Time to batten down the hatches against email snoopers, but how?

Existing cures against state spying are, to most people, more daunting than the disease, but help is out there


Once upon a time, private communication was simple: an envelope, hot wax, your own personal signet ring and you were done. And now? Thanks to Edward Snowden we can no longer deny what we've long known: that countless pairs of eyes can potentially read your private emails as they hurtle through cyberspace.

So, what can we do? For Edward Snowden, the future of digital privacy lies in end-to-end encryption so that neither your email company nor your internet service provider – nor the spies intercepting the traffic – know what you’re doing or saying online.

But even the NSA whistleblower concedes digital privacy rests on new encryption technology that is automatic and seamless. It’s a welcome acknowledgement from a talented techie that existing cures against state snooping – set up your own computer server; migrate to the Linux open source operating system – are, to most ordinary people, more daunting than the disease.

However, even without tech skills, simple, practical steps are still possible – starting with email. If you are using a freemail service – Gmail, Yahoo, or another – consider paying for an alternative to the long game Google and others are playing with you and your data.

Loss-leader
Like a supermarket with bread on special offer, 'free' email services are a loss-leader. Their calculation: luring you in the door and binding you to their service will end up to their, not your, advantage.

READ MORE

You aren’t paying in money but in years and years of the most personal of personal data. What happens to this data in years to come lies in the stars. Until then, they have a permanent copy of everything you’ve ever emailed – and everything anyone’s ever emailed you – all sorted, filtered and collated if and when an intelligence service wants it.

You can stick with your freemail service and hope for the best. No one is interested in what you write, are they? Or, rather than wait and find out, you can take back control by switching to a service where you pay with money – and not your privacy. But which service? Mr Snowden's own choice, the encrypted email service Lavabit, eventually felt the US intelligence services breathing down its neck. Rather than hand over user data on its US-based servers, owner Mr Ladar Levison decided to shutter his operation last year.

"This experience has taught me one very important lesson," he wrote in his farewell letter to users. "I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States. "

There are many offerings out there. One interesting proposal is to spend €1 a month for privacy, German-style with mailbox.org, a new service that has just launched under the slogan: “Keeping private private”.

The company operates its own servers, located in Berlin. That means your information is stored in one of Europe's most rigorous data protection regimes – a consequence of learning the hard way, twice in the last century, what happens when personal privacy falls victim to state snooping.

'Rumpelstiltskin promise'
Founder Peer Heinlein is an internet pioneer in Germany whose company offers hosting and consulting services for satisfied customers including Wikimedia, Attac and Doctors Without Borders (Médecins Sans Frontières). For him, mailbox.org is not just a business, but an attempt to patch up privacy holes in email while nudging customers towards better email habits. At the very least, he wants to make people aware of freemail's "Rumpelstiltskin promise".

“Whatever private information you have handed over to Google you can never get back and you don’t know what can be done with this private information in 10 years’ time,” he said. “People are giving up a fundamental freedom – privacy – in exchange for a ‘free’ service. It might yet be a very expensive transaction in the long run.”

Mailbox.org doesn’t try to reinvent the wheel. Instead it bundles existing best practices while gently encouraging users to up their own privacy game.

Mailbox.org’s unique selling point is that it encrypts all incoming emails once they arrive on their servers. Its secure online calendar, text editing and cloud storage services are a further attraction. Older web browsers that don’t support higher internet security standards aren’t supported. The service also offers online privacy tutorials, and an animated video on setting yourself up with email encryption using the PGP (Pretty Good Privacy) standard.

This standard works with two codes: a public and private key. The public key is like an envelope with your address on it, which you distribute to everyone you meet. A person then puts their message in your self-addressed electronic envelope by sealing it – or encrypting it – with your public key. Only your private key – saved on your computer – decrypts the message. Anyone who intercepts the message along the way sees nothing but random characters.

“Back when I started with the internet 20 years ago it was customary to encrypt messages,” said Mr Heinlein. “That slid over the years but Snowden has created a new awareness. We need to take advantage of that before the moment passes.”

Fired up by Mr Heinlein’s convictions, and despite several failed encryption attempts in the past, I decided to give PGP another go. Its nice to see the software is less forbidding than I remember. For Outlook on Windows, there’s GPG4Win. Mac users can download the GPGTools suite to run with Apple Mail. Or try a clean break: sign up to a new email service and try the free, open-source Thunderbird email program and the Enigmail wizard to put you through your PGP paces.

Taking the PGP plunge is still not for the faint-hearted: things go wrong and many online help pages are still preaching to the techie converted. For anyone who needs specialist help, look online for "crypto-parties" in your area. Berlin crypto-party organiser Hauke Laging is confident encryption can, post-Snowden, finally reach critical mass, allowing people to take back their own and others' privacy.

“If you believe you have nothing to hide and don’t want to use encryption,” he said, “you are deciding for everyone else that they can never send you information securely.”

M ailbox.org is launching its English-language service next month. Sign up for notifications on mailbox.org