Emails = Letters

Almost anyone with internet access has a personal and a professional email address through which hundreds of emails are exchanged weekly. With the ubiquity of email in the online ecosystem, it is important that we ensure our emails are kept private. One of the most common email providers is Google through their Gmail service. Gmail provides a host of features that are enticing and highly valuable. Between their ability to provide near unlimited storage and additional access to the Google suite of external tools, it’s the go-to email provider for many people. However, with every Google service there is a catch. Google is only able to provide comprehensive products for free because they use and sell the data they collect from you in exchange for that access.

I am under no illusion that deleting your Gmail and starting over with a more secure service is unfeasible. However, I do believe a steady transition from one service to another with little interruption is possible. I’ve found the biggest pushback I receive when discussing email transitions with friends is adding an email address they must check in addition to the numerous addresses they already use personally and for work. To help alleviate that concern, I will discuss how I personally transitioned my primary email address from my Gmail to a secure email provided by Protonmail.

Now, recognizing that your new email address is not yet your primary one, Protonmail includes a feature that sends an email to your current primary email address informing you of new mail in your Protonmail inbox. With this feature, there is no longer a need to check your Protonmail inbox without first being notified that there is new mail. The next step in my move to Protonmail was using my new Protonmail email address for any new website or app sign-ups and, when asked, providing it to my friends and family. Another step I took moving to Protonmail was updating my email for various services already connected to my old email address. In order to prevent myself from getting overwhelmed with that transition, I began changing my email address for services that had reached out to me to update unrelated account or billing information. I found that between periodic updates of old accounts and new signups I moved seamlessly to my Protonmail completely within a few months.

To experience truly private email, both parties should have an encrypted email service. If only the sender or receiver has an encrypted email, the unencrypted party risks exposing themselves and the other party to third-party data mining. That is why I believe it is important to encourage those in our circle of friends and family to give encrypted email a chance. The more email we send between encrypted accounts, the safer we keep our communications.

Collaboration Tools = Team Meetings

What we classify as a team meeting is often narrowed to a work setting. I would argue that team meetings can extend to our personal lives as well. When you hold a family meeting or gather with a group of close friends, you are gathering that “team” to discuss both mundane and important topics. Now, for the purposes of our digital privacy, group discussions are often done in group chats found in messaging apps and on feature-rich services like Discord and Slack. Between Discord and Slack, Discord’s audience is often geared towards gaming and general forum discussions while Slack is often used in a work environment.

Discussions over Discord or Slack are often times dealing with either sensitive personal information or sensitive work information. As I discussed in a previous post, end-to-end encryption (E2EE) is an important tool used in the protection of messages on any service. Neither Slack nor Discord provide E2EE and thus the level of security provided by these services is severely lacking. A secure alternative to Discord and Slack is Element. Element provides E2EE as well as integration with external tools commonly used by Slack and Discord.

Tools:

Email

• Protonmail (Available on Mobile)

Collaboration Tools

• Element (Available on Mobile)

Protonmail: Protonmail is a feature-rich encrypted email service based out of Switzerland. The Protonmail interface is very familiar and easy to navigate. Emails sent from your Protonmail account can be customized to provide various levels of security. You can encrypt any email sent to a non-Protonmail account to protect your message on the receiver's end. You can also customize an email to auto-delete after a period of time. A free Protonmail account has a 500mb storage limit that can be upgraded if need be for a small fee. Protonmail is open source and thus their application's code can be scrutinized and examined and their commitment to consumer privacy can be verified.

Element: Element is a relatively intuitive, free collaboration application. Transitioning from Slack to Element is relatively seamless with Element’s Slack integration which allows you to communicate on Slack through the Element application. Element is built on Matrix. Matrix is an open source secure messaging protocol that uses end-to-end encryption. Additionally, Matrix is decentralized, meaning there is no single point of control over communications and thus secure from third-party censorship. Element also allows those more technically inclined to easily host Element on their own server for added security.

#Privacy #Security #Email #Element #Protonmail #E2EE

Conversations = Texting

The connection between texting and conversation is an obvious 1-to-1: the exchange of words between two or more people. Unlike a face-to-face conversation between people, text messages sent between parties leave a record. This is where End-to-End Encryption (E2EE) is important. E2EE is a secure method of protecting text conversations where only the sender and receiver in a conversation can read what is written. Chances are you're already using a messaging service that has E2EE. Apple’s IMessage and FaceTime are E2EE. Now, the question we must ask is whether we trust the companies hosting the servers through which we communicate. I will say companies like Apple have been rather strident defenders of E2EE and fighting against Government backdoor access to our phones. I believe it is a good idea to become familiar with and begin using alternative messaging apps. In the case of texting, a great alternative is Signal. As I discuss below, Signal offers E2EE and other privacy tools not offered by IMessage.

Group Calls

While the world continues to battle COVID-19 and practice social distancing, video conferencing software has seen an incredible spike in casual usage. The ability to remotely gather large groups of people from across the globe is a truly incredible achievement. These sometimes cathartic digital gatherings can often times be extremely personal, and maybe even intimate. As such we should strive to have these conversations protected as best we can. With the dawn of the COVID era we saw the mass adoption of Zoom as the platform of choice for video conferencing. Zoom’s platform and interface are very user-friendly and the connection is quite clear, but their privacy practices are incredibly poor. Amid countless security flubs over the last few months, I believe the following examples are most pertinent. During the meteoric rise of Zoom in the early days of the lockdowns, Zoom claimed they provided end-to-end encryption when in reality they did not. More recently, when Zoom announced they would provide end-to-end encryption for their service they stated that it would only be available to paying customers. They later back-tracked on that proposition only after immense public outcry. What I believe was the most egregious violation of user privacy by Zoom was the suspension of US based accounts holding vigils over Zoom commemorating the anniversary of the Tiananmen Square Massacre. Given what has happened over the past few months, I have been a staunch advocate for alternatives to Zoom like Jitsi Meet. Jitsi Meet is free, doesn’t require an account to use, and most importantly is end-to-end encrypted.

The tools below will help ensure your text and video communications are protected. I’ve also included a brief guide to getting started on Jitsi Meet in the expanded descriptions.

Tools:

Phone:

• IMessage (Apple Products Only)
• Signal

Computer:

• IMessage (Apple Products Only)
• Signal

Video Conferencing:

• Jitsi Meet (Available on Mobile)

Signal: Besides their reliable encryption, Signal leads through their privacy-first principles. Signal is a non-profit supported through donations and grants and therefore not beholden to certain data gathering and analytics practices. Signal is open source, meaning every line of code can be verified by anyone to ensure the integrity of the application. Signal also released a face-blurring tool to allow in-app modifications to photos. This is particularly useful if you plan on attending a protest and want to protect the identities of other attendees in pictures you've taken.

Jitsi Meet: Jitsi Meet provides free end-to-end encrypted video conferencing. Jitsi is packed with features such as screen sharing, text chat, background blurring, and custom muting. If you are more technologically inclined and prefer to run your own instance, Jitsi’s open source model and active developer community can make that possible.

How to start a Jitsi Meet call:

Jitsi works through creating or joining rooms.

Creating a Room on the Computer: When you log into Jitsi Meet you will see a single text bar in the center of the screen. This is where you will create the name of the room. It is suggested you make a very long and specific name for whatever room you create so that you don’t accidentally join an existing room or make it easy for someone to guess your room name.

Once you’ve created the room, you will be sent directly into the meeting. On this screen you will see customizable options in the bottom right corner.

Adding a Password: It is recommended you add a password to your new room. In the bottom right of your screen you will see a lock icon.

1. Click the icon
2. Click “add password”
3. Press Enter

Creating a Room on the IPhone: When you open the Jitsi Meet app you will see a single text bar in the center of the screen. This is where you will create the name of the room. It is suggested you make a very long and specific name for whatever room you create so that you don’t accidentally join an existing room or make it easy for someone to guess your room name.

Once you’ve created the room, you will be sent directly into the meeting. On this screen you will see customizable options along the bottom of the screen.

Adding a Password: It is recommended you add a password to your new room. In the bottom right of your screen you will see three vertical dots.

1. Tap the three dots
2. Tap “more options”
3. Tap “Add meeting Password”
4. Type in your password
5. Tap “OK”

#Jitsimeet #Signal #Whatsapp #E2EE #IMessage #Zoom