what are secure connections?

You should be using encryption when using Riseup services. Without using secure connections, your internet traffic is not encrypted. That means it can be listened to by anyone who wants to eavesdrop on your email and worse they can easily obtain your login and password, or impersonate our servers. Setting up a secure connection to Riseup ensures reasonable protection from eavesdroppers and impersonators.

how to use secure connections

To get your mail client to use secure connections, you have to make some configuration changes. Don’t worry! We’ll walk you through it.

If you know that you are using Thunderbird, you can skip below to the thunderbird section to check your settings. If you are using a different mail client, then please read the general settings section. If you have no idea what a mail client is, read the next section and we’ll teach you.

what is a mail client?

What is a mail client? A mail client is a specialized program designed specifically for checking and composing email. This might be Thunderbird, Apple Mail, Outlook, Eudora, etc. Whichever one you use to read and write your email is your mail client.

general settings

In general terms, you need to navigate the configuration settings for your mail program and make sure that it is set to use SSL or TLS on all connections (that means for POP or IMAP and SMTP), and also make sure that you are using the correct port. If you don’t know what any of that means, don’t worry, we will walk you through it.

The specific procedure to do this is going to be a very different for each mail client, and sometimes is even quite different for different versions of the same software.

In general, we do not offer support for mail clients. However, we do have some general information about configuring mail clients. If your client is listed, the information there will help you make the required changes.

If you aren’t using Mozilla’s Thunderbird, we would like to take a second to urge you to consider switching to it. It is a reasonably secure, easy to use, free software project. There is no harm in giving it a try! Best is that our instructions for setting up Thunderbird are really good, its what we know best and can support you much easier if you use it.

If you don’t want to switch to Thunderbird, and are not familiar with how to make these changes yourself, and our help pages weren’t helpful, you will need to seek support from your local friendly tech person, or your software vendor/community for information about how to make the required configuration changes.

thunderbird

To make the required changes in Thunderbird, follow these steps:

First, find out what version of Thunderbird you have by clicking the “Help” menu —> “About Thunderbird”

Once you have determined your version number, follow one of the below processes that matches your version.

thunderbird 3.x and newer

To make the changes needed to enable secure connections in Thunderbird version 3.x, please follow these steps:

thunderbird 2.x or older

If you are running a version of Thunderbird that is version 2.x or older, you really need to upgrade! Unfortunately, we cannot cover how to do that here, but you can find significant information online if you search for ‘upgrading thunderbird’.

If you do happen to use this old version and can’t upgrade yet, then please follow these steps:

iphone / ipad / ipod

If you have an apple device like this, you can review our for them to figure out how to change your settings to be secure.

importing email into gmail

Are you importing your mail to gmail? You can make sure your connections are secure by logging into gmail and then following the below procedure:

sylpheed

If you use Sylpheed, the procedure is as follows:

FAQ

Q. I have this setup already and have for years! Why are you contacting me?

Do you have a phone or a tablet that you set up mail on, or another computer? People often forget that they set their mail up on their devices!

Q: What if I use webmail, is that secure?

A: When you use the web, you are making a connection from your computer, through various servers on the internet, to the webserver of the site you are trying to visit. You are making this connection using something called “HTTP”. This connection is done in plain text, and is not secure. Attackers can gain access to your website accounts, and any information that you send or receive during your web browsing. There is hope! There is a secure version of “HTTP” called “HTTPS” (notice the little ‘s’ for secure). HTTPS is designed to provide secure connections that can withstand attacks.

For further security, you should consider verifying that the website you are visiting is the one you intend to visit. When using HTTPS, you are receiving a certificate from the server which is supposed to authenticate that this is the correct server. To verify that the site is the one you intend to visit, you should verify that the certificate that is presented is the correct one.

There are some issues with certificates that you should be aware of (see limitations of secure connections below).

Look up at the URL bar, where the address is. If it starts with “https://” (NOTE the ‘s’), then you have a secure connection, if its just “http://” (NO ‘s’), then you are not using a secure connection. You can change that “http” to “https” by clicking on the URL bar and adding the ‘s’ and then hit to load the page securely.

A third, and much less reliable way to tell is by looking for a little padlock icon. It will either appear in the URL location bar, or in the bottom corner of the window (the location is different depending on what browser you user), it should appear locked, if the lock doesn’t exist, or the lock picture looks like it is unlocked, you are not using a secure connection. You can hover your mouse over the padlock to get more information, and often clicking (or sometimes right-clicking) on the lock will bring up details about the SSL certificate used to secure the connection.

Q: What is POP/IMAP & SMTP?

A: POP and IMAP are common protocols that are used by software to retrieve mail from a remote mail server. Usually you will use one or the other of them, but not both at the same time. SMTP is another common mail transfer protocol, but this one is used to send mail from your computer to the mail server.

Q: If I’m configuring my mail software myself, what port numbers should I use?

A: For POP connections using SSL or TLS, use port number 995.
For IMAP connections using SSL or TLS use port number 993.
For SMTP connections using SSL or TLS use port number 465.

Q: What if I have more questions about using internet email securely?

A: If, after thoroughly reviewing the riseup help pages you still have further questions, we encourage you to submit a riseup help ticket. We are happy to help our users understand how to make their communications more secure and to help increase the privacy of all internet users.

limitations of secure connections

Now that you are using secure connections, everything is completely secure, right? Sadly, no! Secure connections just secure the transport of the data itself, they do not guarantee the confidentiality of particular data. For example, when sending email using secure connections, your mail is encrypted when being sent to and from our mail servers, but there are still many more “hops” your mail makes over the internet when going from our servers to the final mail recipient. Those hops are rarely encrypted, so there are many opportunities for someone to access your mail, both while it is “in transit” over the internet and when it is “at rest” on a mail server somewhere, or on the final recipient’s machine. Switching to secure connections is really only about making sure that your username and password are secure when you are logging into our servers.

So what else can you do to better secure your email communications? If you want full end-to-end security for your email you need to adopt the use of strong encryption software such as OpenPGP and get the people you communicate with to begin using that software as well. There is a Thunderbird plugin called Enigmail that allows easy integration of strong encryption into Thunderbird.

Security on the web revolves around HTTPS, and that involves determining if a particular certificate for a server should be considered “valid” by a web browser. The way this works right now is that a list of “trusted” Certificate Authorities is distributed by your browser. This sucks, because this requires you as a user to defer to some kind of central authority to validate your secure connection, why would you want to defer to some self-appointed authorities in order to participate in secure communications? For more information about how this is bad, have a read of this article about how technical architecture shapes our social structures and how this centralized hierarchy of control is extremely problematic.