Context

In 2013, Edward Snowden leaked highly classified information on global surveillance ring that the NSA had been building for more than a decade since the passing of the Patriot Act in 2001 as a reaction to 9/11.

The leaks demonstrate that the NSA and other federal agencies have been routinely violating the people’s right to privacy via the cooperation of US telecommunications companies. They were able to wiretap people’s calls, collect metadata on all sorts of things, and be able to fetch any companies’ databases at will.

This is still true today. Anything you put on US servers can be pulled by 3 letter agencies in a variety of ways, none of them taking very long. The 4th amendment is Not For Sale bill demonstrates the fact that these agencies can literally just buy this data from data brokers without any judicial oversight.

And remember They kill even with just metadata

So why does what I mentioned above matter? Well it’s because email by itself is a hilariously insecure messaging platform. This is because, by default, emails are sent without End-to-End Encryption (E2EE), meaning that they can be snooped on at will by your email domain provider (which in turn will mean the government). Email are also notorious for being the hotbed of fraud and scamming activity as by default, you can’t actually verify the emails you receive (the “from:” section can be spoofed).

EDIT: This article from latacora is a good source on the flaws of email that you should know about. Email has its use case, but encrypting your emails isn’t a fix all, having a PGP key is very useful though!

Email Encryption

I highly recommend reading the article linked with this post. It goes over step by step on how to obtain a personal key for your email and how to send encrypted messages to others. If you’re looking to sign up for an email account from a company not in PRISM then I recommend this article which lists some email services that you can use. I personally use Runbox btw.

Other than encryption, your personal key can be used to digitally sign messages which shows that the email you sent belonged to you and your key. This is especially important when you want to verify the authenticity of something, it’s also a great way to show others that you have a PGP key. I also recommend reading up more on GPG (GNU Privacy Guard) in general as it appears a lot especially when you’re downloading software over the internet.

Helpful Vocabulary

  • “Public Key” is the key you share with others so that they can contact you. Think of it as your phone number.
  • “Private Key” is the one you want to keep to yourself at all times. If this key gets compromised or lost, then you have to get a new one and tell others that your old one can’t be trusted.
  • “Personal Key” is a synonym for private key. It also can reference the private key and your public key together.
  • “IMAP” stands for Internet Message Access Protocol and is how one chooses to receive messages from a remote email server.
  • “POP3” stands for Post Office Protocol 3 which allows you store all your emails locally on a device.
  • “SMTP” stands for Simple Mail Transfer Protocol and is how you send emails to others through your email server.
  • “Keyserver” is a server whose duty is to host people’s public keys. However, the best way to get someone’s public key is to simply ask it from them as sometimes key servers can have spoofed public keys.
  • “GPG” stands for GNU Privacy Guard and is a free software implementation of PGP (Pretty Good Privacy). GPG is a must learn program as it is instrumental to any Linux operating system. Frontends to GPG do exist however.
  • “Thunderbird” is an email client developed by Mozilla. It’s has a lot of a features including a frontend to GPG (it will even let you generate a key for yourself). This is the email client to use on Linux.

Remember! GPG isn’t just for emails, but for any file that you want to encrypt!


Day 3 of libreposting hehehe