DCG
Dave Computer Geek

DCG Blog

Protecting Your Privacy with Swiss Based Email Service Providers

Up till now, Switzerland has been known for their strong privacy laws, but more recently, a new law could put your privacy at risk, unless the proper precautions are taken.

It is now required for Internet Service Providers, who are based in Switzerland and who store customer data in Switzerland, to keep a record of their customer’s activities. For email service providers, this means metadata of emails, and make it available when served with a valid court order from a Swiss Court.

Many people use ProtonMail, an Encrypted Email Provider based in Switzerland. Even though a lot of the data they hold is indeed encrypted in a way which they cannot access, they use Pretty Good Privacy (PGP), a form of Public Key Cryptography that does not protect things like metadata.

If you use a Swiss based provider for your email service, then understand that things like Sender and Recipient Names and Addresses, Dates and Times of emails, and Subject Lines, are NOT ENCRYPTED.

How do you protect your privacy when so much data is left unencrypted on remote servers and accessible by your provider?

Make sure you and your contacts use alias names and email addresses, the dates and times you can’t really do much about, but you could make sure you are as unpredictable with your timing as possible to prevent pattern matches, and for the subject line of your emails, make sure this is vague or misleading, and the real subject can be added to the message body along with real names if required as this is all encrypted.

Example of Regular Encrypted Email – As seen by the provider.

From: Joe Blogs <[email protected]>
To: Jane Doe <[email protected]>
Sent: Tue 1st Sept 2020 12:00 pm
Subject: Plans for Interview with FAMOUS PERSON
Body:-
——- Begin PGP Encrypted Message ——-
ksrnjgksrtjhnkjnsrthnskjrtnh485qhy4u5qh5y9hu5u
——- End PGP Encrypted Message ———

Without showing the unencrypted version of the email, you can already see a lot is revealed. This can be hidden or obscured to improve privacy.

Example of Improved Encrypted Email – As seen by the provider.

From: Captain Jack <[email protected]>
To: Crewman Doe <[email protected]>
Sent: Tue 1st Sept 2020 12:00 pm
Subject: Roleplay Aboard USS Jackson
Body:-
——- Begin PGP Encrypted Message ——-
ksrnjgksrtjhnkjnsrthnskjrtnh485qhy4u5qh5y9hu5u
——- End PGP Encrypted Message ———

This looks way better. Let’s see what the original email would look like.

From: Captain Jack <[email protected]>
To: Crewman Doe <[email protected]>
Sent: Tue 1st Sept 2020 12:00 pm
Subject: Roleplay Aboard USS Jackson
Body:-

Captain Jack is really Joe Blogs
Crewman Doe is really Jane Doe

Subject: Plans for Interview with FAMOUS PERSON

Bla bla bla.

Remember the body of the email is fully encrypted and the attachments are usually encrypted too, so all that should be safe enough, but at least you are making it more difficult for anyone reading the metadata to know what’s really going on.

Before sending a vague email, make sure you and your contact know who each other really are and to expect such an email, but by using a different communication method so it can’t be matched up later by anyone else.

Hopefully this has helped you, and I welcome any feedback you may have. Send me an email [email protected] or use any other method you have me on. Thank you for reading.

Share this page:
Tweet

Posted by Dave Computer Geek on 7 September 2020 at 1:42 am
A DCG PRODUCTION

DISCLAIMER
This website is solely for the purposes of entertainment, and does not have the intent of copyright infringement. If you see your own content and wish it taken down, please get in touch.