The MOST private email service (2021)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

happens all the time criminals hack into email accounts every single one of yahoo's users that's three billion people were impacted email was the internet's original killer app even with new forms of communication like instant messengers or social media becoming popular email remains an essential backbone of internet communications with over 4 billion users worldwide but is it private edward snowden says no email is a fundamentally insecure protocol that can and should be abandoned for the purposes of any meaningful communication the fact is email wasn't designed with privacy or security in mind in its original form email was transferred completely in the open everything was readable by anyone who watched network traffic and there were little to no checks to prevent impersonation but as email's importance grew instead of overhauling the way it works to provide security and privacy various protocols were layered over it to try to address these issues but let's be honest even though email is still inherently insecure most people aren't going to just give up their email address not only do we rely on email for work for communicating with loved ones we also use email addresses to sign up to various websites to reset our password email is a core part of our digital identity you know it's who i am so given that most of us are going to continue using email anyway what are some things that we can do to at least increase our email's privacy well most importantly you can find an email provider that meets the following criteria first they should collect and retain minimum metadata and personal information about you metadata is stuff like email subjects sender and receiver addresses dates you don't want an email provider that is keeping a database of all of this information the rest of the criteria revolves around encryption which you can think of like a digital lock and key the devil is in the details when it comes to how your email service provider safely locks up your email content why don't we take a teensy little look at the contract there's transport layer encryption this means your email is encrypted while it travels over the internet which makes it harder for third parties to intercept and read most email providers worth their salt will provide this then there's zero access encryption this means that your email and attachments are encrypted while stored so that even your email provider can't read them zero access encryption prevents messages in your mailbox from being shared with third parties or leaked in the event of a data breach but encryption and decryption still happens by the email provider themselves and there is a split second in which the message is accessible to the email provider before it's encrypted and finally end-to-end encryption which takes things a step further than zero access encryption instead of just storing emails in an encrypted way encryption and decryption of emails happens entirely on a user's device so that all the information the email provider receives is already encrypted given these criteria how do the most popular email providers stack up well let's start with the free ones the vast majority of users rely on free online email services such as gmail yahoo or outlook gmail alone has billion users making up almost half of the entire email market share gmail outlook and yahoo actually do a good job with transport layer encryption and use tls by default as long as the receiving email address supports it given the large amount of emails that flow through these email providers this was a huge step in securing a large bulk of the world's emails while in transit but there is a reason why these companies are willing to provide email services for free the saying if you're not paying for the product you are the product rings true here web-based email's primary job is to scan your email the content of your emails is visible to the likes of google yahoo and microsoft and they use this data to build profiles of you and target you with advertising google claims that it no longer reads emails for the purposes of advertising but they still actively use your email to learn about you to train their artificial intelligence or to even let third-party developers have access but maybe you like advertising or products tailored to you or think that this scanning just helps protect you just keep in mind that all of this information is siphoned off by various governments around the world and stored in permanent records associated with your identity given that regimes come and go but this data isn't going anywhere i'd think twice about what information i wanted floating out in the world as these products can read your emails they therefore don't have zero access or end-to-end encryption so although convenient and packed with features these services aren't recommended if privacy is a concern instead let's take a look at the two most popular private email providers protonmail and tutor noda and some lesser-known alternatives protonmail is probably the most popular privacy-focused email service it was one of the pioneers of xero access and end-to-end encrypted email it comes with lots of useful features such as dedicated mobile apps encrypted address books and encrypted calendars protonmail makes their money by providing a paid email service with enhanced features but it's also possible to use their provider for free of the private email services protonmail's user experience is probably the best and if you've used gmail or something similar you shouldn't have any problems familiarizing yourself with it they have a nice feature called protonmail bridge that allows you to use whatever existing email client you're familiar with and still enjoy the same protection as protonmail this desktop application runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device so you can use your favorite email apps like microsoft outlook thunderbird or apple mail while still getting end-to-end encryption what's the catch the catch about end-to-end encryption is that all parties must have the same abilities to encrypt and decrypt messages for end-to-end encryption to work protonmail tries to make that super simple if you send proto mail to protonmail or proto mail to an email address that has a published pgp key your email is automatically enter and encrypted if you send protonmail to a different service provider and the user doesn't have an associated pgp key you can assume that your email can be read by third parties and keep in mind that the subject line of your email remains unencrypted regardless while protonmail is immensely better than normal commercial offerings in preventing mass surveillance they do collect and store a lot of metadata the content of your email is safe but what is collected is information like who's communicating with whom when the message was sent message size frequency and unless you opt out ip addresses as well collecting metadata isn't benign as edward snowden once said as an analyst i would prefer to be looking at metadata than looking at content because it's quicker and easier and it doesn't lie protonmail does publish transparency reports about their cooperation with law enforcement in sharing that data the good news is is that they appear by default to resist inquiries handing over things only when strict international law requirements are met but these reports show that there is indeed some data that can be handed over another thing to keep in mind is that most people use protonmail from its web interface meaning via your browser which introduces some risks since it can be hard to verify if end-to-end encryption is happening correctly to make this encryption seamless proto-mail service deliver the code necessary to do this to your browser which then performs the encryption or decryption but what if protonmail wanted to actively attack you and deliver modified code to you how would you know that this is happening indeed a 2018 study on protonmail's privacy highlighted that because of this risk proto-mail cannot claim to not be able to read your emails if it wanted to now to be fair to protonmail this is a risk inherent when using a browser in general it isn't always easy to balance ease of use with security and proto-mail does do a good job freedom of the press foundation has a great article which explains how to beef up protonmail's default settings even more and it's worth checking it out protonmail is almost completely open source with the exception of their backend code which they say is to prevent spammers from knowing how their mitigation works and the trust issues mentioned would require you to be specifically targeted by someone with access to protonmail's infrastructure but if you're a high risk profile like an activist these issues are absolutely worth taking note of tutonota is another popular email provider that prioritizes privacy like protonmail there are free and paid versions and it has a comparable feature set support for encrypted calendars and encrypted contacts tutor noted does fare slightly better in its privacy policy though while it does collect metadata which it destroys after seven days it doesn't log ip addresses by default though strangely if you use tor or a vpn it may log that ip address the official reason it gives is that it considers such information already anonymized and therefore no longer personally identifiable information they also say that in certain situations they do log email addresses after being served a valid court order a benefit that usernota has over protonmail is the subject of the email is also encrypted and tutor notice technology allows you to perform searches within your email even when it's encrypted whereas protonmail only allows you to search the subject and not the content of the emails tutornota does this through a clever trick by having your own computer create a search index which is then stored locally your computer has access to the decrypted emails and the query of the search index happens entirely on your own computer without tutanota's servers seeing any of it tuzanota has mobile apps and a desktop client but it doesn't work with regular mail clients and when accessed through a browser it still has the same trust issues as protonmail in that you have to trust your encryption is happening correctly and that you aren't being served malicious code another drawback is tutonota's lack of support of standard pgp encryption which means that if you want to send encrypted email to users outside choose a nota you will need to share with them a pre-agreed password through another secure channel there are quite a few other niche email options if you're looking for privacy though they tend to be much more bare bones and lack the polish of protonmail or tutonota they're also more oriented towards tech savvy people to name a few posteo and elude.in are good options and if you're lucky enough to snag yourself at invite code rise up and counter mail what these services provide of a protonmail or tutor nota are much less metadata retention and some even have support for tour onion services they still employ zero access encryption so that even they don't have access to your emails but unlike protonmail or tutornota many don't offer integrated and seamless end-to-end encryption and instead rely on users to deal with pgp or plugins like mailvelope to do it for those requiring very high levels of privacy especially those who are targeted and want to minimize metadata leakage smaller privacy niche providers might provide better protection at the cost of a rougher user experience but really want email privacy one option is to get your own private email service the highest level of privacy would require you to host your own email server a server full of secrets ain't no thing but that requires a whole video of its own and even then as mentioned email wasn't designed to be private and that's why there are all these workarounds and hacky solutions so you may want to opt out of email altogether in certain circumstances and instead you secure messaging apps such as signal wire or wicca these apps were designed from the ground up to be private so using them securely is a lot easier at the end of the day you need to understand your own risk profile but regardless of who you are it is a great idea for everyone to at least start exploring providers that don't harvest all the contents of your emails and protonmail and tutornota are good solid choices with different trade-offs making a more conscious choice about the email provider you use is a great step towards reclaiming some privacy in your digital life

Info

Channel: Naomi Brockwell

Views: 216,260

Rating: 4.9227548 out of 5

Keywords: naomi, brockwell, bitcoin, cryptocurrency, Fiat, Bitcoingirl.org, btc, monetary, policy, currency, Bitcoin, Girl, crypto, blockchain, privacy, surveillance, naomi brockwell, nbtv, email, most private email

Id: 0_gGJtKX2Pw

Channel Id: undefined

Length: 12min 48sec (768 seconds)

Published: Mon Jun 21 2021