Email Self-Defense with PGP Encryption

Many people think of “encryption” as a complicated, mathematical, or highly technical process used only by hackers–but nothing could be further from the truth! The average computer user can learn email encryption in just 30 minutes, and the privacy benefits you gain from this practice are enormous.

The Email Self-Defense Guide by the Free Software Foundation provides a simple and clear tutorial for configuring and implementing email encryption on Mac, Windows, and Linux using your existing email client. This is all you need to get started using email encryption! Go try it!

PGP (discussed here as its open-source brother, GnuPG) is a powerful encryption protocol used by normal people, journalists (e.g. Glenn Greenwald and Laura Poitras) and government agencies worldwide to share information ranging from mundane to top secret. Spend a few minutes to learn this important privacy practice and be happy to know that only you and the recipient will be able to read your encrypted messages.

If you’re new to encryption, read no further. If you’re a more advanced user, here are some technical notes that may be helpful:

  • Don’t confuse PGP with SSL encryption, as they are two different but crucially important concepts: SSL encrypts data in transit, but the message is decrypted as soon as it hits a disk (e.g. your Gmail folder, your computer’s memory, your phone…). By contrast, PGP messages are encrypted at rest and in transit, meaning they will always be encrypted until you specifically decrypt them using your private key and mail client.
  • For best results, use 4096-bit keys. There is absolutely no reason not to, and there will be no speed penalty when used on smartphones or computers with modern hardware. 2048-bit keys should still offer good protection, but 1024-bit keys will not!
  • Naturally, I always recommend free and open source (FOSS) software over proprietary software because FOSS is always more trustworthy: proprietary software is “closed-source” and not open to independent review. Therefore I suggest using the popular open-source email client, Mozilla Thunderbird, instead of iCal or Microsoft Outlook. It’s compatible with Linux, Windows, and Mac. PGP will work just fine on your existing email client, however, if you prefer to keep using it or want to try Thunderbird later.
  • The GPG4WIN compendium has tons of useful information about GPG, too.