Securing Email from PRISM

Well, sorta. This solution makes acquiring your stored emails a very difficult endeavour. This objective is to provide defense-in-depth security for email data at rest that is seamless to the causal email user. And while anyone with a gun can ultimately track your data (put a gun to the head of the most rabid Zionist and I would tell you anything you want to know to save even his Nazi life), this should make it prohibitively difficult and expensive to do so.

This method rests on two main components:

  1. Making the location of stored email difficult or prohibitively expensive to identify;
  2. Making stored email impossible to hostiley recover.

First, you obviously need an internet accessible SMTP server. Merely opening port 25 on your home connection would make tracking you down a trivial process. A better option is to purchase a VPS in a foreign country, either through Bitcoin or a pre-paid debit card. It goes without that you should never connect to the VPS directly. Always use a variety of layers of obfuscation. I personally prefer a public Wifi location, with Tor and finally a proxy running in a less-than-friendly foreign country. The domain name you purchase, again anonymously, needs to have the SMTP server pointing to VPS you purchased. This server will function only receive emails. It does not store them whatsoever.

Next you need to store the email in a format that is difficult to trace. My personal method is to setup Linux to use a hard-drive with full-disk encryption. Recovering hard-disk private keys from memory is not easy, but I have personally seen it done. So, we’re going to add in another layer of frustration by using a non-standard processor format such as ARM. Though it is still technically possible to recover keys from memory on an ARM processor, most memory-dumping software solutions are for x86 CPUs. My ideal setup would be to use a Raspberry PI because it runs on less power and is more likely to erase quicker. The size will also make concealment a ton easier.

These two machines need to communicate. My preferred method is over Tor. Configure a Tor hidden service on the second machine. Then, configure the VPS to network spool its mail through Tor to the storage machine. I have heard some clamour that Tor can theoretically be traced, but I have yet to find a technical paper detailing exactly the method. Either way, providing another layer of SSL-based encryption is recommended to at least ensure data integrity and confidentiality.

Now email is received by the anonymous VPS, and anonymously routed to your encrypted hard-drive. In order to request the email of, the government would have to know who owns’s SMTP server, get access to that server, then identify where email is stored, and break the encryption on the hard-drive without the key. I hope you’re not doing anything that would tempt them to spend that much time and energy!

Obvious Drawback

Email-in-transit is just about impossible to truly secure. Whoever owns the pipe owns the data. Yes, I could just use SMTP encryption, and you damn well should, but I cannot verify anyone’s identity except through the use of public certificate authorities. But I also have no illusions that the NSA could easily ask VeriSign to issue them forged certificates and VeriSign would immediately comply. I could always create my own certificates, but most SMTP servers would simply not send to questionable recipients without having to manually installing the certificates. And at that point, you’re not seamless to the user and might as well just use PGP.

So if you’re concerned about data-in-transit, yes PGP is your best bet. I don’t know the benchmarks for trying to brute-force PGP on an array of GPUs, but its entirely possible to use 8192-bit PGP keys. Too bad there are few to no easy to use PGP software packages out there.