This section of the "Email and Communication Encryption Guide" program focuses on understanding encryption: basics to advanced. Understanding and implementing these practices is essential for anyone serious about protecting their digital privacy in today's increasingly surveilled world.
Encryption is the mathematical foundation of digital privacy. Without encryption, any data you send over the internet — emails, messages, files, passwords — can be intercepted and read by anyone with access to the network path between you and the recipient. This includes your internet service provider, the Wi-Fi network operator, government agencies conducting mass surveillance, and hackers on shared networks.
End-to-end encryption (E2EE) means that data is encrypted on your device and can only be decrypted on the recipient's device. The service provider in the middle cannot read the content, even if compelled by law enforcement. Signal is the gold standard for encrypted messaging — it is open-source, independently audited, and used by security researchers, journalists, and activists worldwide. Signal encrypts messages, voice calls, video calls, and file transfers with the Signal Protocol, which has been formally verified by cryptographers.
For email encryption, PGP (Pretty Good Privacy) and its open-source implementation GPG (GNU Privacy Guard) can add encryption to any email, but they require both sender and recipient to manage cryptographic keys, which creates significant usability barriers. Easier alternatives include ProtonMail and Tutanota, which provide seamless encryption between users of the same service and can encrypt messages to external recipients with a shared password.
Generate a PGP key pair if you need to communicate securely with people who already use PGP. Use GPG (GnuPG) to generate a 4096-bit RSA key or a Curve25519 key. Protect your private key with a strong passphrase and store a backup in a physically secure location. Upload your public key to key servers so that correspondents can find it, or share it directly. Use Mailvelope (a browser extension) or Thunderbird's built-in OpenPGP support to encrypt and decrypt emails.
Beyond messaging and email, encrypt your files and storage. Use VeraCrypt to create encrypted volumes on your computer or to encrypt entire drives. Enable FileVault (macOS) or BitLocker (Windows) for full-disk encryption. For cloud storage, use Cryptomator to create encrypted vaults within services like Dropbox or Google Drive. For sensitive documents, consider using Tails, a portable operating system that runs from a USB drive and routes all traffic through Tor, leaving no trace on the host computer.