top of page

Why Email Privacy Sucks

Some truths about email privacy:

  • Email is not a secure way of communication, in fact the email system was not designed with privacy as the main goal

  • Emails are transmitted around the world from domain to domain in plain text format (via SMTP servers on port 25).

    • Note: the plain text is actually encoded in base 64 (it looks like gibberish but it is not encrypted, anyone can easily convert base64 strings in plain text)

  • You have to assume that your emails (body and attachments) are collected, copied and read (when/if necessary)

  • By analogy: communicating confidential data via email (your bank details, for example) would be equivalent to (actually much worse due to automatic procedures inherent to digital communications) mailing such information via a postcard.


  • Encrypt your emails, both the body and any attachments.

  • Possible issue: some security systems may block the delivery of encrypted emails.

Digi-Secret and email privacy

Digi-Secret is a simple and easy to use encryption software that, not only, encrypts your confidential information with a sophisticated SHA256 algorithm but also embeds (by means of a steganography technique) said encrypted data inside an unsuspecting image file which can then be attached to your email. This allows for secure email communication between you and the receiver of your emails.

Advantages of using Digi-Secret:

  1. It offers double protection (the encrypted data hidden inside the image is invisible to the naked eye).

  2. Transmission of confidential data happens secretly.

  3. Email security systems do not detect the encrypted file embedded in the attached image and therefore do not block your message.

  4. You can assign selected people to have access to your secrets (without the need of distributing passwords).

  5. Easy to use.

Encrypting your emails is a big step towards privacy since it will prevent non-authorized users from accessing your confidential information.

However, unfortunately, there are further email privacy liabilities that cannot be solved by encryption. These liabilities are linked to the "metadata" associated with your email. In fact, email protocol imposes that metadata cannot be encrypted.

This implies that information such as, for example, your IP address, the subject of the email, the name of the computer you use, the timestamp must be transmitted in plain text and can be exploited by: big tech companies, government agencies, and hackers.  

Protection against these liabilities is beyond the scope of our products.

For this reason, we refer you to the following links:

bottom of page