Email security for Black Lives Matter activists

Since the following email will be seen by surveillance systems via unsecured email, I’ve copied it here for others to read. Please excuse the formatting, it was copied from email to maintain PGP signing verifiability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear Deray and WeTheProtesters,

I'm Christopher, a Seattle resident and activist with Seattle Privacy
Coalition [0] and information security masters student. I'm writing to
you about the security and thus privacy of your email. I tweeted some
screen shots to you earlier [1][2].

You can verify [3][4] that your email server does not support
STARTTLS, a protocol used to opportunistically encrypt the
transmissions between you and your email server (if you're using a
local client like Outlook or Thunderbird) and more importantly the
transmissions between your email server and someone else's email server.

STARTTLS is like HTTPS but for email routing. When someone emails you
like I am right now (from Riseup.net), any intermediary, corporate or
government, can and will see this entire email in clear text, before
it even arrives to your email provider's servers (hostedemail.com, the
MX destination of your "thisisthemovement.org" domain). If you connect
to your email server via HTTPS, that's good, that means you're using
end-to-end encryption between you and your email server. But the email
contents and metadata (who you email, who emails you, when, etc) is
still easily accessible to illegal surveillance systems.

STARTTLS uses TLS to ensure end-to-end encryption between mail
servers, as long as both email servers have setup proper TLS or
STARTTLS protocols and security certificates. Your email provider has
neither.

Why does this matter? Thanks to Edward Snowden, we know that the
NSA/FBI/DEA's XKEYSCORE system [5] can and will collect your email,
illegally, because your email address has likely been marked as a
"strong selector". In addition to this illegal collection possibly
affecting your physical safety, you also have to be concerned about
"parallel construction" [6].

Using PGP to encrypt your emails would be a good start to protecting
the content of your email, but it requires learning PGP and how to
manage your "key pair" certificates. It also requires that people you
communicate with do the same. In short, PGP is a difficult system to
leverage. PGP also does not protect email metadata the same way that
STARTTLS should from surveillance systems like XKEYSCORE.

Your ideal solution is to abandon email and leverage OTR (Off The
Record) communication--in other words, Jabber encrypted with OTR. OTR
encryption is superior to STARTTLS and PGP. OTR is end-to-end
encryption like HTTPS, but it uses Forward Secrecy. In short, Forward
Secrecy is a protocol that rotates the security keys to hamper
collection and surveillance.

You can easily use OTR with the Free and Open Source Android/iOS
application "ChatSecure", developed by the awesome people at The
Guardian Project. Facebook email accounts are Jabber accounts, but you
cannot see or chat with Jabber accounts outside of Facebook, a major
detractor, in addition to Facebook recording metadata. A list of good,
free Jabber providers can be found at here [7]. Smart friends of mine
sometimes use these Jabber providers [8][9].

Of course, using ChatSecure, or any other mobile device application
(like TextSecure, RedPhone, or Signal -- other outstanding
communication tools) is pointless if your mobile device is or becomes
compromised. Local surveillance software can record anything that you
do on your device, in addition to reveal physical location via illegal
mobile device GPS, photo or video recording. If you attend protests
regularly, a sound course of action is to use a new iPod Touch
(ChatSecure and Signal compatible) so it cannot be compromised by
cellular network attacks (including IMSI catchers).

My personal choice is to use Riseup.net. My Riseup email address
doubles as my Jabber address. Riseup does not spy on my email, they do
not store metadata (email or Jabber), and they employ strong
encryption wherever possible. You can apply for a Riseup account, but
that takes time. If you'd like, I can provide you with one of the two
invite codes that you'd need to create a new account right away.

If you must reply on email, I suggest moving to a better provider.
Google uses good encryption and two-factor authentication, but
activists shouldn't use Gmail because of their illegal cooperation
with the US Government. Open Tech Fund keeps an updated list on GitHub
of email alternatives [10]. You may not be able to keep your
"@thisisthemovement.org" email domain. You must choose good security
over vanity, and picking a probably-secure host takes planning.

All of this is merely brief advice. My secure contact information can
be found on my website [11], if you have any questions. I'm happy to
freely and anonymously consult any peaceful Black Lives Matter
activists as time permits.

Christopher / @yawnbox

[0] https://seattleprivacy.org/
[1] https://twitter.com/yawnbox/status/628095889148502016
[2] https://twitter.com/yawnbox/status/628096643917725696
[3] https://starttls.info/
[4] https://ssl-tools.net/mailservers/
[5] https://en.wikipedia.org/wiki/XKeyscore
[6] https://en.wikipedia.org/wiki/Parallel_construction
[7] https://xmpp.net/list.php
[8] https://www.calyxinstitute.org/projects/public_jabber_xmpp_server
[9] https://duck.co/blog/post/2/using-pidgin-with-xmpp-jabber
[10] https://github.com/OpenTechFund/secure-email#web-mail
[11] https://yawnbox.com/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVwBQKAAoJEL6vFCBSOutGG8EP/3hO4Zo5ysF9WvkKQrvUAcR8
AWfoNW6fcxtjjKn7RL8zytXn/BWxiWyr/c8zMsmEObVri9GvbXtM4SynOnzLGGr5
FnJKa7MGFvCZHcFtJc5FzSmVHgwHIIPUHjO3w7jtWaD+vqhIqxSco8vyFAf70xQE
8KaXiKa3pvMoC3tXokdGokr2eYfP8D/Y0+FplQEhCR723DGbMyNuqOXv3apctp4q
jg3+B/BSlxTNlKV4uVOds4pHdYWBBeFixz9sOzYuQZj9pU1vb7EQiN5dTrVZnxy9
dAAkMHkGkfK2J6gjDaq9psWe60gNWBrb3Wb8qSWhKJ95OZMi/4TptRuspKk4tvx3
bESJi1KUzrH6ybEASPnJCrPXzY38psAJY9DmNXMEh/mLbhrk9zpHhjr/4ZRNu53z
EFF2b8ZRAM8OIYTAPVtGDHk6HqZTAFM/Au8p1XfpqeLGb7WDNShz5CSrgsE1bsUB
vxJkWheiGwBiq0I2jTn1ilS3yxvKRP55lu/QDtIqpmYJQVj4a0PfX9BwwvzvC3xp
BbrAw3e/kTM9usy3ORPMI8QKbi1NLwa5+wGulLWx0f7mUJ072Upgjl5MDBW/AppJ
We5jjKMrHDZK3RD4ak87iEs7yCu2obnTkqrK3wc4ThqIycEbOKTyBfr45ilyTRgp
51fKGr3kBvlYXXW+S+eZ
=uGSw
-----END PGP SIGNATURE-----