The e-mail service is an open plain text protocol, an insecure mean of transmitting communications over an insecure media (internet). An email is usually sent with the following informations:
- IP address of the sender;
- Full trail of servers involved;
- IP address + e-mail addresses of source and destination;
Often files with very important and confidential information are attached, either normally without any restriction or simply by zipping them into a file with a password. Even the attachment is protected by a password, this is very insecure since the attached file is downloadable offline and therefore can be brute-forced in many cases without any limitation of attempts. Obviously sending encrypted attachments is a better solution, but just from the point of view of content, not on the metadata one.
The provider where the email finally arrives, can read the body and attachments if they are not PGP encrypted. Even if it is encrypted, can still access a certain amount of metadata.
So you can encrypt the message with PGP(GPG) but there are two main drawbacks:
- sender and recipient must have exchanged the keys;
- the header is not encrypted and contains relevant metadata;
Additional important trade off are found in case you use third parties “free” services. For example, if you use gmail:
Google collects all your contacts from web and mobile facility and this is a very big privacy leak. Infact this way it can deduce a relationship-map on all the people in the contact list by looking at who is connected to whom, the most used contacts, additional metada and from all those informations it can also deduce identities, by cross-referencing with other gmail users and matching habits.
In that way agencies, governments and other interested entities can find out 1) who you are, 2) who you are in contact with, 3) how you reach them, 4) how frequently and 5) what habits and interests are involved in such communications; Not bad eh?
From the relationship-map, also, subgroups of contacts can also be created which can be profiled according to their interests, political and social orientations.
If you exchange emails with a circle of people, even if someone has encrypted traffic, your identity can be derived easily by the above mentioned techniques. This can be achieved by analisys based on the contact list of the people you exchange messages overlapping groups of people and matching contact habits.
Whether you use protonmail or tutanota, etc, there are important considerations to be aware of:
If you use protonmail (or similar) to avoid being spied on by google but do not implement a corresponding change of habits, your emails will eventually go to the same contacts and in the same way, essentially replicating the same relationship-map. So it will be easy to determine that it is you. Google can continue to spy on your metadata, collect them, and even, in some cases, have access to the contents of your emails.
The same people have a contact list and have a cross-reference of your new email in their contact lists. Therefore it is easy to determine who you are. Cross references can also be made of the IP address.
For these reasons, the use of protonmail is useful only if you use it with other users of the same service, in encrypted mode and protecting your ip with TOR or a vpn which you trust of.
Email as the worst method of communication. never use it to send important documents and data.