Encrypting emails without managing keys
written by Pranav Chakkarwar
published on 08 May 2022
updated on 31 May 2022
Who should use this?
This is not for you if you might be subjected to targeted surveillance. Please continue to use a proven setup that fits your use case. I’m writing this article so that we can explore into new ways to combat automated surveillance. Many people use something like Gmail and connect third-party apps to it. These third-party apps frequently request your permission to scan your emails for a variety of reasons. One app I came across used Gmail scanning to pinpoint and remind you of your flight/train/event tickets, but it would have to scan all of your emails to determine which ones are ticket-related. So, If you use something like that, your only point of trust is their privacy policy.
Speaking of policies, Yahoo’s Privacy Policy states that the company has the right to “analyze and store all communications content, including email content from incoming and outgoing mail, as well as incoming and outgoing messages to messaging apps.” Yes, it’s that bad, they scan your communications themselves, but but but, they don’t use it to steal money using our bank pin. They are trying to earn money by automatically scanning our communications and then influencing us into buying things. Which, in my opinion, is like indirectly taking your money.
My post was downvoted and removed from some Reddit communities, because I was not using recommending something that that protects Edward Snowden and deals with every kind of surveillance.
I am saying this again: This approach is not designed to protect us from the best hackers, but to keep our communications private from all of the automated scanning and targeting around us.
Password protected emails are somewhat useless
Many email providers like, Tutanota, ProtonMail, and others have an option to send password protected end-to-end encrypted emails to people who do not use PGP or some other form of encryption. When you send a password protected email, the recipient receives a notification email that points them to a webpage where they can enter a password and view the original/unencrypted email.
When I first learned about it, I thought, that’s a stupid feature, because the email providers need you to send the encrypted email’s password over another secure channel. So, what’s the point of exchanging a password using something like Signal when I can just use Signal? It appeared to me that email providers were promoting a pointless feature, but later I discovered that many people prefer only email, so they can keep records, or avoid giving their phone number, and so on. Now, we have some use cases for the feature, but no solutions.
We could use something like the session app (which does not require phone numbers) to exchange a password, but then, a recipient will have to use/install a whole new app which brings us back to square one. Anyway, after some thought, I came up with a simple, private and reliable solution.
Making password protected emails useful
Meet Private bin, a zero knowledge paste bin that lets you share text using self-destructing links. The idea is to paste/submit a password to private bin and share the link to your password via email. Once the recipient has the password, you can use it to encrypt all future emails.
You could argue that the link was sent as a regular email, so how can I be certain that the contents of that email were not read by a third party, like an automated bot scanning our emails or Private Bin itself? Your question is genuine, and the answer is very simple. When you create a link with Private Bin, the message is end-to-end encrypted, so even Private Bin cannot read it (a zero knowledge solution). This claim can be verified using Private Bin’s open-source codebase. If you are too paranoid, you might as well self-host Private Bin. Moreover, you can set a link to self-destruct after a single view. So if the link is targeted automatically, the contents are destroyed and can never reach the intended recipient.
Let us take a look at the two possible scenarios:
Possibility one
- You create a one time link and send it over email.
- The link automatically scanned and is self-destructed.
- The real recipient asserts they didn’t get the password because the link is empty.
- You are now aware that your emails are being monitored in some way.
- You can change apps or deal with the issue in your own way.
Possibility two
- You create a one time link and send it over email.
- The link is visited by the real recipient and is self-destructed.
- The real recipient confirms they got the password.
- You are now aware that your emails are not monitored in any way.
- You can now encrypt future emails with your exchanged password.
Many of you pointed out that if the emails are being scanned/surveilled, why can’t the email provider or another similarly privileged user act as your recipient and continue reading and responding to your emails? The answer is given by the distinction between targeted surveillance and automated surveillance. Automated surveillance include threats from authorised third party apps scanning your emails or exposed email data due to lax server security. If your threat model is so high that you can’t trust your email provider or its security, then, I’m not sure why you’re using email at all.
Anyway, this method will protect your communications without requiring you to exchange phone numbers or switch apps. Your messages will remain private, even if your recipient is using a non-private email service. You on the other hand only need to use a private email service that supports “Sending encrypted emails to external recipients.”
Ditch email
I’ve already pointed that it’s ideal to exchange contacts via email and switch to a secure messaging app. If you still need to use email, consider using Private Bin or an app like Delta chat, it uses autocrypt to encrypt emails. If you’re comfortable switching apps, use an app like signal or session that will not only encrypt your messages but also metadata. Use whatever works for you and your recipients, but try to use a more secure communication channel whenever possible.