Ever since the success of Bitcoin, Ethereum and other cryptocurrencies, developers and entrepreneurs have been looking at what other applications could the blockchain have.

One such application that is gaining momentum is email over blockchain. But what are its pros and cons and, more importantly, what is its future?

Blockchain Email Pros#

There are a couple of benefits that blockchain email offers, including:

1. Improved user privacy#

Since the blockchain is itself decentralized, meaning there is no central server with its vulnerabilities, users won’t have to “pay” for it with their data as is the case with “free” email services which collect that data and then sell them to advertisers.

2. Better security#

A blockchain is a public ledger that, while anyone can see the transaction made on, you can’t change entries.

The only way for the blockchain to be attacked is if the attacker could gain control of more than 50% of the hashrate. Since there could literally be thousands of nodes, that’s for the most part out of the question.

3. Peer-to-Peer communication#

Blockchain also eliminates the presence of a third-party service provider that would essentially have control over your data as it sits on their servers.

4. Better authentication#

Authentication is one of the biggest problems of traditional email, leading to spam, email spoofing, etc.

While this has been largely mitigated with tools such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance), email forging is still an issue.

Blockchain, however, is an immutable (meaning, it cannot be modified) set of records authenticated by each node/computer, so it can easily verify and authenticate that you are receiving an email from a trusted sender and not a bad actor.

Blockchain Email Cons:#

So why isn’t everyone jumping on the email over blockchain train? Well, there are a few disadvantages that we need to address as well:

1. It is often “members only”#

One of the problems that blockchain email platforms often have is that you can only email users of that platform. Since we are not talking about platforms with Gmail-like user numbers, but a few thousand at best, this creates a sort of “members only” situation.

Very often, even if you can message someone on another platform, a lot of the features that make that particular email service shine can’t be used with the outside platform.

2. Huge storage requirements#

An average email is 75KB. Not a lot, right? Now multiply that by the number of emails sent every year (more than 100 trillion and you have an enormous storage problem.

Each node in the network needs to store its own copy of the blockchain, which creates a pretty big scalability problem.

Email over Blockchain Potential#

Blockchain email probably won’t ever reach the popularity of cryptocurrencies, smart contracts, NFTs and other blockchain applications, at least not when it comes to private users, the majority of which will stick to convenient free email services like Gmail.

However, the enhanced privacy and security that it offers, as well as the authentication, could make it very attractive for businesses looking for a better anti-fraud solution.

When it comes to cryptography and protecting your sensitive data, two terms are crucial - public and private keys.

This is because they are used to encrypt and decrypt data.

In this article, we’ll explain what these keys are, what they do and what the difference is between public key vs private key cryptography.

What is Private Key Cryptography?#

In private key cryptography, one key is used to both encrypt and decrypt the data and is then shared between the sender and the recipient.

This key can be a QR code, 64-digit hexadecimal code, 256-character binary code, etc.

The idea is just that it needs to be very long, non-guessable and random (or pseudo-random). The reason for this is that a short and guessable private key can be brute-forced by a determined hacker.

Since the private key is shared, this type of cryptography is also called symmetric.

What is Public Key Cryptography?#

In public key cryptography, there are two keys - private and public. Hence, this type is also called asymmetric.

One key, public, is used to encrypt the data from plain text into cipher text and this key can be freely shared. The other key, private, is used to decrypt the data from ciphertext back into plain text and this one is kept secret and held by the recipient.

Difference Between Public Key vs Private Key Cryptography#

There are a few distinct differences between public key vs private key cryptography.

Conclusion#

So which one is better? Private or public key cryptography?

There’s no clear “winner” here since both types offer a different purpose and have different advantages and disadvantages.

In general, private key cryptography is better in situations where you work with large databases and closed systems and where speed over privacy is more important.

On the other hand, public key cryptography works better when sharing data across an open network, like email, which is why it is used in end-to-end encryption.

Almost all of our data is stored on a server, making this an attractive target for malicious attackers. This goes even further for email servers as email is still one of the most popular ways of communicating online, especially for businesses.

If your email server is compromised and threat actors can gain access to the confidential information within it, this will result in financial losses for your company and losing valuable customers.

So let’s take a look at the most common vulnerabilities of email servers to better protect your data on them.

6 Most Common Email Server Vulnerabilities#

There are 6 most common email server vulnerabilities that you ought to pay attention to. These are:

1. Data leakage
2. Unauthorized data access
3. DoS
4. Malware
5. Spam
6. Poor performance and stability

Let’s explore each potential vulnerability and give you a way to prevent it.

Data Leakage#

Why do hackers attack email in the first place?

There can be several reasons, but the number one is that they want to get to the sensitive data of its owner (you, for instance).

The problem with email is that it was never built for security, but instead for ease of use. This is why your incoming and outgoing emails can be vulnerable to data leakage and a determined attacker.

The best way to protect your email data is to always use end-to-end encryption for both incoming and outgoing emails at end-points (sender and recipient), use TLS (Transport Layer Security) for emails in transit (while it travels between sender and recipient) and to use email protocols such as SMTP, IMAP and POP3.

Unauthorized Data Access#

No amount of encryption will save you if your last line of defense is weak.

What is this last line of defense?

Your password.

Unfortunately, only 35% of people use a different password for all their accounts, while 75% reuse the same password for all or some of their accounts, according to the 2019 Online Security Survey by Google and Harris Poll (yes, even Google says it's bad).

Now, expect that hackers will be even more inclined to try to bypass your email server’s authentication procedures to get access to the data in it, making password protection a must.

So how do you protect email server passwords?

The first thing you want is a strong password that can’t be easily brute-forced. That means at least 12 characters, including small and capital letters, numbers and special characters.

Here’s the difference that just 3-4 characters can make.

According to penetration testers at LMG Security, an 8-character Microsoft NT LAN Manager password can be cracked in less than 8 hours, while it would take 77,000 years for a 12-character password.

Denial of Service (DoS) Attacks#

Sometimes the attacker is not after the data that the email server contains, but instead wants to disrupt its service and prevent it from sending and receiving data.

Denial of Service or DoS is a type of cyberattack in which the attacker renders the server temporarily unavailable to its users by flooding the server with requests until the server can no longer cope with the traffic.

What is the solution?

Tprevent a DoS attack, you will need to limit how many connections you allow for the SMTP server, including both overall and simultaneous ones.

Malware#

Like your personal or business email account, an email server can also be vulnerable to malicious software or malware.

In fact, malware will spread to the mail server via an infected email, which in turn was infected via an attachment most likely.

In order to prevent malware from infecting your server, you need to use third-party antivirus and antimalware security software like Kaspersky, Norton, etc, that are designed to detect, quarantine and destroy malware.

Spam#

Although the ratio of normal-to-spam email messages in recent years has decreased from 71.1% of all emails being spam in April 2014 to that percentage being 45.37% in December 2021, according to Statista, spam is still a huge problem.

The main reason you might be sending email spam around is if you configure the SMTP server as an Open Mail Relay. This allows anyone on the Internet to send email (including spam) through your server.

To prevent this, configure your email server so that it only sends from authorized domains and IPs.

Poor Server Performance and Stability#

Email servers can at any moment stop working, their performance might decrease due to an attack or simple wear-and-tear.

To extend the lifespan of your email server and, more importantly, ensure uninterrupted service, you should enable SMTP authentication. This will protect the server from attacks in which the hacker sends numerous sent requests.

Additionally, you always need to have a backup server in case your main server stops working by having two MX records per domain.

Conclusion#

As you can see, sending emails through a server is not always the best. This is why Telios email service allows you to send emails directly to the other person (via a peer-to-peer network) instead of through a server if they are online.

If the recipient is offline, Telios uses decentralized cloud storage to temporarily store your email until the other person is online.

Get Telios email today to protect your privacy and security.

We live in a world where data, especially our private and sensitive data, is a very valuable commodity so we need a place to store it that is both easy to access and secure.

You have two options. Cloud storage vs local storage.

In this article, we’ll explore which of the two, cloud or local, will better protect your data.

Cloud Storage vs Local Storage Main Differences#

First, it’s important to understand the difference between cloud storage and local storage.

In cloud storage, your data is stored on a remote server that you can access via the Internet. Think Google Drive, Microsoft OneDrive, iCloud, etc.

Local storage, on the other hand, is one where your data is stored on a local device (on-premises) such as the hard disk drive on your computer or a USB flash drive in your pocket.

So, now that we know the differences between the two, let’s take a look at their pros and cons.

• Did you know there’s a third storage option? It’s called decentralized storage and here are the top 8 decentralized storage networks.

Cloud Storage Pros#

• Easy to access. As long as you have an Internet connection, you can access whatever data you have stored on the cloud at any time and any place.
• Promotes collaboration. With more and more people working remotely, this can be a challenge when you need to share data with a colleague. Luckily, this has been made easier with cloud storage and all you need to do is usually give them access to a specific file you want to share with them.
• No danger from physical damage. Your local storage device can be damaged physically, corrupted, or lost. Cloud storage will always be there and so will your data (until you delete it).
• Free storage. For an average user, who only needs limited storage for personal use, cloud services offer free storage. For instance, Google Drive offers 15 GB, OneDrive 5 GB, iCloud 5 GB and so on.
• Automatic backups. One of the most difficult things to do with local storage is to backup your files. But it’s also one of the most important things to do if you want to prevent losing your data. With cloud storage, however, you can automatically backup your data to the cloud and thus preserve it.
• No maintenance costs. This is especially important for businesses that run on-premises servers. One such server can cost $150 - $300 just to monitor and maintain. This is a fee you won’t have to pay with cloud storage.

Cloud Storage Cons#

• You don’t own the servers or the system. You only rent the servers. Now, nobody is going to kick you out to make room for another user (there’s plenty to go around), but ultimately the cloud service provider controls access to your data.
• The cloud storage provider controls the security. Another thing that the cloud storage provider controls is the security. And it's often lackluster. This also means that cloud storage is more vulnerable to data breaches and every year you can hear about a few.
• Cost increase. Let’s face it. 5 or even 15 Gigabytes isn’t all that much. Store a few movies, some music albums and you’ve reached the limit. Cloud storage is okay if you have GBs of data, but when you start dealing with terabytes (TBs) or higher, that’s where costs can significantly increase.
• No Internet, no data access. The very same thing that makes cloud storage easy to access can also make it difficult. What happens when you don’t have the Internet? Simply, you can’t access your data.

Local Storage Pros#

• Full control. With local storage, you have full control and there is no danger of losing access to your data like with cloud storage.
• Not reliant on Internet access. As long as you have your device with you, you can access your local storage and the data on it anytime, anywhere. You are not reliant on the Internet service and your access to it.
• Better for customization. With cloud storage, you don’t have many options if you want to customize the equipment. Whatever the provider serves you, that’s what you have to use. With local storage, on the other hand, you can buy another hard disk as an individual user or physical server if you’re a business.
• Sometimes it makes data transfer faster. Again, this depends on the Internet, but if you have a large file to share and low bandwidth, sharing the file locally can be faster and easier via a flash drive.
• Better security. We already mentioned that cloud storage security can be lacking. Using local storage gives you the freedom to set your own security, install whatever solutions and software you deem appropriate and thus protect your data. For instance, with cloud storage, you can’t use end-to-end encryption (E2EE) but only TLS, whereas with local storage you can (and should).

Local Storage Cons#

• External damage. Like we said earlier, your physical device can suffer from external damage which can cause you to lose access to the data on it. Fire damage, water damage, theft, loss, etc are all very real threats that you have to deal with if you are using local storage.
• Higher costs. If you’re a business and need a local storage server, you’ll need to be prepared for a few costs, including purchasing the server, installing it, maintenance and so on. According to Intelligent Technical Solutions a server can cost from $5000 and above and the cost will depend on a lot of different factors including its form factor (tower, rack, or blade), CPU, RAM, storage and power supply.
• Not that good for collaboration. File sharing is less efficient with local storage than with the cloud. This can be a problem both if you need to share data with someone else or if you are moving it to another device. Your options, in this case, are: 1) a flash drive; 2) a SATA cable; 3) a USB 3.0 cable transfer.

Conclusion#

So which one is better? Cloud storage vs local storage?

The thing is, both have their place and purpose and this is what you should primarily look for when you’re deciding between the two.

Cloud storage can be more convenient to use, but you don’t have a lot of control over it. On the other side, local storage can incur higher costs, especially for a business, but offers better customization and security.

At the end of the day, the sensitivity of your data should determine whether you should use cloud or local storage. For less sensitive data and non-personal data, cloud storage will be just fine. However, for sensitive and personal data, local storage is a much safer option.

9 Most Secure Email Services of 2022 and the Problem with Server-Based Emails#

The need for a good and reliable secure email service has drastically increased in the last couple of years so it’s a good thing that there are more and more such services to choose from these days.

In this article, we have compiled the 9 most secure email services you can check out if you’re looking to protect your online data. Make sure to read until the very end as we left a little warning about these services.

ProtonMail#

If you only heard yesterday that there is such a thing as a secure and private email provider, there’s a very high chance that you heard about ProtonMail.

ProtonMail is by far the most popular secure email service around and it is available on both desktop and mobile for different OS including Windows, macOS, Linux, Android, iOS, Tor, etc.

It’s an open-source service, based in Switzerland with strong end-to-end encryption and includes zero-access encryption, meaning that you are the only one who will know your password or have the decryption key for it (even ProtonMail doesn’t).

Features:

• Open source
• Servers in Switzerland
• End-to-end encryption
• Zero-access encryption
• Self-destruct emails

Mailfence#

Mailfence is another popular private email, which started as a business email in 1999.

One feature that separates Mailfence from other similar providers is a built-in Keystore, which allows you to manage your OpenPGP encryption keys and send encrypted messages to non-PGP users.

In addition, Mailfence also provides digital signatures, to prove that whoever sent the email is the actual author, something that other providers lack.

Features:

• Digital signatures
• Built-in Keystore for managing encryption keys
• Can send encrypted messages to non-PGP users
• Can import contacts from Gmail, Outlook, CSV files and more
• End-to-end encrypted

Tutanota#

Tutanota is different from the other private emails we mention here in that it doesn’t use PGP for end-to-end encryption.

Instead, it uses AES and RSA, which allows Tutanota to combine asymmetric and symmetric keys. You can read more about the differences between the two here.

Other than that, Tutanota offers everything you’d normally expect from a secure and encrypted email service.

Features:

• Based in Germany
• End-to-end encryption
• Uses AES and RSA instead of PGP
• 2-Factor authentication
• Strips metadata
• Unlimited messages in the free version

Hushmail#

Hushmail is a Canada-based secure email provider that is HIPAA-compliant and as such a very good choice for healthcare workers and patients who want to protect their private health information.

Of course, they also have plans for small business, law, or personal use, so you’ll be covered there as well.

Features:

• Servers are in Canada
• PGP E2EE
• 2-Factor authentication
• IMAP/POP3 support
• HIPAA compliant
• Secure web forms

StartMail#

StartMail is a PGP-based email provider that also allows its users to send encrypted messages to non-PGP users, provided they know the answer to a secret question.

Another good thing about StartMail is that it hides your IP, which can be used to track you online.

Features:

• Based in the Netherlands
• PGP encryption
• Can send encrypted messages to non-PGP users
• Hides your IP address

Runbox#

Runbox is a Norway-based secure email provider that uses renewable energy from hydroelectric power plants to power its servers.

It uses PGP encryption and 2-Factor authentication and also features IMAP, POP, SMTP and WAP support and allows you to whitelist IP addresses to access your email account to see the failed and successful login attempts

Features:

• Norway-based
• PGP encryption
• 2FA
• IP whitelisting
• Support for IMAP, POP, SMTP and WAP protocols

Mailbox.org#

Mailbox.org is not just a secure email provider, for business users, but it also offers a calendar, cloud storage, address book, video conferencing as well as a task planner.

Of course, this is all encrypted using Pretty Good Privacy (PGP) and its servers, which are located in Germany, are also eco-friendly.

Features:

• Servers located in Germany
• Eco-friendly
• PGP encryption
• Encrypted cloud storage
• Calendar
• Video conferencing
• Address book

Posteo#

Posteo is a popular choice with all those users who, for one reason or another, need to remain anonymous, such as whistleblowers, activists, journalists and so on.

It allows you to both sign up and pay completely anonymously and has a very good migration service so you can migrate your contact list, archived emails, calendar and folder structure from another email provider like Gmail or Outlook.

One thing that’s important to mention about Posteo though is that it doesn’t use E2EE by default, but you need to enable it in the settings.

Features:

• Based in Germany
• Open source
• Anonymous registration and payment options
• Includes end-to-end encryption, though not by default
• Supports IMAP, POP and SMTP email protocols
• Encrypts metadata, email subjects, headers and attachments

1. PrivateMail#

   PrivateMail is a secure email provider that is based in the United States and that’s its biggest downside.

However, it does offer some useful features like end-to-end encryption for file sharing, secure cloud storage with AES 256 encryption and self-destructing emails.

Features:

• Servers are located in the U.S.
• E2EE
• AES 256 file encryption
• Secure cloud storage
• Self-destruct emails

Problems with Server-based Email Providers#

• Key differences between a peer-to-peer network and a client-server network

So at the start of the article, we said we had a little warning about these.

What was it?

One thing that all these secure email services have is that they all use servers. There are a couple of issues with this:

1. The provider is completely dependent on the laws of the country its servers are located in.

That means, even if two users who are located in different countries are using it, with the court (and sometimes without) order, the provider must deliver their emails, metadata and other data.

1. Some secure email providers will store your encryption/decryption keys.

As such, they will have full access to your private and sensitive data and can give it to whomever they want. This defeats the whole purpose of a secure email provider, which is that only you have access to this sort of data.

1. Providing backdoors to governments

Normally, the email provider can withhold giving up any user data without a valid court order. However, these companies are often subjected to a lot of pressure from governments to provide a backdoor into their servers.

1. The carbon footprint

Lastly, data centers and servers can have a substantial carbon footprint and consume a lot of energy. For example, climate researchers from Go Climate measured the carbon footprint of a 2019 Dell R640 server (which is a relatively standard server) and found that it consumes 1760.3 kWh per year, with a manufacturing climate impact of 320kg of CO2e per year.

Now, it should be noted that more and more email providers have started to use green energy, so at least it’s an issue that’s being worked on.

Conclusion#

With a decentralized email service like Telios, you won’t run into these problems as we are using a peer-to-peer network to send emails between two Telios users.

Of course, this will only work if both users are online and both are Telios users. If one of them is offline or a non-Telios user, then the email will have to go through a server, but as Telios is using end-to-end encryption and doesn’t store your decryption keys, your emails are perfectly safe.

Looking for a secure email service? Download our decentralized email service today!

How can you securely communicate over the Internet?#

So much information is transmitted over the Internet. And even though you might not be planning the next money heist, I bet you would rather be confident that sending sensitive information such as your credit card, your social security number, or even your home address to a third party, happens securely. But what kind of magic allows you to securely communicate over the Internet?

It is called public key encryption.

Symmetric Encryption#

The way people used to do things before, was using a secret key that would modify the content of the message and make it unreadable for anyone not having the secret key. This method is called symmetric encryption

However, for this method to work you need both parties to exchange the key without risking having someone get a hold of it. We all have the image of spies meeting in a park to exchange a secret envelope to be able to access a piece of specific information. But, exchanging the secret key in person becomes very inconvenient if you're not in the same location. Plus, you might wanna send information over the Internet and you need a secure way to do so. But how can you send the unencrypted secret key over, without exposing it?

The solution is called asymmetric encryption.

Asymmetric Encryption#

The way asymmetric encryption works is by generating 2 keys. Let's call them key A & key B. They're linked in such a way that anything you encrypt with key A can be decrypted with key B but you cannot guess one key from the other. If Youri and Gareth want to securely communicate, both will generate a pair of keys, a private and a public one. The private key is to be kept private and the public one can be published pretty much anywhere over the internet. Because one key can decrypt the other Youri will encrypt his message with Gareth public key. And Gareth will be able to decrypt Youri's message using his own private key.

Once you understand the concept of public key cryptography. It will help you to better understand how we can securely communicate over the Internet by digital certificates and signatures. Cryptography is very powerful and is a requirement to guarantee more privacy for users!