

Ask HN: How do you encrypt your email? - quickpost

In the wake of the PRISM stuff, I&#x27;ve decided to start encrypting all my email traffic.  How do you do this?  I&#x27;d really like to approach doing this in a secure and convenient manner that&#x27;s easy enough for non technical people to get it (e.g. my  parents).  Obviously not every email I send needs to be encrypted, but I&#x27;d like to get in the practice of doing it right to ensure my privacy now and in the future.<p>Thanks!
======
tptacek
You should do what everyone else does and use GPG, on your actual computer,
not some hinky web application someone built.

------
oib
You can't do end to end encryption if the receiver doesn't know how to deal
with encryption stuff.

The second best thing to do is to use a e-mail provider that encrypts your
e-mail using asymmetric key the moment they receive your mail. It protects you
against search warrants but not active eavesdropping of your mail. And if the
receiver's mail provider is being eavesdropped or receives a search warrants
then there is noting you can do.

------
jakebasile
I have started using PGP to encrypt/sign my email. It's relatively easy to set
up and use. I have successfully set up my wife and mother with it for both
email and xmpp, and am working on convincing my dad and brother to do the
same.

Take a look at Enigmail for Thunderbird and Psi for xmpp. Both work quite well
and are reasonable to set up and use.

~~~
simgidacav
You are blessed. So many guys I know stick on the gorram web-interfaces, and I
don't think they mind about privacy.

------
waterphone
GPG is the classic solution to encrypted email, but it has some challenges
that make it less likely to enter common usage. The primary interface is
command line and confusing, though there are a few good GUIs for it, including
GPGTools for OS X. GPGTools also interfaces elegantly with Mail.app.

The bigger challenge is secure key exchange. You either need to exchange your
public keys in person, or use a difficult to manipulate approach to verifying
them, e.g. exchanging keys via unencrypted email and then calling each other
to verify each other's key fingerprint over voice communication to ensure the
keys were not MITMed in transit.

If I could, I'd encrypt everything, just as a matter of principle. Even if it
doesn't technically matter if it gets intercepted, encrypting all your
communications is a good way to regain the privacy the government is saying we
no longer have any right to. In practice, I'm not going to be able to encrypt
everything, because few people are willing to use GPG yet, and that limits my
ability to use it as well. But I'll do so when I can, and encourage others to
use it.

------
digitalengineer
You could try Fastmail by Opera. See
[https://www.fastmail.fm/](https://www.fastmail.fm/)

"We support TLS/SSL with all of our protocols. TLS/SSL is designed to encrypt
all traffic and prevents eavesdropping, tampering, and message forgery on any
communication between your computer and our servers."

[https://www.fastmail.fm/help/overview_security.html](https://www.fastmail.fm/help/overview_security.html)

~~~
waterphone
Note that Fastmail is hosted in Australia, which is a partner nation in
ECHELON.

~~~
runjake
You mean UKUSA. ECHELON has nothing to do with this particular area of
surveillance.

[http://en.wikipedia.org/wiki/Ukusa](http://en.wikipedia.org/wiki/Ukusa)

------
logn
I don't. I accepted the surveillance long ago. I'm sorry this is coming as
news to you.

------
chris_dcosta
BitMessage

