Do you ever worry that strangers are reading your emails? Wayne Williams explains how to stop the contents of your messages being accessed by anyone other than the intended recipient
Following a recent European Court of Human Rights ruling, the press widely reported that “your boss can now read your personal emails” (bit.ly/bossemails). Although the court later denied this interpretation of its ruling, the decision could still set a precedent for cases of this kind and the panicked public response to the news suggests many of us worry about people intercepting our emails, texts and web chats.
Whether it’s GCHQ and the NSA, Facebook and Google, hackers and other cybercriminals, or nosy bosses and work colleagues, there’s something decidedly unsettling about the idea of other people reading our private messages, no matter how trivial their contents. In this feature, we reveal the most effective ways to prevent this snooping.
Over the following six pages, we explain how you can encrypt your email, disguise your real email address, secure your text messages, ensure that your chats remain private and much more. We also look at who might potentially be reading your messages, and why.
SAFEGUARD YOUR EMAILS
Get more security from Gmail
Although Gmail uses encryption to make sure the messages you store and send are safe from prying eyes (aside from Google’s own!), you may still be compromising your privacy when you converse with anyone whose email service isn’t secure. To combat this, Google has introduced a new feature that warns you when you’re communicating with someone who isn’t using TLS (Total Layer Security) encryption. When you receive a message from, or are about to send a message to, someone whose email service doesn’t support TLS encryption, you’ll see a red open-padlock icon in the message, indicating that its contents could be intercepted. What’s more, if you receive a message that can’t be authenticated, a question mark will appear in place of the sender’s profile photo or avatar. Google stresses that not all such emails are dangerous, but it encourages you “to be extra careful about replying to or clicking on links in messages you’re not sure about”.
See the ‘Making email safer for you’ post in the Gmail blog (gmailblog.blogspot.co.uk) for more information.
Encrypt your email using PGP
Gpg4win (www.gpg4win.org) is a free Windows tool that uses the OpenPGP (Pretty Good Privacy) cryptography standard to prevent anyone apart from the intended recipient from reading an email. It works by creating two digital keys, one private and the other public. The private key stays with you but the public one you share freely — you can attach it to an email, post it online or pass it on in a more secure way. The person you’re communicating with encrypts their message using your public key and then you decrypt it using your private key.
Encrypt communication using Tails
Tails (tails.boum.org), otherwise known as The Amnesiac Incognito Live System, is a live Linux operating system that you can boot into on any PC. Once it’s up and running, you can use it to encrypt files, emails and instant-messaging chats. It’s easy to set up and there are full instructions on the website. The software was recently updated.
Send messages as encrypted attachments
One of the easiest ways to keep what you have to say secure is to write the message in a document, then encrypt this file and attach it to an innocuous email. There are quite a few free tools that can do this, including archiving programs such as 7-Zip (www.7-zip.org). One of the best new options is VeraCrypt (veracrypt.codeplex.com) which is available for Windows, OS X and Linux and makes it surprisingly easy to encrypt your files. The program is an off-shoot of the popular but discontinued tool TrueCrypt.
Encrypt your personal webmail messages
Although PGP (Pretty Good Privacy) is the most popular option for encrypting emails, it can be difficult to set up and use. Fortunately, there’s a handy open-source tool called Mailvelope (www.mailvelope.com) that simplifies the process and integrates seamlessly with popular webmail services including Gmail, Outlook.com and Yahoo Mail (you can configure it to work with almost any others). It is available as an extension for Chrome and Firefox, and you configure and use it directly through the webmail interface, which makes it very convenient. The person you exchange emails with will also need to have Mailvelope installed.
Encrypt your webmail using Mailvelope
1 Install the Mailvelope extension in Firefox or Chrome, then open it by clicking the button in your browser. To share secure messages, you will need public and private keys. Click Options and, under Setup, click Generate Key. Enter your name, email address and a password.
2 Click Display Keys to view your key. You’ll need to share the public one with anyone you want to share secure messages with. Hover your mouse pointer over the key and click the ‘i’ icon. In the Key Details box, click the Export tab and select Public. Click Save.
3 When someone sends you their public key, click Import Keys to add it. To send a secure message, go to your webmail service. Click the icon in the new message window and a secure compose window will open. Write your message and click Encrypt. Select the person to share with, then click Transfer.
Stop Google scanning your Gmail messages
Annoyingly, you can’t prevent the search giant from scanning your messages, but you can change how it uses this information. First, it’s important to understand what Google does. Software (not people) scans your messages, looking for keywords that can be used to tailor the advertising Google shows you. It also helps Google better identify spam messages, so this snooping actually has a beneficial side.
You can change which ads are delivered to you as a result of the messages you send and receive (as well as other actions you take while logged into your Google account). To do this, go to Google’s ad management page at bit.ly/googleads391 and toggle ‘Ads based on your interests’ to off. You can also control adverts shown on other sites by clicking the ‘Control Signed Out Ads’ button and toggling off the settings for ads based on your interests.
Note that although you can hide and block adverts in Gmail, the scanning will continue in the background regardless of your choice. Such is the trade-off for using Google’s free, full-featured webmail service.
Use a temporary email address
If you don’t want messages to be delivered to your regular email account, you can use a temporary email address from Mailinator (www.mailinator.com) to prevent nosy parkers from reading messages that are none of their business. Hundreds of different domains point to Mailinator, and the free service allows you to use any of them. You can also create your own prefix so the fake address doesn’t look suspicious. You can check incoming messages on the site, and emails are deleted automatically after a few hours as a further security measure.
Disguise your email address in Outlook.com
Microsoft’s webmail service offers a handy feature called email aliases, which lets you create unique addresses that are linked to your main account. You’ll receive messages in your inbox as normal, but the people you’re communicating with won’t know your real address, and you’ll be protected from spammers, phishers and hackers who harvest email addresses. You can delete the alias at any time, without ever compromising your true identity.
To set up an alias, log into Outlook.com and click the cog icon in the top-right corner. Click Options, then create and manage your aliases under ‘Managing your account’.
PROTECT YOUR TEXT MESSAGES
Send self-destructing messages
Kaboom (www.kaboomit.com) lets you send messages and photos that vanish after a set period of time. It’s available for iOS and Android, and you can choose how long messages remain visible (starting at just one second) or how many times they can be viewed before they disappear. You don’t need to set up an account, and it works with any service, including SMS, email and WhatsApp. Best of all, the recipient doesn’t need to install Kaboom because messages are displayed via a secure web address.
Send self-destructing messages using Kaboom
1 When you launch the app, it will open with the camera view and you can take a photo to share by clicking the button. You can toggle the flash on or off, and switch cameras. You can also select an image from your Camera Roll, or compose a text message.
2 If sending a text, type your message, then click the stopwatch button to choose how long (or for how many views) the message should stay visible. Next, click Send and choose how to send the secret text – you can choose from Facebook, Messenger, Messages, Email or Copy.
3 Your message (or photo) will be added as a secure link. The recipient will need to click this to open it. You can also add Kaboom as a keyboard, so you can use the service in any platform. Click the hamburger menu at the top left and select Keyboard. Click the Add Keyboard button and follow the instructions.
Use iMessage for secure texts
Apple has famously annoyed governments with its iMessage encryption, because it’s very hard to crack. While regular text messages are still easy to intercept and read, iMessages sent between Apple devices, including iPhones, iPads and Macs through OS X, are secured automatically using super-strength encryption. If you and your friends use iMessage to communicate, you should be relatively secure.
Encrypt your text messages
Android users don’t have the same level of protection that iOS users do, but you can protect your text messages using the free Signal Private Messenger app from Open Whisper Systems (bit.ly/signal391). This uses an advanced end-to-end encryption protocol that provides privacy for every message you send and receive (provided the other person has the app installed, too). Signal Private Messenger uses your existing phone number and address book, and you can create groups of friends and talk to several people privately at the same time. It also saves you money on SMS charges.
Turn off pop-up notifications
When you receive an email or a message on your phone, the screen lights up (perhaps accompanied by a sound to alert you) and displays a notification showing who it’s from, along with a preview snippet of the content. Although this saves you having to pick up your phone to see who’s bothering you, it also means anyone else who is near the device can read at least some of the message’. If you’re worried about this happening, you can turn off these alerts in iOS by going to Settings and switching off notifications for messages and mail. In Android, either go to Settings, Display and untick ‘Lock screen notifications’; or go to Settings, ‘Sound & notification and, under ‘When device is locked’, select ‘Don’t show notifications at all’.
Use Knox messaging on Samsung
If you have a Samsung device, such as a Galaxy S6 phone or Note 10.1 tablet, you’ll be able to use the Knox messaging platform. This uses a cryptography chip on your phone or tablet to secure your emails, messages and phone calls. To benefit from the security it offers, however, you need to be communicating with another Samsung owner who uses Knox.
If you don’t have My Knox installed (it should appear in your apps tray), you can get it through the Galaxy Apps store on your phone. You can see a list of supported devices at bit.ly/knox391.
KEEP ONLINE CHATS PRIVATE
Chat privately using Cryptocat
Cryptocat (crypto.cat) is an instantmessaging platform that lets you engage in private chats with one or more friends. Just add it to your web browser, launch it and enter a nickname for yourself and the name of a conversation to start or join. You can send private files and photos to friends and, if you connect it to Facebook Messenger, it will show you which (if any) of your connections has Cryptocat, so you can start an encrypted chat.
Use Line’s Letter Sealing
Line (linecorp.com) is a global messaging service for Windows, Mac OS X, iOS, Android and Windows Phone that lets you send messages and engage in free voice and video chats. Late last year, the service added a new security feature called Letter Sealing, which uses end-to-end encryption to protect messages from any unauthorised access during delivery. Other security features in the Line service include Hidden Chat, timelimited messaging and a four-digit security pin Passcode Lock.
Send encrypted messages using Bitmessage
Bitmessage (bitmessage.org) provides a quick and easy way of sending encrypted messages to individuals or groups. It’s available for Windows and OS X and doesn’t require installation – just download and run it. The program hasn’t been updated since October 2014 but it runs perfectly well (including on Windows 10) and the website provides plenty of information to help you get the program set up.
Encrypt mobile chats using Wickr
Wickr (www.mywickr.com) is a wonderful messaging platform for iOS, Android, Windows, Mac OS X and Linux. It secures communications using military-grade encryption (the person you’re chatting with will need to have Wickr installed, too) and removes all trackable metadata. You can set Wickr to erase messages, documents, images and videos securely after a predetermined time (five days by default). Wickr is currently free, although there are plans to introduce in-app purchases in the future.
Chat with friends in Tor Messenger Beta
Tor Messenger (bit.ly/tor391) is a secure chat tool based on Mozilla’s Instabird, and you can use it with various networks such as Jabber (XMPP), Google Talk, Facebook Chat, Twitter, Yahoo, and IRC. Your conversations are both encrypted and anonymous (Tor routes them through a network of volunteer computers around the world). It’s available for Windows, Mac OS X and Linux, but because it’s quite an early beta, you might find it a little buggy on occasion. Also, some services may block your connections because they’re routed from around the world, which looks suspicious!
Save and encrypt your chats
Shryne (www.shryne.com) is an iOS app that lets you download your “digital history”, including text messages, iMessage chats, Hangouts, Facebook Messenger conversations and more. Once you’ve downloaded your conversations, you can encrypt them to keep them safe from prying eyes. The free version limits you to 10 archives and 250MB of space but there’s a paid Premium version available for £14.99 a year that offers unlimited archives and 20GB of space.
Don’t give apps permission to access your messages
Some mobile apps on Android (and occasionally iOS) ask for permission to access your messages. That’s fair enough if it’s a messaging app or email client, but if there’s no obvious reason why it should need access – if it’s a game, for example – then decline it. Blocking permissions can stop some apps working entirely as intended, but that’s a small price to pay for privacy.
Turn chats to Cyber Dust
Available for iOS, Android and Windows Phone, Cyber Dust (www.cyberdust.com) is a secure messaging platform that lets you send and receive text messages, stickers, links, photos and videos. Messages are encrypted end-to-end and disappear as soon as they have been opened and read (as with Snapchat). It also blocks screenshots from being taken. The company claims the messages never touch its servers, so they can’t be recovered once deleted.
Encrypt Messenger chats with Crypter (maybe)
Crypter (crypter.co.uk) is a third-party plug-in for Chrome and Firefox that was designed to secure chats on Facebook Messenger. Facebook has taken a dim view of its existence, however, and shortly before we went to press the company took action to stop it working. The creators are looking for a way around this block and the plugins are still available to download. An update will be pushed out automatically if the developers find a solution.
WHO’S READING YOUR MESSAGES AND WHY?
The government
If passed, the British government’s Investigatory Powers Bill (aka the Snooper’s Charter) will give the UK security services permission to spy on anyone’s communications and internet usage. The government says this will allow them to better protect people from the bad guys, but it will also give them the right to spy on anyone, including you. Not that the spies don’t already snoop on email, of course. Among whistleblower Edward Snowden’s revelations was the news that GCHQ unlawfully accessed millions of private communications prior to December 2014, so who can say what the government already knows about you?
Google
As we’ve already mentioned, Google and other companies scan your messages to learn about your interests in order to target you with relevant advertising. There’s a saying that ‘if you’re not paying for a product, you are the product’, and free services such as Gmail are a shining example of what that means.
Suspicious partners and family members
It’s not just external snoopers you have to worry about: people closer to you might be interested in what you have to say, especially if they’re the subject of your messages. You can stop them reading your private messages by setting up separate user accounts for everyone who uses your PC or tablet, although that may only arouse more suspicion.
Your boss
The company you work for is likely to have an interest in what you say using your company email address (or even on your own webmail during company time). You may be utterly professional, but not everyone is and some employees foolishly apply for new jobs using their work email, or disparage their employer or colleagues through non-private forms of electronic communication. If you don’t want your boss to know what you’re saying, wait until you get home (or use your phone) to send personal messages.