|
|
Email Encryption
Email Protection
Email Security
|
|
|
|
|
|
|
|
|
|
EMAIL PRIVACY
|
"Privacy is not a product, it's a process."
There is an increase in awareness regarding the individual privacy of people using electronic mail in terms of expected exclusive access and account usage. This awareness stems from the fact that privacy protection of email is currently less well defined than other forms of communication. Also, there exists an illusion of privacy created by having a password to access ones' email accounts. The fact, though, is that very few people have a good understanding about how computer, computer networks and electronic mail actually work, and the options available to safeguard their electronic information.
Some of the typical email privacy problems arise from the technology itself. For example, if you send an email message to an individual, this mail can be seen by lots of people, starting with the system administrator of every machine your mail touches, plus anyone who has hacked those machines, plus anyone who is eavesdropping on any of the networks passed (there are many more ways for a hacker to get at it, too...). They can get your IP form a mail header and using basic techniques learn your personal information or plan a hack attack. Also you should realize that many companies consider individual's email at work to be corporate property. Otherwise you learn how vulnerable your email is only when the employer catches you sending sensitive information or potentially embarrassing notes.
PGP (Pretty Good Privacy)
Encryption scares the hell out of many computer users. If it's any consolation, it appears to scare the hell out of many snoops too, but for altogether different reasons.
Encryption can be a relatively simple process, or as difficult as the user wants to make it. The degree of difficulty does not necessarily relate to the security of the encryption method.
The defacto standard for encryption is PGP. PGP (also called "Pretty Good Privacy") is a computer program that encrypts (scrambles) and decrypts (unscrambles) data. For example, PGP can encrypt "Nice" so that it reads "457mRT%$354." Your computer can decrypt this garble back into "Nice" if you have PGP. The PGP is the most widely used and supported, and most readily available encryption method. PGP is available for almost every operating system, with a variety of versions for each. The features and functionality of each version should help determine which is best for you. The newer versions of PGP include plugins for popular email clients, and some include desktop security features as well.
Read our PGP section for more information.
Digital Signatures
It is trivial for your email to be read while it is in transit: left to it's own, email is like a postcard. And it's very easy to forge email; that is, to make it look like it came from an email address belonging to someone else. It is also quite easy for someone to alter the content of email after it has left your machine: this requires more technical skills then the simple forging of a return address, but internet email provides no protection against it.
Digital signature is a solution to this problem. Digital signatures use encryption technology to verify identity. If I send you a digitally signed email, you can verify that it really came from me, not someone using my name to masquerade as me. If I send you a digitally signed electronic document, you can verify that I really am the one who signed it. The technology also allows you to verify that nothing was altered - either intentionally or inadvertently - in transmission.
Read our Digital Signature section for more information.
SSL (Secured Sockets Layer)
A protocol that delivers server authentication, data encryption, and message integrity. SSL is layered beneath application protocols, such as HTTP or SMTP and layered above the connection protocol TCP/IP. This strategy allows SSL to operate without depending on the Internet application protocols. With SSL implemented on both the client and server, your mail communications are transmitted in encrypted form. Information you send can be trusted to arrive privately and unaltered to the server you specify (and no other). In short, it is a form of channel encryption developed by Netscape.
Read our SSL section for more information.
Remailers
The best mean to insure email anonymity remains the remailer network. Remailer is a program that works the way like anonymizer but for email. It allows you to send emails anonymously by wiping out all the headers that can disclose your identity. There are some trade-offs, but used properly, there is no way a user can be identified. Note that some of remailers (so-called "pseudo-anonymous") keep the database of 'real names' so you can be potentially traced back. The owner knows your identity and can be forced to give this information away. For example, it's known that the Finnish police forced Julf Helsingius (owner of well-known anon.penet.fi) to do this at least once. The rest of them act using "fire and forget" principle and keep no logs. To ensure that your real address won't be logged I'd recommend you to send your messages through several remailers. Some remailers will send you a help message on request.
|
Question of the Day
|
|
|
|
|
|
|
|