Summary
➡ Encrypted email platforms like ProtonMail can secure messages within the same domain, bypassing the SMTP protocol. However, they may not be the best choice for privacy as they can still reveal information like IP addresses and are often targeted by hackers. Instead, consider using other encrypted communication apps like Signal Session or XMPP. BraxMail is another option that offers multiple domains and unlimited aliases, allowing you to change your email address on the fly and block spam effectively.
➡ You can now pre-order on indiegogo.com. Thanks for your support and see you next year.
Transcript
I’ve since dumped that and that experience taught me a lesson. I’ll tell you later why I dumped all that work. The surprising lesson is that encryption is a pointless exercise in email and isn’t the main issue you need to address in privacy. So in order to execute the proper approach to using email and using it safely, I’ll teach you some strategies using our BraxMail service. This is not to say you have to use our service. There may be other competing services that do the same thing as BraxMail. But I think how BraxMail has evolved is a brilliant approach that I’m really proud of which speaks to its popularity.
It’s simple and it works. I know it’s right after Christmas when this video comes out so you can watch and relax and it will be a light-hearted conversation. I won’t stress you out. Stay right there. What do you all use for email? The vast majority of people, probably more than 90% of you, have some or multiple Gmail accounts. I certainly do myself and there are uses for Gmail. And obviously it’s a platform login to YouTube so if you’re watching this video on YouTube, you have to have Gmail. Now Gmail is free so that was the trick to getting you to use it.
Except that most of you didn’t think about the implications of this and started to use Gmail for your entire life. If you’re using Gmail as your main email, you’re really messing up your privacy because Google uses this as part of your surveillance profile. I’ve told the story of how I got a graduation email from a school on my Gmail account and then immediately after I got the graduation gift spam immediately. Everything you send and receive in Gmail is scanned, profiled and attributed to you and this is also how Google generates a contact list by seeing who you regularly talk to.
On the other hand, if you use Gmail for official identification using your real name, then it’s probably best just to keep that but limit its use to publicly known information and keep it separate from other online uses. Use this Gmail for banking, government communications, medical and so on which are normally just alerts but never for social media. If you’re currently using a Gmail with your real name, stop using that on any online platform now. I recommend also that you clear out as much of your email history as possible. If you need a Gmail to access YouTube, then create a brand new account without using your real name.
Use a VPN to protect your IP address. Use browser isolation to not mix it with the other Gmail and use this only for YouTube and not for any actual communication. Again, to summarize, number one, keep your real name Gmail with lots of history separate and limit its use to publicly known information. Number two, use a new Gmail for YouTube and Google functions going forward which you will use only for Google login. For non-Google logins to platforms, we will address that next. In general, what you want to do is to have completely different emails for each and every online platform.
If some party you communicate with that is not Google wants an email, then you give them a unique email. I’ll tell you how we will do this later using Braxmail but the main concept is having unique emails. This is very important in multiple ways. First, if you’re spammed later on, you can identify where the spam is coming from. Second, email is often the biggest attack vector of hackers. If someone has your email, then they can look you up and hack databases. And if you reuse passwords, which many of you do, then they will get in and hack your bank accounts, your credit cards, and your email access.
Third, email is an identity marker. By knowing your email, sites like Axiom and Talius and other social media aggregators will be able to match your online activity to your real name even when you did not use your real name. A consistently used email will draw connections between the accounts. You can see then that you can break all of this quite easily by having a ton of emails. You will need a lot, maybe 50 to 100 or more emails, which obviously is impractical to use if you’re using a standard email product. We’ll get to how to actually implement this later, but as a spoiler alert, Braxmail allows unlimited email aliases.
So this is very trivial to implement. We’ll get to the execution issue later. The problem with the current email standard is that it is based on the current protocol called SMTP, Simple Mail Transfer Protocol. I looked in Wikipedia and it says this was originally developed in 1983 as a standard. But I remember using email in the open way that it is now during the early 90s. Email is sent from point to point using servers called Mail Transfer Agents or MTAs. And these currently process email by finding the server that’s handling a particular internet domain. Nothing much has changed since the 90s.
The same MTAs still work. And for maximum compatibility, they have changed little. Now, larger companies like Google and Yahoo may have pre-arranged protocols between them to exchange email more securely. But outside of that pre-arrangement, the best way to ensure that email arrives is to use the original SMTP standard. And if you didn’t know this, the standard is that all traffic is sent in plain text. Though encryption is now standard between your device and your email server, the actual sending of traffic inter-domain largely still uses the original standard base on plain text. Even if you send photos or zip files or binary content, that’s still represented as plain text by converting these binary files into a text representation called Base64, which is completely easily converted and there is no encryption whatsoever.
This is why the three-letter agencies love to scour the internet and collect all email data at large internet junctions, usually at an AT&T pairing station, and then store that email data at the Utah Data Center. If you’re using email, you should have the expectation that all parties that process the email have a copy. Certainly the sending MTA server, the receiving MTA server, the very spy agencies in the middle, the sysadmin, tax hackers, and so on. There are those that state that a lot of MTA servers now use encryption by default using a protocol called StartTLS.
I don’t need to get into detail, but just understand that this is easy to overcome, certainly a piece of cake for any three-letter agency. This is why medical conversations with your physician is not supposed to use email. This was banned by the US HIPAA privacy laws, though some stupid doctors ignore this. Even the IRS does not communicate via email, they do everything by snail mail. Or government platforms will only send alerts in email and the actual details of messages can only be retrieved when you log into the platform. Given this information then, why would you have extensive private and personal discussions in email? That’s why I don’t like doing tech support in email.
Someone else is reading it. Now, some of you incorrectly think that you can overcome this by using some sort of encrypted email product like a protonmail. This is a false expectation, and let’s get into that next. As I already explained to you, the email standard requires that the content of the email be in plain text. This is particularly critical in the area of the email called the email header. This is the portion of the email that has the sender and recipient. It also has identifying information such as the IP address of the source and the target and any intervening servers in between.
It also includes the message title. This is important because it allows messages to traverse the internet. You cannot hide header information, otherwise the message cannot be directed to the correct server in inter-domain messaging. And the IP address information also allows this addressing. So the biggest misconception is that a platform like protonmail will somehow help here. It will not. Why? Because you cannot deviate from the email standard. You cannot encrypt the header. It has to be readable. Thus, email coming from a protonmail or two ten order account will look exactly the same as the one coming from Gmail.
To make this clear, for normal inter-domain email transfer, the email has to look the same for all. And obviously email is not just sent. It is also received. So platforms, even if they claim encryption, which I will explain in a second, must receive unencrypted messages. And as I said, the headers have to be standardized and be in plain text. The unique promise of encrypted email platforms, which some of you understand, but not fully, is that inter-domain communications can bypass the SMTP protocol since it doesn’t leave that same server. This is where you can add the encryption.
Again, I repeat, you can encrypt inter-domain messages. This is within the same server. So protonmail can encrypt its own messages to others within the same domain. As long as they own the domain, they can encrypt it and they can completely skip the SMTP protocol and really have built a bypass. Thus, the only advantage to using an encrypted email product like protonmail is if you’re also talking to someone on protonmail. And as a way of encrypted conversations, I will tell you later why this is a very bad idea. Why not just use signal session and XMPP instead? So among the alternative means of encrypted communication, this is one of the worst options, especially in the current world of apps.
For this reason, I fail to understand the benefit of a protonmail. Sure, it does offer a means to send an encrypted message to someone else by encrypting the content portion of the email. I never open these kinds of messages, by the way, so if you send me one, I guarantee it will not be clicked. Links like this are the main sources of malware. Another approach is to use GPG to encrypt the message contents using private and public keys, and I have a video on that. But again, that does not affect the header and all the important metadata that is in the header.
The other problem is even more basic. Anyone with access to your inbox can read your non-encrypted messages even if the platform is supposedly encrypted. This then creates an expectation of privacy which doesn’t exist since 99.9% of the average person’s email will not have any encryption of any sort. This is the reason I stopped my email encryption project. During our beta stage, I was watching the traffic of email go through and realized that I could find out a lot of information about a person just by reading all the unencrypted email. That’s when I realized that this was a terrible idea.
So you’ve made a very visible decision of choosing an email service for people with something to hide, yet most of your content will not be hidden. ProtonMail and Tutenota are well known for being selected by people who want encryption. Thus, they might as well function as a honeypot to use a hacker’s parlance. And they’ve of course given access to your data to governments as they’re required to do. So to summarize, if you want to encrypt your message, do not use email. Use some other app that is using another protocol like Signal Session or XMPP. I mentioned this earlier, but now let me focus on this.
If you weren’t aware of the privacy issues, there is an abundance of concerns about email. If you’re using email on your device with an email client software like Outlook, Apple Mail, Thunderbird, and so on, you may not be aware that your IP address is sent with any email you create. This means that if you’re not using a VPN, the easiest way for anyone, including hackers, to identify you is from looking at the email header. And using databases of reverse IP lookup tables, you can actually find a person’s exact location. I’ve seen people also use email with fake names, but then realize that the header had the real name on it based on the computer name.
This depends on the email client, but email sending is a big danger. And this bothers me specifically. Many VPN providers block email by default, which is exactly the primary reason you want to use a VPN. I would avoid VPN providers that do this. This is practically all the major ones, by the way. Check out our Vite’s VPN service instead. So what you want to have is a service that takes care to remove the identity information from the header of the email. Now, in deference to products like ProtonMail, they do this too. Just understand that this is not the standard.
Most email services will include your IP address in the header. Or in the case of Google, they may not put it in the header, but they keep it for themselves. Now that you’re armed with the knowledge of what you want your email to do, let’s come up with a strategy that attacks all the issues I bring up here. And we will use Braxmail as an example, since this can handle all of these concerns. Braxmail has many domains. I publicly state the domain that you will all know, and that is Braxmail.net. But in reality, we have a bunch of domains which are pretty obscure and don’t suggest any particular choice of people with something to hide.
Now, the neat thing about Braxmail is that you can just change domains on the fly when you give your email to someone. So at your choice, you could give a domain like bxmail.net, for example. That’s not an actual domain, but just as an example. You do not need any special setup since all are provided domains work simultaneously and arrive at the single inbox and you can choose any of them as your regular domain. This could be good if you suddenly have the need to create a new login and you do not need any setup. It will just work all the time.
Again, to make it clear, all domains that we offer work simultaneously with Braxmail.net. Now, let’s talk about something called aliases. Braxmail, as I mentioned, has unlimited aliases and it is really simple. And you do not need to set up an alias in advance, which is often a requirement in some email services that allow some aliases. Our method is simple. If your email address is set up as go at Braxmail.net, then to have an alias, just add a hyphen to your email username of go and add any text you want, no special characters, text or numbers only.
So here are examples of valid aliases. Go Amazon at Braxmail.net, go Rob at Braxmail.net, go X at Braxmail.net, go Rumble at Braxmail.net, go R1 at Braxmail.net, go 122524 at Braxmail.net. I hope you see the point here. After the hyphen, the text can be anything but not too long as email addresses that are too long may be rejected by some platforms. Look at the last example. It is a date-based alias, so truly for one-time use and guaranteed to be unique. You can see now that it is extremely trivial to have a different email for every internet platform.
The neat thing here is that you do not need to do any setup. This will then prevent anyone from hacking you by email or using email as an identifier. One-time use email prevents that from happening. Here’s an example of the usefulness of email aliases without needing a setup. I was at a mall and was shopping at Ralph Lauren. At the checkout, they said to me that I can get a 10% discount if I give them an email address. I don’t normally give out email addresses like this as it will cause spam, but with Braxmail, I can take advantage of this and get a discount.
So on the fly, I gave an email like go-rl at bxmail.net. I get my discount. Then here’s the fun part. On Braxmail, you can set up to block an alias. So now I can block the one-time use email go-rl and then it will never receive email again. This is the only way to block spam, by the way. You cannot block senders and use spam blockers. That is not effective. Spammers have found a way around that. When you block an alias on Braxmail, it will just say that the email does not exist. I hope you learned a little trick here too.
The best usernames on Braxmail are short, so you can append any alias. Don’t know what short usernames are still available, so you’ll have to see if it’s available by checking. Now, the other thing you can be reassured with when using Braxmail is that we do in fact clear the email header of personally identifiable information. So there will be no IP address of yours in there. Thus, Braxmail does not need a VPN for protection. And if you have multiple Braxmail accounts, intradomain emails will retain encryption since it does not traverse the internet unencrypted. I don’t want to sound like a salesman and say, but wait, there’s more.
But you should know that Braxmail is available on Braxme for $50 a year. That’s it. We do not have storage limits. The only limitation is that attachments cannot exceed 25 megabytes and attachment limits are standard in the industry. Even if we accepted them, other providers will reject receipt. Hope this gives you information about a tool that can help your privacy, your cybersecurity, and your spam all at once. Folks, as I mentioned in the video, the Braxmail product is available on our store on Braxme. This is my own platform, and we have a good-sized community there today exchanging ideas on privacy issues daily.
Check it out, and we have other products there like BytesVPN, Brax Virtual Phone, and other Google phones. We also have the Brax3 Privacy Phone, which is currently on pre-order, and it is on indiegogo.com. Thanks for your support and for watching me in 2024, and see you next year. [tr:trw].
See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.
Author
