Encrypted email won't save you from yourself
One subject that comes up pretty much at every discussion I have about digital independence is email.
There’s a lot to say about email, but I’d like to drill down on the privacy aspect today because I regularly get questions about privacy-focused services like Proton mail or Tuta.
When most people see “private” or “end-to-end encryption” (E2EE) they assume their email will reach their recipient with no one reading it in transit. Which is pretty much already the case. Most providers already use “Transport Layer Security” (TLS) which encrypts the connection between different mail servers.
E2EE is an extra layer of security on top of this and requires both sender and recipient to have the proper setup. This is rare.
TLS protects your emails while they’re moving, but many servers store the email in a readable form once it’s arrived. At this stage, it could be read by people with bad intentions if they got access to the server.
But most security issues with email don’t happen because of bad actors stealing content straight off the server, they happen because of weak passwords or people clicking malicious links in emails. No encryption will save you from that.
So the question is: what’s your risk profile? For most organisations, their email contains customer conversations, sales pitches and whatnot. This is low-risk and fine.
If you’re constantly dealing with sensitive data: medical, legal, defence … you may want to choose a service that does encrypt your emails “at rest” (when stored on the server).
But there are downsides to these services: you often need to use a custom client, the security can be annoying, and they can rarely talk to other systems like CRMs or scheduling software.
So, if you’re worried about privacy, what should you do?
First, make sure everyone on your team has good cyber hygiene: strong passwords, awareness of phishing and social engineering, not clicking on any old link, etc.
Then select a European provider that has a good privacy policy (yes, you should read it) and the functionality you require.
And if Proton or Tuta are the ones that fit your needs, go ahead.
Colin