Lately there has been an upswing in the amount of news I’ve read talking about internet surveillance, snooping, and the like. In fact, China redirected massive parts of the Internet’s e-mail flow through its own servers for a few months before it was detected. Wonder why they’d do that?
Sooner or later, we all have the need for greater security in the way we communicate and handle transactions online. Would you buy something off the net with a credit card if it was via an unsecured connection? I didn’t think so.
I recommend that you consider using encrypted communication methods whenever you’re discussing something you care about. Even if you’re not doing anything you are worried about others discovering, it is still good practice, and I can’t imagine why additional privacy wouldn’t be a good thing.
Just about all of us use E-Mail on a regular basis. But most of us have all of our mail stored in unencrypted clear text. Anyone with access to the computer that mail is stored in can see everything in your Inbox.
But encrypting the storage mechanism isn’t even a perfect protection against snooping. Standard E-Mail has absolutely no protections and it is transmitted from server to server in the clear, where anyone can eavesdrop.
You can use web based E-Mail providers that offer encrypted mail hosting. This covers you against nefarious snoops accessing your email on the server. Hushmail is an example of such a service.
But remember, that isn’t protection on it’s own. You have to encrypt the mail before you send it.
I personally recommend that you use a mail client that allows you to perform encryption before anything is even sent. Microsoft Outlook 2010 provides strong key based encryption services, and is one of the mechanisms I use personally on a daily basis.
I also recommend the use of PGP (Pretty Good Privacy). It has plugins and scripts that let you use it with many different clients, and you can always just copy and paste encrypted text into your e-mails. Here’s the free open source implementation of PGP.
Rudy’s Tip: Outlook and PGP use what is called Public Key Encryption. It’s too technical to go into here, but you need to be able to securely trade ‘secret identification keys’ with people you want to send mail to. This stuff can be made to be pretty darn safe. Want to geek out? Read all about Public Key Cryptography at Wikipedia.
Many of you use Instant Messaging as well. Whether it’s MSN Messenger, Skype, AOL Instant Messenger, Google Talk, or just about any main stream IM client, you have the same security concerns with messages that are in transit.
Many of them aren’t as risky server side since most clients don’t store messages, but it is trivial to intercept these messages when they are going from my computer to your computer.
Skype, AIM, Trillian, and a few other clients support encrypted conversations. I highly recommend that you use them.
Encryption Isn’t Just For Spies
Look, I know it sounds a bit hokey, talking about encrypted communications and letters and everything. I assure you, I’m not wearing a fedora and a trench coat as I write this!
But what you write is your own business, and nobody else has a right to snoop on it. Protect your privacy, even if you have nothing to hide.
Rudy’s Note: I’m not talking hypothetically here. In my professional career, I have personally done everything I describe here on internal corporate networks. I’ve also done worse in lab environments. These are real threats. And guess what…it’s not that hard to do…