I’m the Keymaster. Are you the Gatekeeper?

It’s time for another of my modern electronic communication security and personal privacy appeals! Catch up on previous episodes here, here, here, or here.

Sometimes I feel like the dude in the clip below (minus the supernatural stuff, natch): I have a lot of keys, and I’m always looking for people to use them with. 1

Maybe you don’t have anything earth-shattering to keep safe, like:

  • state secrets, or
  • insider trading tips, or
  • the proof that the moon landings were faked

Maybe, like me, you just don’t like Big Data™ adding to its growing profile on you when you send email. You can send encrypted email to prevent that, and it’s really not that hard. The biggest prerequisite is that your recipient(s) also have to care enough to allow you to send encrypted mail to them. Without this, you can stop reading right here. Sending encrypted messages to only yourself is the lonely nerd’s endeavor.

Your recipient has to set up a keypair (explicitly or implicitly through an app or sign-up to a key-providing service) for any of this to work.

There are a couple options.

  1. The easy way: use (and get your email contacts to use) ProtonMail.
    Sign up there for free, get a small2 mailbox accompanying your new @protonmail.com and @pm.me email addresses, and write to other ProtonMail users with no chance of anyone but the recipient(s) reading, compiling, analyzing, marketing what you write. They have apps for mobile devices in addition to browser-based webmail UI.

  2. The less easy way: use (and get them to use) some variation of PGP on top of “normal” email.
    You can get most of the benefits of ProtonMail encryption without having to change your address. Some options:
    • Enigmail for Thunderbird Mail (Windows, Mac, Linux)
    • GPGOL plugin for Outlook
    • Most of the default email programs on Linux distributions:
      • KMail
      • Evolution
    • GPGMail plugin for Apple Mail
    • IPGmail app for iOS
    • various GPG-based apps for Android
    • Gmail plugins:
      • FlowCrypt
      • Mailvelope

     

    The metadata (subject, date, time, sender, recipients) has to stay unencrypted and publicly visible in order to route the message properly. 3 There are differing standards and compatibility with those standards for the composition and display of the encrypted, cleartext, formatted, and plaintext versions of your message, so there can be complications. This way is for enthusiasts and anyone paranoid enough to not trust the Swiss consumer privacy laws, to which ProtonMail adheres.

The Free Software Foundation publishes a page on “Email Self-Defense.” They do a much better job of explaining the steps than I do. But you could also just switch to ProtonMail and let them handle all those steps for you automatically.

However you do it4, if you want to send unsnoopable email to us, you’ll need our public keys. These are the public keys we use if you want to write to us securely.

Cliff
cliff at cmail dot xyz public key
cliff1976 at protonmail dot com public key
cliff1976 at pm dot me public key
Sarah
sarah1976 at pm dot me public key
sarah1976 at protonmail dot com public key

By the way, looking for the public key of any ProtonMail user? You can get it from this URL:
https://api.protonmail.ch/pks/lookup?op=get&search=username@protonmail.com

Just put in the correct username in place of “username” in the URL above. PGP-nerds with less-tech-savvy-but-still-concerned friends and family: encourage ProtonMail to them, even if you stick to your existing email address but secure it with GPG. You’ll get the best of both worlds: you are secure in your hackerdom and they barely have to make any change to their habits.

  1. Thinking of you, Snooker. []
  2. But really — 500 MB is big enough for “just email,” if you
    • only give out your address to “real people” as opposed to those who would spam you, and
    • you delete any content you receive but don’t need

    And you can always pay them for more storage if you need it. []

  3. Not so when everyone is using ProtonMail; the mail never leaves ProtonMail’s environment! []
  4. Since a few days ago, ProtonMail now fully supports PGP encryption, even for external recipients! []