A simple solution to more anonymous and private emails

As you may know, emails are sent, received and stored on email servers in plain text. This means that when you send an email, there are as many opportunities for someone to read your mail or cache it for later reading as there are nodes along its path from your email server to your recipient's email server. Thus emails are generally not private or secure communication channels at all.

Here are some tips to make emails more anonymous and private.

1 – Navigate to, or download, install and set up an encrypted proxy solution you trust and is available to you. I suggest using a good anonymity network with encryption such as TOR (http://torproject.org) or JAP ANON (http://anon.inf.tu-dresden.de/index_en.html) or an encrypted proxy such as Proxify.org, Freegate (http://us.dongtaiwang.com/loc/download_eng.php), Gpass (http://gpass1.com/gpass/). This will make you anonymous from the webmail solution provider you choose, and makes it very difficult for any censor or surveillance system to associate your new email address to you.

2 – Choose which free popular webmail solution you would like to use: Google Mail, Yahoo! Mail, Hotmail, etc. If you don't know which to choose, here is a good resource for comparing each provider's services and features: http://en.wikipedia.org/wiki/Comparison_of_webmail_providers

3 - Use the proxy solution of your choice to navigate to and sign up for the webmail solution you have chosen. To better protect your anonymity from the provider, use common English credentials (name, address, country, etc) that do not correspond to you or anyone you know about. If you can, use English language settings, as they are the most used and will not give away more information about your origin. As for you email address or user name itself, I suggest using something simple like your fake credentials first, then last name or some combination of those and if needed the last two digits of the fake date of birth (e.g. firstname.lastname78@hotmail.com). This makes the address seem like you are trying to be anonymous and will hopefully not get the censor's attention. Another approach would be to use the name of a common animal or insect appended with a random number of 2 to 4 digits (e.g. wasp2316@hotmail.com, or elephant7352@gmail.com ). The important thing at this point is not to get anyone's attention with your email address or its credentials and not to give away any more information about you, your whereabouts, or your knowledge.

4 – Get whoever you want to communicate with more anonymously and more privately to follow the same procedure. To do so, I suggest using your old email address to send a screenshot of this page:
(a) Press the PrtScr key on the keyboard, then paste in an image editing program.
(b) Use the text tool to add a message explaining what you are doing and why as well as your NEW email address.
(c) Then save as a bitmap or jpeg with an innocent name like familydinner.jpg.

The body of your email should refer to the picture but say nothing about your true purpose (e.g. “we had a great family dinner at the restaurant – see the picture”). Most censors have yet to install good image recognition capacity and will most likely not dispatch someone to look at each image sent if it seems innocuous.

5 – Use the encrypted proxy solution of your choice every time you connect to your NEW email. This is crucial so that you do not lose the anonymity you gained. To further protect yourself against traffic analysis, it would be wise not to always send replies to emails right after you read them. Save a draft, and send it at another time – this will stop the censor from noticing a clear pattern.

6 – Use jpegs, encrypted attachments, or full message encryption to further increase your communications' privacy from the email provider itself.
Option (a): You can use the screenshot method described above, and add real pictures as backgrounds to your message to make it a little harder for text recognition software.

Option (b): Alternatively, you can use AxCrypt to encrypt a text attachment that contains the body of your email (http://www.axantum.com/AxCrypt/Default.html). Your recipient would then need to know the key/passphrase you used to encrypt it. Therein lies the main weakness of the system – if you simply write the password in an email, if it is intercepted, your communications are no longer secure. Passphrase communication should then be done using another email address from another email provider, or it should be the answer to a question only you and your recipient know and understand.
Option (c): The last and most secure alternative would be to use full end-to-end message encryption based on PGP or GnuPG. One service makes such message encryption very easy and user-friendly for web mail using the Mozilla Firefox browser (http://mozilla.org): freenigma (http://www.freenigma.com). Simply use your fake credentials to request an invitation, wait 2 days for the invitation and follow the instructions. Invite all of those you want to have secure communications with to use the service using its built in invitation system.

REMEMBER: No system is perfect. Make sure your passwords are really passphrases with more than 10 characters and use plenty of punctuation signs, capitalized letters, and numbers. Never use a properly spelled word in its entirety – cut it up with punctuation, numbers or other letters. Do not use simple ciphers such as leet (1337) speak. If you don't think you will remember the password, then use a simpler, but longer one.