Secure Email is a myth. Or so a lot of modern blogs make you believe. In fact this is partially true. We can only secure your email to a certain extent. However we try to make your messages as secure and imprenetable as they can get.
How do you ensure your zero-knowledge privacy?
We have implemented the End-2-End encryption API used by mega.co.nz, which enables our service to ensure certain features which would otherwise be costly and a very lengthy development process. This means that we do store your incoming email on a secure Mailbox which is technically readable by us, however we can only read your messages if you chose to send unencrypted mails. Upon login, our Inbox for your User Account gets transferred to your secure Mailbox stored on mega.co.nz’s servers. This way we are only able to see the size of your mailbox and nothing more. Meaning that if we become scrutinized by Law-enforcement requests, we can only grant them access if they possess the private key associated with your Account.
How do you handle message encryption?
The Key-pair consisting of your own personal, private key and the public key is not only used to encrypt and decrypt your private Mailbox but also to encrypt your messages. If you type an Email address in the to field, our system looks up if there is a public key available in the pool of public keys. It also looks through keys that you have chosen to import yourself. If there is a key available you can just hit send and our system will automatically encrypt your message. So that only you and the intended recipient can decrypt the message. Our PGP-Key standard is to encrypt with 4096 bits RSA with salt. All keys that are made with our system are valid for five years.
How do you ensure a message is encrypted?
We can’t. If your recipient does not have sufficient decryption possibilities and does not support receiving encrypted messages our system will display the to-list as RED. If the recipient however is able to decrypt messages via PGP (Pretty Good Privacy) either because you have manually added his/her key or it is available in a public pool the to-list is GREEN.
Why does my Browser warn me that the message may not be encrypted?
Our system automatically detects whether or not we can send the message encrypted or not. To make it visible for the user, we chose to implement a Pop-Up which informs the User that there may be one or more of he intended recipients not be able to receive encrypted messages. This message is displayed once every email and can be disabled in the Users settings pane.
What is three-way auhentication?
We offer the standard two-way authentication using a password and your key-pair. However for those of our customers even more paranoid we can also enable a three-way authentication method. Besides the key-pair and the password we can either send you a Txt with a randomly generated code or you can use the OTP-feature of a YubiKey. Or even both. We strongly recommend using YubiKey for your access though.
Do I want to submit my public key to a key-server?
We highly recommend you do. Even though there are certain risks involved with submitting your key to a public key service. We only use trusted, Open-Source key-servers such as the SKS-Pool or the MIT-Pool. These services are used for public key submission as well as public-key retrieval. Make sure that if you do not submit your key to a key-server to first establish a secure communication by sending your public key hashes to each other first and then importing them manually.
We offer you to choose between three major payment options. We recommend you to use Paypal, as this gives you most security as a buyer to get what you paid for but also helps us to ensure our payments are made and yourAccount remains open and useable for you.
However if you want to be more anonymous we reccomend you use Bitcoin. Please ensure that the wallet you choose to make your monthly payment from is full at all times though.
And if you want to you can also send us your payment using cash. Make sure that you are sending us €’s though. We do not reccomend this way though for we can not be held responsible for lost and/or misguided mail.