Encrypting e-mails on Gmail, Hotmail and Yahoo

Encrypting e-mails on Gmail, Hotmail and Yahoo
This CC BY-SA 4.0 image is a modification of this file

It is possible to encrypt your e-mails even if you use a free e-mail provider like Gmail, Hotmail and Yahoo. This can achieved by utilising free and open source tools such as Thunderbird with Enigmail. Follow this quick-start guide to get setup.

Depending on your personal needs, you may get to a point where you would like to avoid having your personal correspondence read, tracked and used for targeted ads by your e-mail service provider. Let’s point out Google’s recent nonsense: Gmail app developers have full email access.

Encrypting email may seem like a difficult task but it really is not. It is quite a simple concept and we will show you how.

PLEASE NOTE: If your intention is 100% privacy, don’t use browser plug-ins to encrypt/decrypt; in fact, do not use a browser at all. Whilst your e-mail may be transmitted encrypted end-to-end, if you decrypt it on someone else’s server, they still have access to your data.

Why not just use ProtonMail?

Encrypted e-mail and messaging app providers are under increasing pressure from governments, and it is only a matter of time before a backdoor is created by the developers. Currently, as far as I am aware, there is nothing wrong with ProtonMail. The signs, however, are just a little concerning so it is assumed smarter to control all of our data ourselves. Read up on what goverments are trying to do.

E-mail encryption: explained simply

  1. Send your PUBLIC key to Bob
  2. Bob sends you his PUBLIC key
  3. Send each other encrypted emails

There is nothing more to it.

How will this work using Gmail, Hotmail or Yahoo account?

If you are about to send that whistle-blowing e-mail, the last thing you want is for anyone else besides your intended recipient to be able to read that e-mail. For this to work on a server that you do not control, there is a minor inconvenience; you have to use POP3 as opposed to IMAP.

Put simply, IMAP is for syncing e-mails across multiple devices. POP, on the other hand, downloads the e-mail to one place and then instructs the server to delete the original. IMAP e-mails are stored on a central server whereas POP e-mails, once downloaded, are stored locally on your hard drive.

Therefore, using IMAP on a free server to send and receive encrypted e-mails is pointless since the decrypted e-mails could potentially be re-synced back to the central server.

Pop Pop Pop

  • Enable POP in your email settings. In Gmail, these are the setting to change:
  • In Hotmail, change these settings to 'Yes':
  • Make sure that your emails are deleted on the server as soon as they are downloaded by your client. Whilst this only seems possible with Gmail, it is not really that important if you are unable to do this automatically.

Testing it

The Gmail example below shows evidence that encryption is effective in masking the message contents from your e-mail provider.

  • Draft the message in Thunderbird and use Enigmail to encrypt. Notice that the padlock icon is not greyed-out.
  • Here is the message received in Gmail
  • The opened message shows nothing, except two attachments
  • The file called 'noname' contains version numbers, whilst the 'encrypted.asc' file shows the PGP encryption string. We can see that the message is unreadable in it's current form, by both humans and machine, because it requires a PRIVATE key to decrypt the contents. And you are the only one with that PRIVATE key.
  • The next screen shows the message retrieved via POP3 in Thunderbird and successfully decrypted.

And there we have it. End-to-end encryption that is solid, under your control and is more than just transport encryption. Governments, their apparatuses, and your favourite e-mail provider will not be able to read your messages. And that is the way it should be.

Test this out by dropping me an encrypted e-mail. Visit the Contact page to obtain my public key.

Tags: Privacy

About | Contact |  Copyright | Privacy