mind:
- Be in it for the long haul: using public-key encryption takes a commitment to learning a lot of new skills and jargon. The widespread adoption of GPG is a long way off, so it may seem like a lot of work for not much benefit. However, we need early adopters who can help build a critical mass of GPG users.
- Develop GPG buddies: although most your traffic might not be encrypted, if you find someone else who uses GPG try to make a practice of communicating using only GPG with that person.
- Look for advocates: people who use GPG usually love to evangelize about it and help others to use it to. Find someone like this who can answer your questions and help you along.