18 posts • joined Wednesday 21st April 2010 03:07 GMT
Re: Is non-US based email encryption vulnerable?
TrulyMail is based in Chile and they are still up and running. If they shut their doors, I guess I'll find another service somewhere.
Re: Sounds like you have a hammer
"[B]uilt-in is always better tha[n] bolt-on"
And that is why I use TrulyMail for secure messaging. It doesn't use add-ons and skips email servers altogether. It does use their servers (it's not peer-to-peer) but at least it's all encrypted on my desktop before being sent to their servers (and decrypted on the recipient's desktop).
End-to-end? Works for me.
Email is so last century
Why don’t we just phase it out?
blah blah blah
If past experience is any guide, the likelihood is that email will be with us for a very long time and that it is more likely to be used in tandem with social platforms than to be superseded by them.
Ah, I get it now...so the title is sarcastic. Hmmm. Funny.
Quite a few talking about how sloppy admins 'deserve' to get hacked. That's like saying that an old lady who forgot to close her purse 'deserves' to get robbed.
Come on guys, let us not forget who is the criminal in all of this.
Instead of cursing the dark, light a candle.
I used to LOVE Office. Then they put in the ribbon UI and I was so frustrated, I was forced to switch to OpenOffice just so I could get my work done in a reasonable amount of time.
If Windows forces us (I don't mind the option, but I do mind being forces) to use the Ribbon UI, I'm pretty sure I'll be switching OS's. Not sure what I'd switch to but there are plenty to choose from.
Encrypted = Expected Privacy
As many have pointed out, there doesn't seem to be an expectation of privacy for so many reasons. However, had she encrypted her email (via TrulyMail, PGP, or some other software) I believe she would have had a reasonable expectation of privacy.
You can't leave your diary on the kitchen table and then cry spying when someone else reads it. If you want it to be private, do something to actually make it private. Otherwise, it's just information laying around.
Encryption is key
The only way I would consider a cloud-based solution is if it has solid encryption and only I hold the decryption keys. One example of this is TrulyMail. It's like email but a little different. The important thing is that my messages are only on their servers while they are encrypted, and they NEVER have my decryption key.
The idea of simply hosting a non-encrypted data store on someone else's server simply makes me too nervous. Although, I guess that what email is but I don't really like leaving my unencrypted email on someone else's server either.
One More Reason to Use Encryption
At this point there can't be much doubt, can there? The US has been monitoring all internet traffic for quite some time and building their TIA database. Now, we learn the UK wants to join the fun.
In the end, I suspect more and more people will start using encrypted email via TrulyMail, PGP, GPG, etc. They will start using TOR to hide their browsing habits. People will always find ways, if they are motivated. This new step will motivate more and more.
TrulyMail For Me
I prefer TrulyMail. It's encrypted, portable (via USB) so I don't care about IMAP - I'd prefer to keep my messages with me rather than on Google's server. There are features it's missing but those are features I don't use.
Best thing about them - they put out new releases regularly so you know it's going to continue moving forward.
So much for cell phones
I think I'll just stick with my computer where I can use encrypt my email (with TrulyMail, PGP, or whatever else I want) and anyone who intercepts it only gets garbled junk.
Since we can't trust the phone makers, we must trust other tools. Luckily, there are other tools.
The answer is to limit the data they are allowed to hold.
I thought the EU had strict data privacy laws which prevented them from holding more information than they need NOW to do what they need to do NOW.
Of course, a company does need your phone number and your name so they can refer to you by name (Hello, "Mr. Smith," as opposed to "Yo, dude!"). So, whatever they have they will sell... that seems human nature.
Of course, we always have tools to make our own data private. I'm thinking email encryption and the like. Oops, that also would not work in this case.
I guess we are back to laws requiring HOW companies do business (you must encrypt and control access to all data) and fine those violating the law. Those include both the business and the individuals involved.
I'm with pengwyn
Larger keys are a must. My preference is TrulyMail Portable (for email) which uses 4096 bit one-time symmetric key wrapped in an asymmetric key. I don't understand why PGP limits users to 1024 bits in their keys? Are they trying to make it easier for the snoops?
Identity theft, indeed
Yes, you're right. We should be worried about unencrypted (or poorly encrypted) data being stored in someone's database.
Of course, we can use PGP or TrulyMail or the like to encrypt our email and we can use Firefox add-ons to encrypt our browsing sessions where possible but still, keep ANY information on my where it might be harvested later just seems like something bad for me.
Passwords using HTTPS by default?
Um, I believe you are only thinking of webmail. Most POP clients use unencrypted (clear text) passwords for logging on. In fact I'm not aware of a way to secure SMTP (only POP and IMAP) logins.
Thankfully email clients like Thunderbird, TrulyMail, and others are now starting to use encryption by default but, again, that is only for POP and IMAP. Since most users have the same password for POP and SMTP the fact that SMTP is sent it clear text really exposes everything.
So many things
As many write here, there are so many problems with email. Some people have the solution of using only plain text. While this is how email was invented (40 years ago), it does not handle how some of us like to communicate. For example, I often write certain people and include some text, with some words in different colors to convey different meanings. I also include images in the body of message. Yes, I can put images as attachments but then I can't have text-image-text-image as I would like. I guess I could put it all in an external document and then attach that document but then the recipient has extra work to do to read it (and I have extra work to do to write it).
Authentication (digital signatures) is an issue. We do need to be able to trust a sender is who they claim to be. Links in emails should include tooltips when you hover so you know where those links really go.
The solution, I believe, is to get rid of email. This is not so radical. We moved from CDs to DVDs to BluRay. Why can't we upgrade our messaging technology?
I use TrulyMail, which is a secured, private messaging system which also include email. It's like getting a BluRay player which also supports DVDs. If anyone else uses the same system, then we get authentication, automatic encryption, etc. If not, I can still use email until more people see the light.
Email has not grown well. The standards have not been there and now we have a giant mess. While we can 'just go with it' but I think it is better to step back and really consider what we want. I've made my choice and am happy with it. Everyone should ask themselves, can we do better than email?
Let us not forget personal responsibility
"The Commission promises to strengthen data protection law..." Perhaps it would be good to educate people so they understand how to keep their data Private. For example, most people do not know that email is not private at all. While there are some alternatives (like TrulyMail.com, and others) not much attention is given to them.
If people do not understand how they contribute to their own private data being 'out there' then how can they be part of the solution?
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16