I believe privacy is a fundamental right, so what better way to celebrate Data Privacy Day than to show you how to encrypt email easily and keep those emails both private and secure?
Meet Virtru, an email security app that encrypts your email before it leaves your device; it includes fine-grained privacy controls so only you and the person to whom you sent the email can access it...meaning government snoops, third parties, advertisers, ISPs and even cybercrooks can't access your email messages. Thanks to Virtru's Chrome and Firefox browser extensions, you can keep your Gmail, Outlook or Yahoo email accounts and still have secure and private email. And you can protect your digital privacy for the low, low price of FREE! Virtru is so super easy to use that even your non-techie grandma could and should use it.
Before we jump to the how-to, let me introduce the founders of Virtru: brothers Will and John Ackerly. When Will worked at the NSA as a cloud security architect, he invented the Trusted Data Format (TDF) that Virtru, and intelligence agencies, use. "After serving eight years at the NSA, he came away from the experience entirely convinced that users need to take action to preserve their own privacy." John, who served as associate director of the National Economic Council and director of the Office of Policy and Strategic Planning at the Commerce Department under President George W. Bush, said of Virtru, "The fundamental motivator here is...the need to give individuals practical tools to exercise their fundamental right to privacy."
How to encrypt email with Virtru
For webmail, Virtru currently offers a Chrome extension and Firefox add-on to encrypt Gmail, Outlook, Hotmail or Yahoo. There's also a mobile app for Apple, with the Android app, as well as plugins for Outlook and Mac Mail programs, and extensions for Internet Explorer versions 10 and up, and Safari coming in the future. Although I've tested both Chrome and Firefox add-ons for Gmail, Hotmail and Yahoo, the following examples are primarily screenshot captures from Gmail and Hotmail. Email addresses have been redacted.
Virtru app permissions in Outlook:
Virtru in Outlook first look:
Virtru activate message if you send encrypted Gmail to a person not using Virtru:
Virtru security bar
You will then receive a message notifying you about the Virtru security bar.
You can easily turn Virtru on and off. If it's grayed-out, then it's off. It's blue when you turn on Virtru protection.
When Virtru is on in Outlook, Hotmail, Gmail or Yahoo, your "send" button becomes a "send secure" button as seen in this Outlook example.
As a side note of caution regarding the cloud, if you use Yahoo, then know that Yahoo drafts are not currently encrypted by Virtru. Try to avoid such drafts; it's fodder for the mass surveillance powers-that-be if you've become a target.
Every email protected by Virtru is secured with the most Advanced Encryption Standard available, AES-256. The Virtru software, either installed via browser add-on or mobile app, encrypts your email before it leaves your device. When you hit send, Virtru protects the encryption keys with perfect forward secrecy. Only you and the person to whom you sent the email can access the content.
The TDF format controls access privileges for "all file types (ie, emails, text messages, Office files, pdfs, photos, videos)." When you send a Virtru-protected email, "your content is encrypted and secured inside a TDF wrapper. When your receiver attempts to open it, the wrapper communicates with the Virtru server to verify that the receiver is eligible to see the information."
When you have installed Virtru and you receive an encrypted email, the decryption happens quickly when you open it.
Disable forwarding and set email expiration date
On the right-side of the Virtru security bar, you have options to disable email forwarding and to set up an expiration date for how long your recipient has access to your sent email.
If you disable email forwarding, then if Alice sent email to Bob, and Bob forwarded Alice's email to Mallory, Mallory would not be able to open it. Regarding The Register's claim that a person can defeat Virtru by copying and pasting from the email, the fix for that is coming.
"On the copy/paste front, we have a technical solution, but we haven't yet rolled it out," Will told me. "Our main focus is on protecting the emails as they go from sender to recipient, as well as when stored on servers and your devices, but use after decryption isn't our first 'privacy' concern."
Revoke or reauthorize email messages
Virtru "thinks everyone deserves real privacy and control over their data, even after hitting the send button," so sent email comes with an option to revoke access.The red hand icon allows you to revoke email; this is especially handy if you sent an unwise, angry email in haste.
Below is what the recipient sees if you revoke access to a sent email:
If you change your mind again, such as if the revoke access was due to a lover's spat, then you click on the blue eye to reauthorize your recipient's access to your sent email.
Virtru Secure Reader
If you want to send Virtru encrypted email to a person at work, who maybe does not have the admin rights to install browser add-ons, no problem. Virtru also has a web-based Secure Reader.
When you send your first email to a person not using Virtru, if they choose the Virtru Secure Reader option, then they will be asked to verify their identity; this insures that only the recipient you intended can open the email. By using OpenID and OAuth protocols, the recipient does not need to setup a new account or yet another password. Instead, they can verify their identity via their existing Gmail, Microsoft or Yahoo email provider.
If your recipient forwards an email that you protected with "disable forwarding," this is what the non-authorized person sees via Virtru Secure Reader.
Virtru wanted to make encryption easy for absolutely everyone to use without sacrificing security; the creators believe in your fundamental right to have digital privacy and provided a tool that combines strong encryption with granular privacy controls. They claim Virtru will change the way we use email, and it surely could. The purpose of all these screenshots was to show you every aspect of how easy it is to use Virtru.
For people who would like more in-depth details of how Virtru works, then I encourage you to go read more. Virtru also has an open source strategy, which includes making a collection of open source Virtru components available on GitHub.
Although it's only in beta right now, I still highly recommend that you try Virtru. There is no reason Virtru should not be widely accepted by the masses to escape mass surveillance. Please do give it a try. Happy International Data Privacy Day! Why don't you celebrate by taking back control of your email and digital privacy?
Like this? Here's more posts:
- Top 25 most commonly used and worst passwords of 2013
- Microsoft: Targeted phishing attacks allowed SEA to steal law enforcement documents
- How to customize Windows 8.1 Start screen and keyboard shortcut tricks
- Flaw in Thunderbird bypasses Firefox 'Torified' security and privacy defenses
- Researchers discover Spoiled Onions: Evil Tor exit relays spying on Facebook users
- Hackers give Microsoft a second black eye, vow to deliver digital dirt on spying
- Privacy researchers: Cell phone surveillance costs as little as 4 pennies an hour
- How Microsoft had a hand in inventing Google's glucose-sensing smart contact lens
- How to change Windows 8.1 to local account with no Microsoft email account required
- Nest owners: Did you drink the Google Kool-Aid or are you concerned about privacy?
- Obama ignored NSA subverting encryption in surveillance reform speech
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited