Secure Email

Email is not private. Even though a service like Google stores your email in an encrypted format, Google has full access to all your messages. In addition, if your email account is managed by your employer or school, they have full access as well. Services that promise secure storage where only you can see your messages can't make that promise for messages that have to leave their system. The level of privacy we used to routinely expect when we put a letter in a sealed envelope is gone when it comes to online communication. We don't take personal privacy as seriously as we should.

Even  if you're not guilty of illegal activity, there are still many ways that your emails can either become public or be used against you.

• You accidentally hit "reply all" when you meant to write to only the original sender.

• You accidentally send an email to the wrong person.

• Your email gets forwarded to others without your knowledge.

• When emails are sent to others, they are routed through many different computers along the way. Any one of them could store a copy for later retrieval.

• Your work email can be viewed by your employer. If you work in a publicly-funded institution as I do you can expect even less privacy. Under various public records acts and the Freedom of Information Act (FOIA), the public can gan access to almost any email you send or receive.

The only way to ensure a high degree of privacy for your email messages is to encrypt them. The technology to securely send and receive email has been around since 1991. It is based on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send. This makes it possible to do end-to-end encryption, which means only the sender and the recipient are able to see the contents of an encrypted message.

The public-key encryption software, in its raw state, requires a lot of technical know-how to implement and is inconvenient to use. Fortunately, tools now exist that make pubic-key encryption very user friendly by managing the keys for easy encryption and decryption. Two that I have used and can recommend are Flowcrypt and Mailvelope.

Flowcrypt

I currently use Flowcrypt, which is a browser extension that works by functioning on top of your Google mail interface, and has excellent integration. It also does not require the user to have previous knowledge about public-key cryptography. Encryption and decryption happen automatically in the browser window, and no part of a decrypted message is shared with Google. It also has a feature that allows anyone to send you an encrypted message, even if they don't use encryption themselves. Flowcrypt also supports password protecting a message to someone who doesn't use encryption. You can also automatically attach your public key to every message, and Flowcrypt handles encryption of attachments with ease.

Mailvelope

Mailvelope is another browser extension like Flowcrypt. It is also easy to use. I used it for a couple years without issue, but prefer the excellent Gmail integration of Flowcrypt.

An important thing to note about Mailvelope and Flowcrypt is that they are both open source. This means their source code is freely available to anyone to inspect. While on the surface this may seem like a weakness, it is actually a strength. If thousands of people investigate a program's code, it is much more likely someone will discover a weakness and report it. Software that is closed source cannot be inspected, so you have to trust the what the company says, and there's no reason to trust them just because they say we should. Open source encryption software is generally more secure than closed source.

Encrypted Email Services

If you want to increase your email privacy, but don't want to set up extensions to use with existing services like Gmail, consider using an email service that encrypts your messages. Examples include ProtonMail, Prevail, and Tuta. In addition to sending regular, unencrypted messages, you can seamlessly send and receive encrypted mail using PGP key pairs. All have free versions, but a paid plan will get you more features.

Private Messaging & Mobile Phones 

Most people think communications done on their mobile devices is secure because it's digital. Nothing could be further form the truth. Digital communications are easy to intercept if they aren't encrypted. Your text messages and cell phone conversations are not encrypted, which means anyone with the right technology can eavesdrop and record them. Your cell phone company may say they don't record your conversations, but you have less reason to trust them because your conversations represent a huge potential source of data for income purposes. Also, there's always the chance their systems could be hacked, making your conversations suddenly available.

Signal is right now the most secure tool for encrypting messages. It uses end-to-end encryption and is open source. You can also exchange unencrypted messages with those who don't use Signal, so it can serve as the default messaging app on your phone. Signal also allows you to have encrypted voice and video conversations with others.