Email privacy
In this world of Slack and Discord and Telegram and whatever other communication platform is currently hip, it’s easy to forget about humble email. Email is pretty special in that it’s federated – you don’t need to use the same email provider as the person you’re talking to – and decentralised: you can be your own provider, if you can understand Postfix. These are ideas that are recently coming back into fashion. It’s also very old, and when it was invented there was very little thought given to security. As late as the turn of the millennium, most SMTP servers didn’t require authentication (which was the glorious old days for spammers) and even today some email is transmitted in the clear.
Thankfully this fraction is very much a minority thanks to widespread adoption of STARTTLS, which encrypts communication between relays. It’s still necessary for relays to see the messages passing through them, so from the point of view of someone who doesn’t want their messages intercepted, it’s best to encrypt them at source using PGP email. Confusingly, this is done on Linux using GPG, which we’re not going to try to explain here.
Fortunately, Thunderbird on Tails includes the Enigmail plug-in which makes public key cryptography as easy as it can be. Note that even if you figure this out, email headers are still visible to relays involved in message delivery, and this is precisely the kind of metadata that spooks would love to harvest.