Defeat

DSC_0722As much as I hate to admit it, I have to admit defeat: for years, I used to digitally sign my email messages using an SSL certificate. I chose S/MIME because I felt it’s integration is superior to PGP, and I chose to sign digitally because I feel this is the right thing to do.

Few people sign their emails with a digital signature, but if everyone did, we had a fraction of today’s issues with unwanted emails of all kinds. Receivers could be confident that a correctly signed email actually comes from me, rather than from an imposter. Just like we sign a normal letter or even a greeting card, we should sign our electronic mail and documents.

Nowadays, however, I send and receive email messages from mobile devices as well as from more than one PC, using webmail tools and dedicated email tools alike. I notice with regret that only a small fraction of my email tools support digital signatures (let alone integrated encryption). Since only a portion of my messages are signed, I might as well stop signing all together.

It’s a real shame that we always seem to settle for the least common denominator.

Enhanced by Zemanta

Blissful Ignorance

mailbox Many people in Britain are concerned because the government will ask them, eventually and in all probability, to carry an identity card. Basically, the police will be able to stop you, ask for your Id card, and thus know who you are.

While the privacy concern about Id cards goes a bit further than that, I am baffled about the almost total lack of public discussion and concern about the many privacy issues related to email. I think much of the world is in a state of blissful ignorance in this regard. Did you know the UK governments plans to make your Internet Service Provider (ISP) to keep record of all your emails for a year, starting in March this year? Probably all under the popular anti-terrorism umbrella-excuse. It won’t work, not if you do as I say anyway, but that’s almost beside the point.

A long post today, but it is in the public interest. Really. Especially if you read this thinking Oh techno babble I won’t understand this. You must try.  It’s important. Here’s what most people should know, or decide to ignore, about email privacy:

Most private individuals use a ‘free’ email service such as Hotmail, Googlemail, Live Mail, or one of many others. There is no free lunch. These providers may scan emails, at least for the purpose of targeted advertising, and they may include little pictures at the end of a message, which allow tracking down the recipient to the exact PC where the message is being read.

Most people send and receive emails using insecure connections. Meaning, anyone between you and your email server could read your emails, and potentially scan them.

Almost everyone sends email messages without a digital signature. I should know, because my signed email messages cause confusion with some recipients. Only a message with a valid digital signature it guaranteed to originate where it claims to come from. People selling junk in my name won’t have my digital signature.

Almost nobody sends anything without an envelope in good old snail mail, but almost every email message gets exchanged unencrypted. This is the equivalent of discussing personal or business matters on a postcard. The difference is that the email message can be electronically read by many more machines than just your postman checking Autie’s holiday greetings from Florida.

I don’t mean to be a scaremonger. Most email providers don’t do the evil thing, but the point is that they could, and that –apparently- the government can introduce ever bigger Big Brothers without many people even noticing.

So, for privacy’s and sanity’s sake, please:

  • Check if you can use secure connections when reading and writing emails.
  • Prefer a real email account, such as the one provided by your ISP or by many independent providers, over a ‘free’ service.
  • Consider using a digital signature to sign your messages. Even free SSL certificates are better than nothing.
  • Think about what you send by email. Financial details, personal details or business details have no place in unencrypted emails.
Reblog this post [with Zemanta]