How to Encrypt Emails Protect Yourself from Online Snoops

Is it possible to protect your data from intelligence agencies? Yes, it just takes a little effort to encrypt your emails. After that, sending them is almost as easy as it was before. Here, a step-by-step guide.


For those who don't use encryption, emails are about as private as postcards. Their content can be intercepted and read by third parties, curious employees of the email provider, for instance, or intelligence analysts.

What's more, anyone with the password to a user's email account, be it a hacker or a disgruntled ex, can read emails they find in this account. That's why anyone who values their email privacy should use encryption . It's just that most people don't take the time.

We recommend using the free email client Thunderbird , the free program GnuPG  and the free Thunderbird plugin Enigmail to set up your own encryption. Users who want to go this route, however, must be willing to do two things. First, they have to give up using email providers like Gmail directly from their Internet browsers. And second, they must be willing to spend a bit of time getting the encryption method set up and not be easily put off by some new terminology. Once the encryption system is set up, sending and receiving encrypted emails is easy.

Currently, encrypted emails are so rare that the United States' National Security Agency (NSA) considers them a priority. Anything encrypted is of particular interest to the agency's Fort Meade-based network monitors. While it's unclear how long it takes for the NSA to crack email encryption, if you follow our instructions, it is likely that your emails will remain unreadable without a key for years to come, though no one can fully guarantee this.

A Form of Protest

And, if private email users were to begin encrypting ordinary correspondence, it would be an effective form of protest against any potential invasion of privacy by intelligence agencies like the NSA. The added bonus is relative certainty that anyone who comes across the emails accidentally won't be able to read them.

Encryption makes text unreadable, turning it into a series of nonsensical symbols -- a secret language of sorts. Only the individual to whom an email is addressed can decode it. Of course, both users need a key, whether it is the same one (symmetric encryption) or different (asymmetric encryption).

The most common and easiest-to-install form of email encryption is asymmetric cryptography. It is based on complex mathematical tasks that would take years or even centuries for even large computers to solve.

We suggest an encryption standard called PGP  ("Pretty Good Privacy"), which encrypts email or other content using two keys, a public key and a private key. The public key functions like a padlock that the user makes available to their correspondence partners: When user A wants to send an encrypted email to user B, then he attaches user B's public key to the email before sending. The private key belonging to user B is then the only key that can open this metaphoric padlock through decryption.

This means that the private key must be carefully guarded. If someone gains access to the private key, the user's email becomes about as secure as a house with the keys left on the doorstep.

Playing it Safe

Once two contacts have exchanged their public keys, they can conduct encrypted communication. This exchange can take place directly, by sending an unencrypted email with the key, a service offered by email provider Thunderbird, for example. Or, users can upload their public key to a so-called keyserver, though this means that the person's email address is visible there, and could be used by spammers, for example.

With the aid of a so-called "fingerprint," those who want to play it safe can check whether the key comes from the actual person they want to communicate with. The fingerprint is a unique series of 40 letters and numbers that can be passed on via business cards or on someone's homepage. This way, the receiver can be certain that an email truly comes from the stated sender.

Alternatively, Mac users can encrypt their emails using the software GPGTools , whose website offers a tutorial on getting set up. Both Apple and Linux computers can also use Thunderbird in combination with Enigmail.

Editors' Note: Please note that this article is intended as guidance only. SPIEGEL International assumes no liability in the use of the suggested services. Use these tips at your own risk.

Verwandte Artikel

Die Wiedergabe wurde unterbrochen.