WEBVTT

00:00.690 --> 00:08.250
The next type of email services that I want to talk about, our email services that are focused on privacy

00:08.250 --> 00:09.420
and anonymity.

00:09.930 --> 00:16.210
So unlike temporary emails, these are proper email services that will give you a proper email.

00:16.230 --> 00:18.440
Your inbox will never expire.

00:18.450 --> 00:25.410
You will sign up and log in with a password similar to the way you sign up and log in to the email services

00:25.410 --> 00:26.580
that you're familiar with.

00:26.610 --> 00:28.840
Similar to Google and Hotmail.

00:28.860 --> 00:31.850
They offer a lot of very useful features.

00:31.860 --> 00:33.510
They're user friendly.

00:33.600 --> 00:37.560
So again, all of this is similar to the services you're used to.

00:37.590 --> 00:45.120
But unlike Gmail and Hotmail and all of these services that collect a lot of data about you, these

00:45.120 --> 00:49.230
privacy focused email services collect no data.

00:49.260 --> 00:50.930
They don't store any logs.

00:50.940 --> 00:52.560
They don't track you.

00:52.710 --> 00:55.740
Most of them use some sort of encryption.

00:55.770 --> 00:59.130
The good ones would be using end to end encryption.

00:59.130 --> 01:04.950
So your email will be encrypted at your end and only decrypted at the destination.

01:04.980 --> 01:10.010
Therefore, nobody that intercepts this email will be able to read it.

01:10.020 --> 01:14.190
Even the mail provider itself shouldn't be able to read it.

01:14.640 --> 01:22.290
Now I actually look at the services as a hybrid between the email services that we all know and use,

01:22.290 --> 01:29.670
such as Gmail and the email services available on the darknet that I will talk about in the next lectures.

01:29.670 --> 01:34.740
Because like I said, first of all, they offer all of the features that we are used to.

01:34.770 --> 01:40.240
They are also user friendly, but at the same time they won't track you.

01:40.260 --> 01:43.660
They won't keep any logs and their privacy focused.

01:43.680 --> 01:49.350
And another reason that makes me feel that they are like a hybrid is the fact that most of them are

01:49.350 --> 01:53.220
available on the clear net and on the darknet.

01:53.520 --> 02:00.600
So they'd have a clear net address and a darknet address, and they can communicate with both Darknet

02:00.600 --> 02:02.790
and clear net email providers.

02:03.540 --> 02:05.300
Similar to the temporary emails.

02:05.310 --> 02:08.910
There are a number of providers that offer these services.

02:09.150 --> 02:15.420
I highly encourage you to do your own research and read the privacy policy before you sign up with any

02:15.420 --> 02:21.060
of them and never use your real identity if you're using the services in the darknet.

02:21.090 --> 02:23.760
Make sure you use your fake identity.

02:24.570 --> 02:29.220
With that being said, a very popular example is Protonmail.

02:29.970 --> 02:34.480
So this is just an example of a privacy focused email provider.

02:34.500 --> 02:35.970
It is not the only one.

02:35.970 --> 02:41.910
And like I said, I highly encourage you to do your own research and read and see which is best for

02:41.910 --> 02:42.390
you.

02:42.930 --> 02:48.600
So Protonmail comes with all of the features that I just mentioned that all of the providers in this

02:48.600 --> 02:49.920
category offer.

02:50.220 --> 02:52.860
On top of that, it is open source.

02:52.860 --> 02:57.810
So all of the code used is available for anyone to read and analyze.

02:57.810 --> 03:04.260
And even if you don't know coding, you can be rest assured that people are constantly revising their

03:04.260 --> 03:08.640
code and will call them out if they discover anything fishy.

03:09.510 --> 03:17.700
Protonmail also enforces HTTPS on both on their clear net and on their darknet website, which is something

03:17.700 --> 03:20.100
that is rare on Darknet websites.

03:20.100 --> 03:23.790
And it is great because that adds an extra layer of encryption.

03:23.820 --> 03:25.770
It uses end to end encryption.

03:25.770 --> 03:32.520
So like I said, the messages that you send get encrypted at your end and only decrypted at the destination

03:32.520 --> 03:33.530
and vice versa.

03:33.540 --> 03:39.390
So even protonmail, if they wanted to read the content of your email, they won't be able to do that

03:39.390 --> 03:41.520
because it's going to be encrypted.

03:42.210 --> 03:48.780
They also use their own servers so they don't rent servers from third parties and all of their servers

03:48.780 --> 03:54.180
are in Switzerland, which is a country known for having good privacy laws.

03:55.140 --> 04:01.440
With that being said, if you read their privacy policy and their transparency page, you will see that

04:01.440 --> 04:08.070
they did reveal information about specific users in order to comply with court orders.

04:08.790 --> 04:13.950
But like I said, they keep no logs, they don't track you and everything is encrypted.

04:13.950 --> 04:19.350
So they don't have a lot of information anyway, even if they do reveal this information.

04:19.860 --> 04:25.650
And at the end of the day, like I said at the start of this section, I'm showing you all of the options

04:25.650 --> 04:31.920
and you should go with what suits you best in terms of why you need this account and what's your threat

04:31.920 --> 04:32.550
model.

04:33.360 --> 04:36.300
Now let's go ahead and have a look on this website.

04:36.720 --> 04:42.750
So right here I have their clear net website and in here I have their onion hidden service.

04:43.350 --> 04:50.880
For this to work, you should actually put your security settings to medium to safer so that it allows

04:50.880 --> 04:54.710
JavaScript to be executed on HTTPS pages.

04:54.720 --> 04:59.760
Now, depending on your threat model, you might not want to do this, but in general.

05:00.000 --> 05:06.840
Because this is only done on HTTPS pages which already has encryption and because Protonmail is open

05:06.840 --> 05:07.320
source.

05:07.320 --> 05:13.980
So all of its code is known and because of their reputation, it's not a very bad idea to do this.

05:15.840 --> 05:17.680
Now signing up is very simple.

05:17.700 --> 05:20.220
All you have to do is just click on sign up.

05:20.430 --> 05:22.530
I'm going to choose the free account.

05:23.330 --> 05:25.430
And I'm going to select it.

05:27.080 --> 05:29.240
And let's set up a username.

05:29.240 --> 05:34.970
So like I said, you want to keep in mind that you are going to use your fake identity in here.

05:35.210 --> 05:41.330
So I'm just going to set this to j0wk and let's put a password.

05:42.290 --> 05:47.090
You can also set a recovery email that you can use to recover the password with.

05:47.120 --> 05:52.820
I'm going to keep this to blank because I don't want to give a lot of information about myself and I'm

05:52.820 --> 05:54.800
going to click on Create Account.

05:55.640 --> 06:01.460
It's given me a warning that I'm creating an account without a recovery email, but that's fine.

06:02.620 --> 06:09.010
And right now, Protonmail is going to create the keys that will be used to encrypt your data, your

06:09.010 --> 06:09.560
emails.

06:09.580 --> 06:12.250
Like I said, it uses end to end encryption.

06:12.250 --> 06:19.360
So when you send something, it gets encrypted at your end and it will only be decrypted at the destination.

06:19.390 --> 06:26.260
Therefore, anyone in the middle, including Protonmail themselves, they won't be able to see the contents

06:26.260 --> 06:27.370
of your emails.

06:28.250 --> 06:33.740
Now you want to give this some time because it could take a few minutes depending on the specs of your

06:33.740 --> 06:34.520
computer.

06:36.160 --> 06:36.390
Okay.

06:36.580 --> 06:38.770
Now it's asking me to solve this CAPTCHA.

06:38.770 --> 06:41.170
So I'm going to click I'm not a robot.

06:41.200 --> 06:45.280
It's not accepting this probably because I'm using the Tor network.

06:45.550 --> 06:51.400
So the other solution would be to verify myself that I'm not a robot using an email.

06:51.400 --> 06:54.700
And again, you can use any email in here.

06:55.270 --> 07:00.310
I'm going to use a temporary email similar to the ones I showed you in the previous lectures.

07:00.310 --> 07:03.640
So I'm just going to go to gmail.com.

07:05.630 --> 07:11.210
And let's just use a different domain just in case they get a lot of domains like this one.

07:14.570 --> 07:16.310
And that's copy this.

07:18.100 --> 07:19.480
And paste it here.

07:20.020 --> 07:21.280
And we're going to send.

07:22.470 --> 07:27.600
So it's telling us that the verification code should be sent to the email that we picked.

07:27.630 --> 07:31.680
Let's go back and check if we actually did get this verification code.

07:32.710 --> 07:33.340
Perfect.

07:33.340 --> 07:35.580
As you can see, we have the code in here.

07:35.590 --> 07:38.350
It's 974, six, four, four.

07:38.590 --> 07:40.510
So go back here.

07:42.310 --> 07:46.320
And we're going to click on Complete Setup again.

07:46.330 --> 07:50.230
You want to be patient with this and let it load and create your account.

07:51.510 --> 07:52.260
And perfect.

07:52.260 --> 07:55.290
As you can see, the account should be set up now.

07:55.320 --> 07:57.960
It's asking us if we want to change the name.

07:57.960 --> 07:59.730
I'm going to keep it the way it is.

08:01.220 --> 08:02.990
Going to close these tips.

08:04.130 --> 08:05.180
And perfect.

08:05.180 --> 08:08.410
As you can see, it's a very nice user interface.

08:08.420 --> 08:14.630
Like I said, this really is like a hybrid between what you get on the clear net and on the dark.

08:15.410 --> 08:17.060
Using this is very intuitive.

08:17.060 --> 08:19.150
I'm not going to waste more time on it.

08:19.160 --> 08:22.310
This is your inbox draft sent and so on.

08:22.310 --> 08:24.860
You click on Compose to send a message.

08:25.010 --> 08:31.460
The messages that you get will show up in here in the inbox and you can from any message you can click

08:31.460 --> 08:31.910
on it.

08:31.910 --> 08:37.220
And now that you're inside the message, you can reply forward and so on.

08:37.910 --> 08:39.860
So that's it for this lecture.

08:39.860 --> 08:45.710
Just wanted to cover an example of a private kind of hybrid email service.

08:45.710 --> 08:50.990
Like I said, this is not the only one, so please don't take this as the only example.

08:50.990 --> 08:54.920
This is just an example, and I want you to understand the whole concept.

08:54.920 --> 09:00.320
So there is a whole number of services that operate on the same concept.

09:00.890 --> 09:03.980
Like I said, there are a lot of pros to this.

09:03.980 --> 09:11.180
As you can see in here, the only cons are the fact that it uses JavaScript and the fact that it is

09:11.180 --> 09:18.320
a clear net website, it is a proper company and they have complied and revealed information about their

09:18.320 --> 09:21.290
users when the court ordered them to do so.

09:21.860 --> 09:26.960
With that being said, like I said, they don't keep any logs, they don't track you and everything

09:26.960 --> 09:27.830
is encrypted.

09:27.830 --> 09:32.180
So they can't really reveal too much because they don't know too much.

09:32.660 --> 09:35.390
But again, read the privacy policy.

09:35.390 --> 09:41.570
Continue with the options that I'm going to show you and pick the option that works best for you based

09:41.570 --> 09:45.890
on the reason why you need this service and based on your threat model.