YTread Logo
YTread Logo

Most Secure Web Email Provider + Review of Web-mail Security (2016)

Most Secure Web Email Provider + Review of Web-mail Security (2016)
welcome to desk geek today I'm going to go down the rabbit hole of

security

for

e

mail

now this is going to certainly be one of those videos that is open to scrutiny and to a lot of people who have very strong feelings about

security

and what is the

most

secure

way to encrypt and protect yourself and all of the vast amount of options that are available in order to do so but what I am focusing on in this video is encryption for web

mail

so are there more

secure

options than a web

mail

interface
most secure web email provider review of web mail security 2016
yes there are third-party plugins there are options to host your own server there are all kinds of ways you can

secure

your

e

mail

but I am looking specifically to do a video for everyday users who are not interested in going through the steps of setting up their own server or have the knowledge to do so and something that you can set up easily just as easy as you can get a new g

mail

or yahoo accounts something you could train your grandmother to do and will provide you with a additional layer of

security

and it's important to note that no matter what service you use even if you're hosting your own server even if you're using the greatest third-party plug-in ever invented it still has

security

loopholes there are still ways to compromise the data there is no perfect

security

if there was then this video would be very short I would announce it and we would be done so what I wanted to do is talk about the

most

secure

online

e

mail

or web

mail

platform so web

mail

like G

mail

Yahoo
Outlook etc so what this video doesn't cover all those other options in detail but at least discusses the premise of the

security

and gets it open for everyday users in the public and even those who are experienced to start having those discussions about

security

because it's becoming a big issue right now so my qualifications for this were number one had to be a web

mail

service and it had to have mobile app support number two it had to have encryption multistage password protection a
policy against turning over user

secure

data user-friendly cost structure so they cost a ton of money strong spam filtering and the

security

is updated regularly and the platform is under constant scrutiny therefore being something that's open source it had to have limited user information collected so IP metadata that type of thing had to be limited or non-existent so there are many companies that are coming forth right now claiming to have strong

security

for their

e

mail

platform

most

of
us were supporters of services like lavabit but we know that lavabit eventually had to collapse and they did so standing strong by not complying with the orders from the government to turn over the encryption data so I think it's very important to give praise where it's due for these companies who are fighting this battle as Apple and all these others have found out that these exploitations can be leveraged and there is no perfect

security

but at least they're getting in there and
they're trying to provide something that

secure

s your data so I want to talk first about the

most

popular

e

mail

services out there like G

mail

outlook and Yahoo G

mail

I would think is probably the biggest

e

mail

service certainly if they're not the biggest they're right next to the biggest I don't know who would be bigger than G

mail

may be outlook if you counted all of the enterprise level implementations but G

mail

certainly what

most

people have gone to and use and it has a vast
amount of users for what G

mail

offers the simplicity what they provided to the market giving that free platform with that little counter if we all remember when G

mail

was launching and you had to get an invitation and you had this counter that kept going up and up and up showing you all the storage option it's really been kind of a go to

e

mail

source now G

mail

has some level of encryption and they've worked over the years to improve that so they do have encryption notification support
now so when an

e

mail

is sent to you there's a little icon on the right-hand corner that shows a little block and if that's unlocked then the

e

mail

was sent to you unencrypted if it's locked and it was sent as an encrypted message so at least they have that support there but I think it's vastly ignored by

most

users and their encryption generally utilizes some type of TLS TLS being a system that kind of helps ensure that messages aren't tampered with in between the receiver
the server and the recipient the sender server and recipient so the fact that Google is kind of pushing some of these encryption options into their

e

mail

server is good in it and it opens it up for users who are paying attention to that lock to complain with companies that aren't sending their messages encrypted etc they also use HTTPS so a

secure

version of HTTP along their server so that's good when you're logging in and that's a standard now and they really change the game
with that because a lot of people thought HTTPS was going to be too slow but Google a while ago went and found a way to get the performance where it needed to be and use that as a standard but I still see banks and other companies sending

e

mail

s that are completely unencrypted which just blows my mind meaning the little red padlock in the right-hand corner is open so why does all of this matter well encryption works only well if there's end-to-end encryption so if there is any break in
most secure web email provider review of web mail security 2016
between the sender who may encrypt their messages just fine and the server which may not have encryption in Google's case it does have a level of encryption and then the receiver the receiver getting the

e

mail

if they don't have any level of encryption well then it's open for anybody to grab so why plug Google they have some good standards in there it's very very basic level of encryption and protection there's certainly more that can be done there I will applaud Google for
the fact that there at least in the fight they are certainly helping with regulations in the government to try to stop some of the massive data grabs and allow other companies to implement encryptions without having to have some backdoor key so Google's fighting that fight at the same time they're also subject to the laws here and have turned over been forced to turn over user data which means within Google server that other area once you send that message you can send it

secure

Google
has an encryption key that can be provided to a government or somebody else in which they can decrypt your message and still be able to get to it and because they store those keys your data is now open to be grabbed so for tally on Google G

mail

it's got HTTPS it has middleman encryption meaning that's what I'm calling it encryption on their server although it can be superseded they have encryption notification which is good getting a wide audience kind of used to seeing that and
understanding what it is they do have two step authentication in the use TLS their weakness is government regulations can supersede the keys for the encryption can be acquired and there's not necessarily an end-to-end encryption requirement so therefore the information going to the users etc there's no expiration of messages outside of doing third-party plugins and things so that you can keep your messages

secure

even if you're sending to a non

secure

source and Google course has
lots of ads and metadata grabbing that they're going on so you have to deal with that as well so next quickly I'll talk about Yahoo so Yahoo at least has joined Google and trying to push for end-to-end encryption encryption and offer some plug-in support for their model but they lack a real solid multi step authentication it's there but it's nowhere near as standardized as I would say g

mail

is meaning it doesn't require me to utilize the multi-step authentication as often as
Google does nor do I feel it's anywhere near as

secure

there are also limited spam and advertisement protection here Yahoo seems to be one of the worst in throwing ads everywhere in your face and spamming and grab spam is just out of control and Yahoo

Mail

and in my experience with it and so there's just a lot there open

security

loopholes that I think can be compromised they also have provided the government with their encryption keys under order in certain cases or have been reported
to let me say to protect myself so there they have HTTPS which is great their support pages are very poor that although they do exist talking about their SSL support is really all I could find what they're certainly not really educating or working to educate the user base in any way that I was able to easily find on

security

and what their

security

protocols and standards are so they they definitely fall behind Google in that arena the worst though while Google has the

most

information out
of the three yahoo had some was out look I'm talking about outlooks web

mail

I do know they support HTTPS but they've been really largely silent from what I could find on any discussion about their encryption or the

security

interfaces that they use now if you talk about Outlook on an enterprise setting there's lots of options there for encryption plugins and options within the tool itself to enable encryption etc but if you're talking about their web

mail

platform I could find
nothing on there talking about what they try to do to protect your information so I thought out of all of them surprisingly they probably failed the

most

their spam protections pretty good and their interface I think is gorgeous they've done a lot of work there but I think they certainly could do more in educating users on their web

mail

platform on the

security

that they're implementing and using so now we've covered those big three I want to quickly talk about my findings in
searching for a good web

mail

secure

app so there are services out there like hush

mail

which offer end to end encryption but they're costly so they they charge for their services and if I remember correctly was about fifty dollars or something to sign up for that so I think that takes

most

people who are used to web

mail

I know free isn't really free and we all need to to kind of change our mindset on that but because it has that upfront cost and the features that it uses which is the
most secure web email provider review of web mail security 2016
kind of encryption end to end with passphrase and things every instance that I'm sending an encrypted

e

mail

the other party has to have that phrase in order to open it which is great but there's not that many people that I communicate via

e

mail

where I'm going to be handing out pass phrases for them to open my

e

mail

business partners and that type of thing yes but otherwise probably not so I'm not sure I would be willing to spend that kind of money I'd probably just set up my
own server to do that at that point so enough of filling our brains with all this information on the different

provider

s out there let's talk about the winner if you will or the one that I selected as the best or

most

secure

platform out there and you've seen it you've been staring at it the whole time it's proton

mail

so first their servers are located in switzerland which means it's far more protected against government orders of seizures of data Switzerland is known for
having some of the strictest privacy laws and is a really good choice for hosting a service now since the attacks in Paris and things there are some concerns that Switzerland may fall under some broader laws that are trying to be passed but there's no indication one way or another that it will impact services like proton

mail

so for the moment it's the best option I think for storing data on servers out there because Switzerland's just known for having very very strict laws
there's end-to-end encryption proton can't get your

e

mail

s and they have no keys which to do so so this is a multi step sign-in process when you sign up for this so very easy to sign up just like you would do for G

mail

but when it's going to ask you for two passwords the first one is to get into their service to log into their service in the second password is a hash or a passkey that'll look decrypts all the messages in your

e

mail

box and they don't have access to that
passkey so they cannot give it back to you they cannot restore it they don't know what it is that's yours and yours alone so that's a really good

security

measure there there's no logging of IP addresses it's a hundred percent free so you don't have any upfront costs to go in there and play with it there's no thirty third-party plugins that are required or needed to start the design the interface and their

e

mail

is absolutely gorgeous there's ample spam protection
they use HTTP their encryption standard AES RSSI and open PGP some of those that I've listed are a little less

secure

than others but they're they use a combination of those three which i think is a pretty powerful they are also open source so they've taken their code and made it open source which is really important what that means is the open source community has an ability to then go and scrutinize and find

security

holes and then they can react to that and we know how much the
open source community has really change

security

around the world and helped to drive this message and the changes that we've needed in

security

so it's a very important step that they've taken there are note ads no metadata grabbing which really puts it on a league in its own when it comes to web

mail

and they also have the expiration ability meaning you can expire your messages so proton

mail

was a crowdfunded project from some very smart people who were able to get these servers set
up and apply some

security

standards from their previous knowledge of

security

and web and you can go through all their hist about the company and everything on your own but it's actually a very interesting story and I think that they've come a long way now if you are Edward Edward Snowden or somebody who is you know being tracked by the government or the government really wants your information this isn't going to be the perfect solution for you this is just meant to add additional
layers of protection for everyday users it's it provides a good level of protection it is the least spammy information grabbing storing service out that I could find with that said there are always loopholes in any

security

algorithm and if you search hard enough you'll find that there are some out there for proton males that means somebody can easily go and take that

security

loophole and find your information and grab it and steal your passwords no it would be very very difficult and
somebody's going to have to really really want your information and it's going to be sophisticated hack in order to do so but it's not impossible it just would be really really difficult so I think this is the best service for web

mail

to get people thinking about more

security

to move people away from this metadata grabbing they offer donation options as well as you can sign up for additional storage space and that's how they make their money so I highly recommend you support
them because they're not inundating or stealing your data are looking at what you're

e

mail

ing and all of that stuff like so many of the other services do so let's take a look real quick at the inbox and proton

mail

so here you have it's very clean beautiful set up here you have your inbox drafts sent starred archive spam trash you have labels just like G

mail

has when you compose an

e

mail

you can see dasky get proton

mail

calm you can send you know who you want to the subjects so
very very familiar interface there's nothing in here that should be really confusing down here where you have your additional options this where I can set an expiration time so the

e

mail

automatically deletes itself after a certain amount of time so they can't read it anymore that's a really really powerful option right there for

security

and I love that and next is your encryption option so when you choose this you're going to set up a message password and then you can set up a
hint if you want and that person has to have that password in order to open that

mail

and this is what it looks like so what they it's not going to interface their G

mail

to capture that password it's going to send them the

e

mail

it's going to say it's encrypted they have to click the link when they click the link it's going to send them through the proton

mail

servers they're going to type in that password that you've provided to them probably in a conversation over
the phone or somewhere else and you click decrypt and once that happens you can see that you've got this test

e

mail

here and it tells you automatically when you encrypt that the message will expire within 30 days so they don't have to have a proton

mail

account to use that as an option for them to sign up so that's it that's the

most

secure

web

mail

service I could find I would be very interested in any alternative options that you've discovered specifically that fit the
qualifications of this video here we will look at doing other videos for setting up your own server and open PGP and doing some different things that you can

secure

make even more

secure

e

mail

server but for your average user I think this is the best option it also has Android and iOS app support so all the features you love with the service like G

mail

are readily available for proton

mail

and even with the iOS it uses the fingerprint scan to help get you into the initial proton server so it
definitely has a lot of the ease of use that you've come to know from Yahoo G

mail

or other services so again this video is not meant to be the tell you the

most

secure

option that will keep you safe from every kind of government entity or anything else it is the

most

secure

option that I could find for web

mail

service to fit those qualifications so look forward to the discussion hope you get out there and sign up for proton

mail

consider giving them a donation or signing up for some of their
upgraded services because they are doing a really good thing here I absolutely love it and think their service is gorgeous so until next time I will talk to you guys later