Anyone who actively wants their email communication to be secure and private – and uses common email security plugins – should take notice.
Those security plugins for email apps Apple Mail, Thunderbird, and Outlook may not be secure after all, according to the Electronic Frontier Foundation (EFF) referring to a paper by security researchers at the Münster University of Applied Sciences.
Those plugins include Enigmail for Thunderbird, GPGTools for Apple Mail, and Gpg4win for Microsoft’s Outlook. According to the security researchers, emails encrypted by these plugins, and any other plugins that use the “PGP” or “S/MIME” encryption standards can be easily decrypted.
Google’s Gmail isn’t that much better, as it also uses PGP encryption, according to a Wired report from February 2018.
If you use a plugin with PGP or S/MIME encryption, the EFF suggests you remove them from your email app, and that you use a different service that offers better encryption and security if you want to send highly sensitive information over the internet.
Unfortunately, these apps that offer better security than email are all quick messaging platforms, which means you don’t get all the features and organisation you’ve grown accustomed to with Apple Mail, Outlook, or Thunderbird.
The EFF isn’t suggesting that you permanently switch over to one of these secure messaging apps. In its blog post, the EFF said “These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community.”
Check out some messaging services that offer robust encryption to your messages:
The Electronics Frontier Foundation suggests you use the Signal app.
In its blog post announcing the insecurity of email, the EFF suggests you use an app called Signal that can be used on mobile devices and computers.
Signal uses end-to-end encryption, which means your email message is turned into a garbled, unintelligible coded mess when it leaves your computer, and only the recipient has the key to unlock the code to return the message into its original, plain language form.
For Apple users on both ends, you can use the Messages app.
Like Signal, Apple’s Messages app that exists on iOS and macOS devices uses end-to-end encryption for your messages and attachments. The only problem with using Messages is that its only available on Apple devices, so an Apple user would have to make sure the recipient also uses an Apple device.
WhatsApp also has end-to-end encryption, and, like Signal, it can be used on a variety of devices including Apple, Android, and Microsoft devices. WhatsApp also has a desktop version of its app so it can be used on your computer.
Telegram boasts a robust encryption for your messages that you can also set to self-destruct. It’s also available on pretty much any device, including Apple and Android for mobile, as well as Window and macOS computers.
Business Insider Emails & Alerts
Site highlights each day to your inbox.