Clandestine Communications Part One: One Time Pads (OTPs)

Clandestine Communications Part Two: Steganography – A Smile is Worth A Thousand Words (Literally)!


The next set of articles in out Clandestine Communications series will be brief overviews of encrypted email services and message apps, file/hard drive encryption, and VPN.

I stress that these are very brief overviews. I highly recommend that you take a look at the training calendar and attend one of the Privacy, Security and Anonymity classes offered by Kilo, a friend and current member of the SOF community. The first class already filled up, but there is a class being offered September 21-22 in NC and a class in March 7-8 2020 in NC as well. Kilo will be using the vast knowledge he has to give you all you ever wanted to know about anonymity and digital security. Once again, I highly recommend the class.


Part Three of our Clandestine Communications series is focusing on “off the shelf” email domains. This would, of course, require you to get a new email address – an action that, given the surveillance state’s relationship with Google, Yahoo, etc, cannot be done too quickly. However, there are ways to harden current email addresses such as Gmail, and that will be the purview (shout out to Mueller for popularizing that word) of Part Four. There are really only two sites that I have both a familiarity with and would recommend. Those sites are Tutanota and Protonmail. I am sure that there are others out there that are both paid and free, and you can feel free to chime in down below. These are the only two that I have familiarity with, and I will give a brief overview below.

When you create your passwords, make it have CAPITAL and lowercase letters as well as numbers (1234), symbols ([email protected]#$) or even spaces. You may even want to employ a password manager such as KeePassXC to ensure a secure password.

ProtonMail (

Headquartered in Geneva, Switzerland, ProtonMail is a fantastic email service. Offering both free and paid subscriptions, it is Open Source and very easy to use.

Right off the bat, you need two passwords to log in – one to enter the account, and one to decrypt the email inbox.

EDIT: Apparently this is only true for legacy accounts like mine created before December 2016. New accounts default to one password. Thank you to the commenter who pointed this out.

When ProtonMail was originally released, two passwords were necessary to enter your account, a Login password and Mailbox password. This was done for security reasons to ensure end-to-end encryption. However, after extensive and careful study, our research team developed a way to provide the same level of privacy and security with just a single password. Technical details can be found here.

Because this improves the usability of ProtonMail, this is now the default for all newly created accounts. For Legacy accounts (those created before December 2016), we also provide the option to switch to One Password Mode. Two Password Mode will continue to be supported, and more information about Two Password Mode is provided at the bottom of this article.”

It has a robust set of settings including authentication logs (which will tell you every time a login attempt is successful or fails as well as a logout occurs – all with timestamps) and two factor authentication so that you can add an addition layer of security to the account.

The service is incredibly user friendly, and is located in a country that has incredibly strong privacy laws. It avoids the Five Eyes and the Fourteen Eyes countries

The one downside is that the Free account only allows for 500mb storage and 150 messages per day.

The Plus account, which costs $4.00 /Month, provides you with 5gb storage, 1000 messages a day, and the ability to send encrypted messages to those without protonmail accounts. It also allows for custom domains and up to 5 email aliases.

The Visionary account, which costs $24.00 /Month, provides 20gb storage, unlimited messages per day, and access to ProtonVPN (virtual private network). It also has multi-user support and allows for up to 50 email aliases.

Tutanota (

Tutanota is “domiciled” in Hanover, Germany and was started in 2011. The name Tutanota, according to the FAQs, is derived from Latin and contains the words “tuta” and “nota” which means “secure message”

By default, the emails between Tutanota accounts are encrypted just like in ProtonMail. You can also set up a password with someone who does not have a Tutanota account and you can still send them an encrypted email where they would use that password to get in (obviously send them the password via snail mail or, better still, physically hand them it). It also has an encrypted Calendar function built in as well.

The Free account allows for 1gb storage but limits you to Tutanota domains only. The big upside to Tutanota, however, is that it is much cheaper for it’s Premium accounts.

The Premium account starts out at €12 / year and allows for custom domains and 5 aliases. You can also purchase additional storage space – 10gb (€24 / yr), 100gb (€120 / yr), or a whopping 1tb (€600 / yr)

The Pro account costs €60 / year and provides 10gb storage, custom domains, and 20 aliases.

My biggest complaint about Tutanota is that it does not, to my knowledge, have a feature in your contact book that allows you to make a “group”. If you regularly email a preparedness group, you have to select each person individually to send them a group message as opposed to just creating a “Preparedness” contact group.

Non-Encrypted Email Services

I know that some people will chime in that they really wish their Gmail/Yahoo/AOL etc accounts could be hardened and encrypted instead of having to create a new account. My first reaction is simply to question why, if creating the accounts are so easy, would you not want to do this? Moving past that, we will be looking at using Mozilla Thunderbird and Enigmail to encrypt other email services using PGP.