Hey friends, 🙂
Last week, we explored flatpak (with bubblewrap / sandboxing), combined with end-to-end encrypted messaging settings (for Tor).
After-which, 📨 email felt like next fitting topic. In our secure, private (if you like), communication series.
Today, in Part I, we setup free 📩 onionmail account (Tor Hidden Service mail).
In Part II I'll be showing you how to set everything up on Thunderbird email client, including new PGP key generation and integration (end-to-end encrypted email).
On any device that can run Thunderbird mail client (phones, laptop, desktop, tablet).
PART II: Whether or not you opt to try an onionmail account, you can follow the Thunderbird mail tutorial to setup existing (or create new) POP3 email addresses.
Thunderbird offers a simple process for signing up for a new email provider, all within Thunderbird mail client.
Thunderbird + Integrated PGP tutorial should be useful for most people (whether you opt to try onionmail, or not).
Thunderbird: allows you to automate end-to-end PGP encryption of emails, for any valid mail provider.I'll walk you through creating a new pair of PGP keys for our email account (all done inside Thunderbird).
📩 PART II PREVIEW: Thunderbird Mail Client Setup (PGP optional)
While we use onionmail example, you can use alternative mail options for Thunderbird tutorial (Thunderbird for all).
As usual, covering secure, privacy friendly (optional) communication options.
This doesn't mean you have to use the following email tutorials: "anonymously".
Not at all. Completely up to you if you wish to share information with others.
Some may wish to use their onionmail account purely for secure communication benefit.
This is what makes Onionmail (federated Tor Hidden service email special). It's more than just a website onion address). More information / screenshots down below.
In fact, the email address in our example is not meant to be anonymous (only by personal choice - will post it coming up, so others can try it).
My point creating here, is simple:
We all have the fundamental right to selectively reveal ourselves to others. Personal communication is, well, personal. Between us, our family, coworkers, clients, friends.
Intended recipients.
I value the power of truly free press, speech, civil liberties, Human Rights.
In the end: no mythical "safety" is generated by way of continually expanding, digital Panopticon.
(main resulting final product: erosion of civil liberties / human autonomy).
'Selective' anonymity being 'key' to protecting all other rights.
If encryption were compromised, don't count on the perpetuity of press freedom / expression.
When sources cannot feel safe, the press cannot report (or even receive) their story.
This is why it's so vital to normalize our right to security, privacy, anonymity (for all).
It's normal to be human. It's normal to want some semblance of privacy.
Especially in an age where surveillance capitalism growth industries never appear to have their fill.
(don't care about privacy? you lock the bathroom door, do you not?)
📧 BEST PRIVATE EMAIL PROVIDERS
We've all seen many renditions of "best private email providers" (list form).
Generally, recommendations in this arena are based on both personal opinion and community trust (many times merited), going off of (valid) track records (based on publicly available information).
The key in relying on said webmail providers is trusting that email provider (server code can change).
What's nice about onionmail: strong privacy, security features. The same level of trust isn't required in our onionmail thunderbird setup (subject / content of messages encrypted by PGP, onion -> onion mail is even more discreet, encrypting metadata).
An onionmail server will never have your IP address (even multiple layers of separation from it). You maintain several network layers separation at all times (and end-to-end encryption automatically between the Tor hidden service client and mail tor client).
📨 WHY ONIONMAIL PROJECT?
Today's tutorial puts a focus on Onionmail project.
(some below images are screenshots from: this breakdown of Onionmail)
Haven't seen much coverage on the usefulness of onionmail. It's worth our exploring.
What's unique about the onionmail project?
It allows users to selfhost (optionally) email servers as a Tor Hidden Service. That means the multiple hops and encryption, end-to-end between tor clients.
But you can also sign up for a completely free email account on one of the existing servers. And that is just what we will be doing today.
For one, additional encryption measures (Tor hidden serv end-to-end between tor clients, storage) and proxying data (T.H.S) wherein other protocols may not even encrypt:
Default RSA Encrypted Storage Of Mailbox On Onionmail Servers:
You can communicate using email as an encrypted (federated onions, end-to-end between Tor clients) Tor hidden service ([email protected]).
Or, even communicate with standard email addresses (note: some servers may be blocked but I was able to receive test mail at tutanota).
Click here to view onionmail project email servers. Choose any one you like.
Screenshot of this below:
Head to this server to sign up on a recommended server.
Sign Up. It's Easy:
SIGN UP LINK (onionmail server)
Benefits of locally stored, Thunderbird POP3 server setup:
No storage limitations (only limited by disk space on your drive as you download mail)
mail downloaded to your client can be deleted from server (generally - +onionmail encrypts mailbox locally)
PGP allows you to maintain end-to-end encrypted email conversations (no message content leak).
✅ SIGN UP COMPLETE
After signing up for onionmail account on one of the servers, should see something like this:
ALTERNATIVE OPTIONS: ENCRYPTED EMAIL PROVIDERS
Some may not be interested in the onionmail account. Understandable as it requires you to configure it through a mail client.
I'll save those people time by recommending an automated encrypted email provider I trust. An email provider offering encryption between email to / from internal accounts on domain, and storage: Tutanota.
They have a long track record of fighting to protect user privacy / security.
I've had a good experience with Tutanota over the last couple years, and highly recommend them as another, easy option.
Out of providers out there, Tutanota is one of the few I trust.
SIMPLE TIP: for those interested in email privacy, look for provider allowing both usage and registration over Tor (not requiring phone number). This is a sign of an honest, privacy respecting server.
Not going to waste your time creating a long, ordered list of my personal favorites... this topic (email) isn't so simple.
📨 SELFHOSTING EMAIL?
Other times we hear suggestions to 'increase privacy' by selfhosting your own email server.
As someone who ran/administrated their own email service / domain for multiple years, for most people, I'd save the effort.
Selfhosting can't compare to a (free) Onionmail account on Thunderbird with PGP (given all ends of email require securing). Even if your end of the mailbox storage is more private. There are two sides to this.
But as a personal hobby, selfhosting can be a great learning project (learn ins / outs of email).
If email privacy was your goal, you won't gain anything comparable to security / privacy on our pop3 onionmail pgp setup. Much more private email solution than selfhosting email (unless selfhosting onionmail).
Regardless if you decide selfhost or not, generally, email protocols (in general) aren't known for privacy (unless selfhosting onionmail server, or an account on something like tutanota).
(most emails protocols, full of metadata)
Onionmail may be something you'd like to try if reaching for pinnacle of email privacy / encryption.
Sign up for an account here if you're going to follow along in Part II (write down your account info or you will lose it!).
We'll talk more about this during the Thunderbird tutorial.
📨 NEXT: Thunderbird Setup (PART II)
🔗 RELATED LINKS
Onionmail Project (donate to onionmail)
Example Onionmail Server (Ridot)
Thunderbird Mail Client (donate)
Tor Project (donate)