Everyone Reads Your Email

[american.swan]

First understand all email travels around the web unencrypted by anyone. You're ISP provider in your local town you buy Internet service from can read it. The larger companies which provides the backbone of the Internet can also read it. Even before the hated Patriot Act someone was likely providing the government with "suspicious" email. It's illegal for the FBI to spy on US citizens, but some company who's directors are connected to some foreign security service might be funneling data to foreign powers, since America is up for the highest bidder anyways. There's a reason Greg Palast's book is called "The Best Democracy Money Can Buy".

Here's a hypothetical example. The government's right hand bails out and takes over GM, while the government's left hand is spying on Ford's executive emails and cell phone conversations.

My brother is a lawyer and I find it odd his company doesn't encrypt their emails. I've talked to Samsung employees whose cell phones and flash chips are examined every time they leave work, (there's a dye releasing sticker they put over the flash slot to ensure you didn't take out the flash card and download company secrets while at work) but do they encrypt email?

A wise company would encrypt. Blackberry cell phones are the best at this. They have enterprise systems set up specifically to encrypt companies email and much of their communication. There's a reason Obama doesn't use an IPhone. The blackberry probably connects directly to the governments security network.

Isn't Gmail different? No. Yes, your connection from Google to your desktop is encrypted by default I believe, BUT when Google sends your email to your cousin in England, it's wide open for everyone to see.

I know what you're saying. "I don't send any private details in email anyways". Good, but here's what you could do. (this is not the only option, it's just the one I've set up for myself, just in case I need it.)

1. Download Firefox's Thunderbird (http://www.mozillamessaging.com/en-US/thunderbird/)
2. Download and install Gpg 4 windows (http://www.gpg4win.org/)
3. Download the OpenPGP plugin for Thunderbird (http://enigmail.mozdev.org/download/index.php.html)

There's documentation available online. Generate your public and private key. Send the Public key to your friend who will use it to encode the email they send you. Only you will be able to decrypt the message with the private key.

[american.swan]

My friend recently had a "donor" tricked into sending $2000 to a hacker who used his mother's email address as cover. BE CAREFUL! Sign and/or encrypt your emails.

[MoneyWhereMyMouthIs2]

Isn't Gmail different? No. Yes, your connection from Google to your desktop is encrypted by default I believe, BUT when Google sends your email to your cousin in England, it's wide open for everyone to see.

Actually, I'd say gmail and google are a bigger threat to privacy than most other email systems. Google is an admitted data whore who will keep as much of your information as they want, for as long as they want.

[PastaRocket848]

in my opinion e-mail is about the least secure form of communication imaginable. hence the reliance upon it by blackhats. for what it's worth, GNUPG has been tabled out for a while now... and is very easily defeated. bbm also has had tables existing for a while. long story short: if you wanna communicate securely, don't use email. sure the encryption adds a layer of complexity, but it's more of a hurdle than a road block.

[Mini-Me]

in my opinion e-mail is about the least secure form of communication imaginable. hence the reliance upon it by blackhats. for what it's worth, GNUPG has been tabled out for a while now... and is very easily defeated. bbm also has had tables existing for a while. long story short: if you wanna communicate securely, don't use email. sure the encryption adds a layer of complexity, but it's more of a hurdle than a road block.

I find it hard to believe that GNUPG has been "tabled out," because that would pretty much entail a blanket breach of public key cryptography. Any references to corroborate the claim?

[american.swan]

How many here us www.hushmail.com? In previous discussion, it pretty popular around these parts, I thought.

[Master51]

One problem with hushmail is that they keep your decryption key. Yes, it's password protected but they have hacked it before... so it's kind of a false sense of security.

Personally, I use TrulyMail for email encryption (they have a nice email client which bundles in encryption) and really like it. They important thing is that my decryption key is only on my computer, never their (or anyone else's) servers. Google it to find out more.

[american.swan]

You must encrypt on your desktop. Hushmail and others, while good for general security, will release data to the Feds in a heart beat!! Search Google for "Hushmail steroids canada". You'll see how they modified the java applet to backdoor the information out of his computer to catch the criminal. (I hadn't heard about this story until Hushmail's former CEO informed me on twitter about it.)

Encrypt on your desktop isn't even THAT safe either. The FBI could hack into your webcam if they wanted to or monitor your keyboard, but it's far better than "services".

I use gmail and I encrypt on my desktop.

[american.swan]

You must encrypt on your desktop. Hushmail and others, while good for general security, will release data to the Feds in a heart beat!! Search Google for "Hushmail steroids canada". You'll see how they modified the java applet to backdoor the information out of his computer to catch the criminal. (I hadn't heard about this story until Hushmail's former CEO informed me on twitter about it.)

Encrypt on your desktop isn't even THAT safe either. The FBI could hack into your webcam if they wanted to or monitor your keyboard, but it's far better than "services".

I use gmail and I encrypt on my desktop.

[roxic27]

There is no such thing as privacy

There is no such thing as privacy

There is no such thing as privacy!