How much do you access your email from mobile compared to desktop?
And also, how much are you concerned about your email privacy when using email on mobile devices?
It probably won’t come as a big surprise if I tell you that people are using their mobile devices more than they do their desktop ones. In China, a country with more than 800 million Internet users in total, 98 percent are accessing the Internet via their mobile devices. In India, out of 500+ million Internet users, 80% use mobile devices to go online.
Email, of course, is one thing that people check the most.
3 out of 5 users will check their email inbox on their mobile instead of desktop. Also,close to two-thirds of email opens happen on mobile (versus 28.3% on webmail clients and 9.8% on desktop), according to Email Monday.
This, however, raises an important question.
How private is the email you send from your mobile device?
Well, if you’re using Gmail or similar popular email services, the answer is, not very. For a real anonymous email account, you’ll need a dedicated privacy email service.
And email services like Gmail, Microsoft Outlook or Yahoo Mail are not it.
That’s regardless of whether you are sending your emails from desktop or mobile.
Why Do You Need An Anonymous Email App In Your Life?
In fact, because people tend to use mobile from a public place, like a cafe, there are more risks in opening emails on mobile than on desktop.
Public WiFi is well documented as being not very safe for many reasons, including:
With a WiFi sniffer, a hacker can detect unsecured networks and monitor and record their traffic for useful information.
- Man-in-the-middle attacks
By taking over a public network, hackers can use a connection to your device and redirect your communication to a fake website. For example, this might be a fake bank website where they trick you into giving your login credentials.
- Fake hotspots
If you’re ever using WiFi in a cafe, be sure to ask someone working there for the network name and password. Otherwise, you might risk logging into a fake hotspot. From here, hackers can record your keystrokes including usernames and passwords to your accounts.
Finally, while on a public WiFi, you might get pop-ups and messages that your device “has been compromised”. These “warn you” to install an update or similar. This is all to scare you into installing something on your device, which of course turns out to be malware.
That’s enough reason I think to make you stop and think.
Unfortunately, although there are many anonymous email providers out there, not all of them have an Android or iOS app.
That’s a bit surprising given that nearly 1.7 billion users check their email on a mobile device, and less than 1 billion (0.9 billion) do so on a desktop. (The Ultimate Mobile Email Open Statistics).
Obviously, the users want to access their private email from mobile as much, if not more than from desktop.
CTemplar is one of the few providers that has an anonymous email app.
If you’ve been following us for a while, you probably remember that back in January, we launched our app for Android for beta testing.
Since then, thanks to your incredible feedback, we’ve released a steady version of our CTemplar email mobile app. Current version is 1.2.6. and works from 4.1 “Jelly Bean” up to the latest Android version.
Right now, we have over 500 downloads on Android.
CTemplar Android App Features
Like our desktop version, the CTemplar anonymous email app provides unparalleled privacy and security when sending anonymous emails and sharing files.
The app offers:
- 4096-bit RSA end-to-end encryption using Open Source Cryptography. Check out our Open Source code on our anonymous email Github repositories on https://github.com/CTemplar/webclient.
- User-friendly interface. We made anonymous email sending much easier on mobile while taking out nothing from privacy and security features.
- “Zero Access”. We are using the “Hash & Salt” technique so even we don’t know your username and password (as it should be). We also ensure that your emails can’t be traced back to you by not storing your IP logs.
- Best Data Protection Laws in the World. Your data is encrypted on servers located in Iceland. Iceland maintains the strictest data privacy laws in the world and is not a part of the 14-Eyes and also no MLATs (Mutual Legal Assistance Treaty).
Keep in mind that we only recently released our iOS app (current version is 1.0.2), so there is still a good deal of work to be had on it.
We greatly appreciate any feedback you have, even negative one. This helps our developers see any bugs and mistakes that we missed on our part and keep improving our app for you.
Join Us On Reddit (r/ctemplar)
Speaking of feedback, you can also find us on Reddit. Our anonymous email Reddit page is r/ctemplar. So be sure to hop over if you have any questions, suggestions or feedback about our email service, or just to say hi.
You can also often find us on the email privacy, security & anonymity subreddit r/EmailPrivacy.
We look forward to hearing from you.
At the end of the day, we developed our email service to serve your privacy & security needs. That is why we rely on your feedback to be able to offer a better service in the future.
So, we’d like to hear from you. What do you like about our email service? Is there anything you would like to see in the CTemplar anonymous email app that we didn’t add already?
Did you ever wonder how to get anonymous email but kept shying away from it because you thought it to be complicated?
Or you had to know how to set up a proxy server?
And what about encryption? Shouldn’t you know a thing or two about that?
These are enough to make you think sending anonymous email is too difficult.
You might even quit on the idea altogether.
Don’t worry, we are here to show you how does anonymous email work and that it’s actually easy to get it if you do it smart.
How to Get Anonymous Email
So you were toying with the idea of sending an anonymous email to someone, but don’t you don’t want to get caught.
You can have several reasons why you would want to do that.
- You are a journalist in an undemocratic country that suppresses freedom of speech and media freedoms.
- You have discovered that your boss is committing fraud and need to report them without them knowing it was you (and getting fired in the process).
- You don’t want Google to read your private emails and track your online behavior.
- You care about your online privacy and want to protect it.
As you can see, there are many reasons to learn how does anonymous email work.
The only problem is that you don’t know where to start.
You’re about to find out that, with the right service, sending anonymous email is not that difficult.
We’ll set up an account on CTemplar to show you.
- The first step is to go to CTemplar.com and click on the Sign Up button in the top right corner of your screen.
- Next, you will get the option to select the account type that suits your needs for privacy and anonymity best.
You’ll have a choice between five plans (keep in mind that we had to restrict Free account creation to by invite only)
- Free – $0, upgrade anytime
- Prime – $6/month, billed yearly
- Knight – $10.5/month, billed yearly
- Marshall – $18/month, billed yearly
- Champion – $37.5/month, billed yearly
Of course, if you are worried that your payment might be traced back to you, CTemplar also accepts cryptocurrency.
3. Now you can create your account.
Unlike Gmail or similar services, we don’t ask for your phone number or other such information. You can choose any username and password you want and CTemplar won’t store it anywhere (we won’t know your password).
Don’t have an invitation code? Here’s how to get one.
Finally, just click on the Create Account button and you’re all set.
Can You Use Gmail to Send Anonymous Email?
“But I’m used to Gmail and don’t want to give up on it. Can I use it to send anonymous emails?”
Keep in mind that Gmail was not designed to keep your information and email conversation private.
Yes, they can be convenient, but if you’re looking for privacy and security, you should look elsewhere.
But let’s say you don’t want advertisers to know every detail of your life so they can send personalized ads.
Well, in that case, Gmail isn’t the best choice and you need a private email service that offers the following security features:
- Strong end-to-end encryption.
- Zero access email service.
- Anonymous payment.
- Anti-phishing and anti-spam protection.
- Built-in kill switch.
- Instantly delete emails.
- 2-Factor authentication.
Gmail has none or very little of any of these. For instance, even if you use a fake name to open an account, Google will still ask you for your phone number to verify.
So no, Gmail is not a good way to send anonymous emails.
How to Send Anonymous Email Without Being Traced?
Okay, so you created an anonymous email account and want to start sending emails.
However, someone might still trace the email back to you.
Well, the message itself might not contain any information. But, digging through the email header might reveal your IP address. Then, it’s just a question of using a good GeoIP location service and you’re toast.
So what can you do to make sure your email is not traced back to you?
For one, don’t send anonymous emails from your personal computer at home or at work.
At least not in a way that will reveal your IP address.
One way to avoid this is to go to another location, like a public coffee shop or library and set up an account there.
That won’t always work and public WiFi is not the most secure thing in the world. Especially when you need to send sensitive data.
There are three better ways to hide your IP address and make sure your anonymous email won’t be traced back to you:
- Use a proxy server
Proxy servers will act as a gateway between your computer and real IP address and the recipient. Normally, when you send a web request, it will go to the destination server directly before you can visit that site.
With a proxy server, that request first goes to the proxy, which will then make the request to the destination server in your name. So, as far as the other side is concerned, the request came from the proxy server and its IP address.
- Use a VPN service
Another way to hide your real IP address is to use a VPN service. VPN stands for Virtual Private Network and just like proxies, it makes the traffic appear as if it is coming from another IP address.
This is where the similarities between the two end. VPN is set up at the OS level and unlike a proxy, which acts as a middle man, captures the traffic of every application you are using (even those in the background) and encrypts it before it reaches its destination on the Internet.
The result is that neither the destination server nor your ISP will be able to trace back the signal back to you.
- Use a Tor browser
Finally, you can use Tor. Tor is a free and open-source software for anonymous communication.
What do you know! Email is a type of communication and we are talking about anonymous email. It’s a match made in heaven!
What does Tor do?
Tor. Or The Onion Router (Just Tor, never TOR or T.O.R.) redirects your Internet traffic via a special network. This network includes several thousand relays that will conceal your location from traffic analysis and surveillance.
And that’s it. You now know how to get anonymous email, as well as how it works. You also know how to send anonymous email without being traced.
Enjoy your privacy!
What do you do when you need to send sensitive information via email?
Simply putting an attachment to your email message is easy enough to do, but so will intercepting it be for someone other than the intended recipient.
If the attachment contains sensitive or confidential information, that could lead to a serious problem.
Fortunately, there is no shortage of ways to send documents securely over the Internet.
Email, for one, is not just an easy way to send a secure document.
It can also be a secure one if you know how to send encrypted email online.
There are really three ways to ensure you’re sending docs securely over email:
- Encrypt the entire email.
- Encrypt the attachment.
- Password-protect the document.
We are going to show you all the three methods here.
Use an Online Encrypted Email Service
The first method to send sensitive information via email is to ditch the woefully unsecured Gmail, YahooMail!, Outlook or Apple Mail and replace them with a more secure online encrypted email service.
Luckily, there’s no shortage of great secure email providers online to choose from.
Without going too deep into each provider, there’s:
- Kolab Now
And many, many others.
But how do you choose a good one?
That’s actually the big question here as you want the most secure encrypted email service you can find to send documents securely and privately online.
Here are a couple of things you need to keep an eye on when choosing an encrypted email service:
- What level of encryption does the service offers?
Not all encryption is created equal, so be sure to learn to what level does the provider encrypts your email messages and attachments.
Will data at rest be encrypted?
What about server connections? Are those encrypted as well?
- Do they keep logs and how long?
The lesser logs the encrypted email keeps and the shorter it does, the better. Some email services won’t keep any logs at all, so these are your best bet for sending encrypted messages and documents securely.
- Do they show your IP address?
While IP geolocation won’t show your exact location, it can still reveal enough information about you, such as your Internet Service Provider (ISP) and your general location.
A really accurate GeoIP service can reveal not just your ISP, but also your latitude/longitude, region, city/town, postal code, the type of Internet connection you use (cable, dial, cellular…), and more.
On its own, this information perhaps isn’t much but combined with some other information, it reveals too much. This is why it’s important that the email provider removes your IP from the email header.
You need to know how your data will be collected, stored and used, as well as how the email provider will handle requests from the government regarding your emails.
Encrypt the Attachment
Using an encrypted email service is a very secure way to send and receive documents over the Internet, but it has one flaw.
Both the sender and the recipient must use the same standard, whether PGP or MIME.
For instance, that means that if both of you are using the same provider or one is using CTemplar and the other ProtonMail, you’re okay since both support PGP encryption.
However, if one is using, let’s say Tutanota, which doesn’t support PGP (or S/MIME), that would be a problem.
So what then?
How do you send sensitive information over the Internet then?
By encrypting the attachment itself.
And you do this by using the .zip standard.
Here you’ll have two options – 7-zip and WinZip.
These two use slightly different encryption methods. We’re not going to go too deep into it here, but in general:
- 7-zip uses AES-256 (which is the strongest AES version).
- WinZIP uses two methods – Zip 2.0 (which is the legacy encryption and not very good) and AES (which is not supported by Windows and you won’t be able to extract it one Windows machines as a result).
Whichever you choose (7-Zip or WinZip), you’ll need to download and install it on your computer before you can use it.
Once you do that, here’s how to encrypt a file using it (we’ll show you the method for 7-Zip, but it should be fairly the same for WinZip as well):
- Launch the program.
- Find the file you want to encrypt in the file manager.
- Highlight the file and click Add.
- A new window title Add to Archive will now open.
- Change the Archive Format to Zip in the drop-down menu.
- Choose the AES-256 in the Encryption Method.
- Type your password in the Enter Password text box and re-enter the password in the text box beneath it.
- Click OK.
Your file will now be encrypted, which will be indicated by an icon of a folder with a zip over it. Be sure not to send the password together with the Zip file, as they could be intercepted.
Password-Protect the File
The third option to send documents and files securely over the Internet is to password-protect the file itself.
However, according to the Helsinki-based F-Secure, 23% of email spam contains a malicious attachment.
The 5 most common (and most likely to contain something malicious) attachment types are .doc, .pdf, .xls, .zip and .7z.
The most common file type you’ll be sending (and receiving) as an attachment in an email is probably Word doc, so here’s how to protect it with a password before you do that:
- Create a Word file that you want to attach.
- Click Save As (choose a descriptive file name) from the File in the main menu.
- In the File drop-down menu, select Info.
- Click on Protect Document next by Permissions.
- Select Encrypt with Password from the pop-up menu.
- A new window will open and you’ll need to type in your password into the text field. Keep in mind that this password will be unrecoverable, so keep the password someone safe.
- Click OK and the file will now be password-protected.
All that’s left to do is send the password securely to the recipient so they know how to open it.
If you’re using Google Docs, however, keep in mind that you can’t add a password to the document or file itself. Google Docs doesn’t support that.
Instead, if you’re using GDrive, you can upload encrypted files to it and add a password for anyone to access them using the Secure File Encryption Drive add-on.
Instead, your files and documents will be protected with your account password.
So there you go. Three secure ways to send encrypted email online. Which one of these do you feel to be the most secure?
If you’re like most people, you probably check your inbox at least 1-3 times per day, according to Statista.
That’s 1-3 opportunities to receive malware or other malicious threats straight to your inbox, as 94% of malware gets delivered via email according to Verizon’s 2019 Data Breach Investigations Report.
And, with the average cost of a data breach being nearly $4 billion in 2019 and smaller organizations (up to 250 employees) being the most likely target for a malicious email (1 in 323 per email security company Symantec), it’s clear that the way people normally approach email is not very safe.
So what is to be done about it? Stop using email at all or not open or send any attachments?
That’s not the solution.
That’s burying your head in the sand.
The solution is to learn how to send secure email attachment.
And that’s what I’m going to teach you to do in this article.
It’s Time to Start Encrypting Your Emails
Encrypting your email, including messages and attachments you send out to someone will save you a lot of trouble.
Unfortunately, most email providers don’t even bother with encryption (at least not by default) and let their users fend for themselves against malicious attackers.
This can be a big problem, especially if you need to send some personal or financial information.
Scammers are becoming more and more sophisticated and cunning in their phishing attacks.
You need to know how to identify and avoid these fraudulent attempts.
For instance, with Discover it Secured, the emails you receive will always have your full name (as displayed on your credit card) in the greeting line.
So, instead of “Hello customer!”, it will read “Hi John Smith”.
Another sign that there’s something “phishy” will be the “urgency” that the email will portray, whether that means sending your Social Security number, ID, credit card number or something else.
Discover it Secured will never ask you to send this information directly via email.
That said, if you’re using Gmail or Outlook, all is not lost and you can still send secure email attachment.
It just takes a little tinkering with it.
How to Encrypt Outlook Messages
With Outlook, you have two encryption options for sending secure documents via email:
- Office 365 Message Encryption (with the Azure Information Protection add-on)
- S/MIME Encryption
To encrypt messages on Outlook with S/MIME, you’ll first need to set a signing certificate on your computer.
Once you have that, you can configure the certificate for your Outlook account as well.
Here’s how it goes:
- Go to the File menu and follow this path: Options>Trust Center>Trust Center Settings.
- Next, click on Email Security in the left pane.
- Find Certificates and Algorithms and select an S/MIME Certificate. Click OK.
You can also encrypt a single message.
To do this:
- Click on File and select Properties in the email message you want to encrypt.
- Go to Security Settings.
- Check the box Encrypt Message Contents and Attachments.
- Compose your email and click Send.
Now on to Gmail.
How to Send a Secure Email in Gmail
Gmail is by far the most popular email provider in the world.
Unfortunately, it’s also the most susceptible to malicious threats, phishing, malware, scams and so on.
That’s not to say that Gmail completely lacks in privacy and security, but these take second or third place to ease of delivery and use.
Now, by default, Gmail uses TLS (Transport Layer Security). This is the successor of SSL (Secure Sockets Layer, so they can often be used interchangeably (although TLS is the newer version).
G Suite users, however, can also enable S/MIME for extra protection.
To do this, both the sender and the recipient must have S/MIME enabled and they also must exchange security “keys” with each other.
With that out of the way, here’s how sending secure document via email works:
- Compose your message and add your recipient in the “To” field.
- Depending on the recipient’s encryption level, there will be a lock icon on his right. Click on that lock.
- By selecting View Details you can learn more about the recipient’s encryption level or modify your S/MIME settings. S/MIME encryption levels are (from lowest to highest): Red, Gray and Green. Never send any personal information to someone with a red S/MIME level.
If enabling S/MIME seems like too much of a work, another option to send a secure and anonymous email via Gmail is to use a 3rd-party extension like SecureGmail.
You can install it from the Chrome Web Store.
Once you have it activated on your Gmail, you should see a lock icon next to your Compose button.
You’ll need to click on that lock if you want to write an encrypted email.
Two things will happen:
- The header will now display Secured along with the lock symbol below New Message and,
- The Send button will now become Send Encrypted.
Once you hit Send Encrypted, you’ll need to enter a password in the pop-up window,
The recipient will need this password to decrypt your email. However, as this will only give them a hint about the password, you’ll need to send it to them in a separate message.
Encrypt Your Email, but without Extra Configuration and Installing Plugins
Let’s be honest. Just to configure encryption, whether S/MIME or PGP on Gmail or Outlook takes extra effort.
Even if you do everything right on your end, the other side also needs to do the same on their end.
And even then, you can’t be 100% sure that you are sending secure document via email.
As I said previously, encryption is not at the top of the priority list for a commercial email service like Gmail.
Which is why, if you want to send a secure and anonymous email, you should use an encrypted email service like CTemplar.
With CTemplar you get a much better email security through 4096-bit encryption. This will do much better job of keeping your inbox safe from malicious threats.
Not only that, but CTemplar also won’t keep any logs of your usage or track your IP, making it truly and 100% anonymous.
On top of all that, you don’t have to worry about 14 Eyes as your emails will be stored on secure servers in Iceland, which has some of the best privacy laws in the world.
So, if you want to send and receive secure email messages and attachments, start using CTemplar.
CTemplar’s 4 Wall Protection
4 Wall Protection was defined by the CTemplar team with the goal of helping people review their privacy needs. Imagine that your privacy is a four-walled fortress. If a wall is missing, then an enemy can quickly get into your fortress. Therefore it’s vital that you make sure you receive adequate protection in the places that are important.
We feel CTemplar is the most secure email service because it has the strongest features. Here are the “4 Walls” we do best.
- Wall 1: Encryption Protection:
- We support encrypted Content, Contacts and Subjects
- We are the only secure email service that is working on encrypting your metadata (Work in progress).
- Wall 2: The Only “Zero Access” End-to-End Encryption:
- Wall 3: Strongest Legal Protection: Iceland has no data retention laws that apply to webmail. When you press “delete” it’s instantly deleted.
- Iceland legally allows us to offer total anonymity.
- Iceland is outside the “14 Eyes” and has no US MLAT Treaties.
- We require an Icelandic court order to turn over your data. If we turn over your data, it will only be encrypted information.
- Wall 4: Company: We formed the company in Seychelles because it gives the maximum protection for company records in the world.
- We do not record or list any of our user’s data for corporate reasons, and our Seychelles corporation legally allows this.
- We are owned by those that built the site. No global corporations. No secret government sponsors
A service that offers end-to-end encryption is worthless if they can decrypt your emails and give them to anyone who asks. The strongest fortress in the world is not secure if a wall is missing or gate wide open. People desiring the highest level of protection should not buy discount services. Conversely, people that only require minimum security protection may not need the strongest protection.
Your privacy is your fortress, be sure you get the privacy protection that meets your needs.
The CTemplar Team
Protonmail strengths not mentioned above: Protonmail launched May 16, 2014 and CTemplar launched September 5th 2018. Protonmail’s added experience in this industry has created a more polished service than CTemplar. Protonmail also maintains the OpenPGPjs library that we use. We are grateful for their contributions and wrote a post about it.
Tutanota’s strengths not mentioned above: Tutanota was the first secure email service to go open source for F-Droid.
- Brute force attacks are only successful when thousands of combinations can be rapidly attempted. CTemplar, Tutanota & Protonmail all disable login attempts when multiple failed password attempts are detected.
- The “Zero-Knowledge Password Proof” involves hashing and salting users passwords. You can read a simplified version or the version published by Stanford’s cryptography department. When this technology is utilized no one is able to know the users password except the user. The webmail service only has the users hashed password and can not reverse the hash. Only the user can log into their account.
- Subresource Integrity (SRI) makes it impossible for an attacker to hack you (serving malicious code) during your website visit. CTemplar was the very first secure email service to enable this functionality. You can read more about it here, or here.
- CTemplar developed a combination of SRI & Checksums that has never been used before. This makes it impossible for CTemplar to hack you (serve you malicious code). You can read more about this on our blog post about it. This makes CTemplar the very first “Zero Access” end to end encrypted webmail service provider. We are the first webmail service that cant access users data even if we wanted to.
- The “14 Eyes” are a group of 14 countries that have agreements to share information with each other. Edward Snowden revealed that this agreement results in extensive privacy violations. The majority of privacy experts strongly recommend that you should avoid using a service within the 14 eyes.
- MLAT treaties require broad and all-encompassing cooperation. If the US asks for data from a country with an MLAT treaty then the country must do everything within its power to provide what is requested. The treaty can be utilized to turn your mobile device into a tracking device recording your location. An example of this is the Swiss MLAT treaty which can require a Swiss company to “make every effort to ascertain
the whereabouts and addresses” of their users. Countries with MLAT treaties include Belgium, Switzerland, and Canada.
- Users use 2 Factor Authentication (2FA) to provide greater security for their accounts. Some email services, like Protonmail, maintain backdoor access to all users 2FA. They provide this as a service so they can restore access to users’ accounts if a user loses 2FA.
- Users who log into their account will be shown an “Anti-Phishing Phrase”. If you log into your account and you do not see that phrase then you know that you have logged into a fake website that is trying to steal your account. When a user notices the absence of this phrase they should visit “www.ctemplar.com and change their account’s password immediately. CTemplar is the first to offer Phishing Protection.
- Protonmail and CTemplar both accept Bitcoin. Tutanota does not. Bitcoin is NOT anonymous. CTemplar is the only email service that accepts payment using the most anonymous currency, Monero(XMR). Currently, we are only accepting Monero (XMR) payment via email. After the user sends the Monero the user’s account will be credited & upgraded. Some service allows paying with cash through the mail. However, this can be problematic with recent developments in tracking physical mail.
Does having open-source code eliminate this risk? No, because open-source code is just an act to encourage users’ trust. The audited code in GitHub might not be the same code that is sent to you from a companies private server. There is no assurance or promise that the code hosted is the same as the one is served.
Currently, all end-to-end encrypted email services can hack their users and decrypt all of their data except us. We can provide this level of protection using an implementation of checksums that haven’t been used before. We are proudly the first “Zero Access” end-to-end encrypted email service that is not able to decrypt our own user’s emails.
How Did We Solve This With Checksums?
Our checksum implementation allows our users to compare the code served to their browser with the code in GitHub within 15-30 seconds. Usually, comparing code can take hours or days. With checksums, you can do it in seconds.
First, the file index.html starts the platform loading process and determines what is loaded, but when doing so, could pose a couple of risks:
In any case, if anyone wants to manually verify if our “index.html” hasn’t been tampered and is the same as the one being served, we have a guide in GitHub.
At the time of writing, our current checksum is:
SHA-256 checksum of “index.html”:
The CTemplar Team:
Disclaimer: Checksums do not protect you from hacks from your browser, OS’s, plugins, mobile ISP providers, running process software, or the Intel Microprocessor hardware backdoor. We do not protect against keyloggers that may be installed on your computer.