1
00:00:00,120 --> 00:00:03,490
so now let's talk about secure email and messaging.

2
00:00:03,490 --> 00:00:09,620
communication is a large part of the internet and especially when it comes to privacy and security and the dark web.

3
00:00:09,640 --> 00:00:13,480
and it's important to understand some tools to securely email and message.

4
00:00:13,620 --> 00:00:16,600
obviously, something like gmail is not secure at all.

5
00:00:16,740 --> 00:00:25,010
they may encrypt your data in transit when you send the email just to avoid prying eyes on the internet, but they definitely do not keep them at rest encrypted.

6
00:00:25,010 --> 00:00:26,760
they will gladly sell the information.

7
00:00:27,180 --> 00:00:40,720
and gmail specifically is notorious for skimming your email to sell to data collectors who then sell to advertisers who then target ads to you or more nefarious things like giving access to your email to governments, law enforcement, etc.

8
00:00:40,780 --> 00:00:43,770
so what are some good options for email and messaging?

9
00:00:43,770 --> 00:00:48,960
before we dive into what are the options, we need to understand why security matters when it comes to email and messaging.

10
00:00:49,020 --> 00:00:53,210
generally, we want to hide our online presence because it is a right to do so.

11
00:00:53,210 --> 00:00:54,670
we want to avoid censorship.

12
00:00:54,670 --> 00:00:55,930
maybe you want to speak out.

13
00:00:55,930 --> 00:00:59,130
you need a secure medium for sending or receiving messages.

14
00:00:59,130 --> 00:01:03,390
you want to limit your exposed data on the internet, or you just want to practice with security tools.

15
00:01:03,390 --> 00:01:08,590
all of these would be valid reasons when it comes to secure messaging and email tools and platforms.

16
00:01:08,590 --> 00:01:10,520
and there are a lot of them available today.

17
00:01:11,420 --> 00:01:16,490
before you consider any tool in this space, there's a lot out there in terms of secure tools.

18
00:01:16,490 --> 00:01:20,330
just remember they should have these fundamental things within any tool.

19
00:01:20,330 --> 00:01:22,250
and if they do not, i would avoid it.

20
00:01:22,250 --> 00:01:24,210
it should always have end- to- end encryption.

21
00:01:24,210 --> 00:01:29,490
it should have proper security key management, meaning like where are the security keys hosted, right?

22
00:01:29,490 --> 00:01:31,850
if for the encryption itself, do they own it?

23
00:01:31,850 --> 00:01:32,810
do you own it?

24
00:01:32,810 --> 00:01:33,760
where does that go?

25
00:01:33,940 --> 00:01:35,440
should have ephemeral data.

26
00:01:35,780 --> 00:01:41,050
ideally tools, especially messaging services, they shouldn't be storing those messages on some server somewhere.

27
00:01:41,050 --> 00:01:48,920
for an email provider, the ephemeral data would be anything that's unencrypted related to you, like the browser you're visiting from the ip you're coming from.

28
00:01:49,100 --> 00:01:50,650
those should all be ephemeral.

29
00:01:50,650 --> 00:01:52,800
they shouldn't stick around on their servers.

30
00:01:53,020 --> 00:02:00,880
and ideally any 3rd party tool, if it is hosted on their servers, they limit data collection or have no data collection at all.

31
00:02:01,060 --> 00:02:03,430
now, there aren't a lot of tools that do these things.

32
00:02:03,430 --> 00:02:12,070
there are some and we'll talk about them, but it's important to keep in mind that those are the core fundamental security principles that you'll be looking for if you're looking for these types of tools.

33
00:02:12,070 --> 00:02:14,890
we have some recommendations that you should go with.

34
00:02:14,890 --> 00:02:15,550
for email.

35
00:02:15,550 --> 00:02:18,650
obviously one of the most popular ones today is protonmail.

36
00:02:18,650 --> 00:02:20,810
another one i am a fan of is tutanota.

37
00:02:20,810 --> 00:02:26,320
i believe they just go by tata now, but it is another email provider in some ways better than protonmail.

38
00:02:26,340 --> 00:02:31,210
or with email itself, you can create custom email servers with pgp enabled.

39
00:02:31,210 --> 00:02:33,410
we are not going to walk through that in this course.

40
00:02:33,410 --> 00:02:35,280
if you're interested in that, let me know.

41
00:02:35,340 --> 00:02:44,040
but obviously, that's the most secure option because you know exactly what's being stored on the server, you just have to protect it, which can be hard, but a very, very rewarding option.

42
00:02:44,380 --> 00:02:49,210
for messaging itself, signal is very popular on mobile, though it does come with some of its problems.

43
00:02:49,210 --> 00:02:52,410
we're generally going to avoid discussion around mobile device messaging.

44
00:02:52,410 --> 00:02:54,450
if you're interested in that, i can dive into it.

45
00:02:54,450 --> 00:03:04,090
but the other ones to consider are computer- based and some popular ones include dyno, which is xmpp based chatting, session and ricochet.

46
00:03:04,090 --> 00:03:07,650
and we will cover all of these in our anonymity masterclass.

47
00:03:07,650 --> 00:03:15,200
if you're watching this from the dark web foundations course, we don't cover all of those, but you will see dyno in action in that free course from dark web academy.

48
00:03:15,380 --> 00:03:19,880
but if you're in the anonymity course, we will cover all of those as we go forward here in the course.