Comments on: How to send secure email

By: Don

Don — Sat, 21 Nov 2009 20:29:45 +0000

Simon, et al.:

Interesting article on e-mail security. I, too, have struggled with using PGP inasmuch as it requires the recipients to also have it. In light of this I decided to try out a program called CenturionMail from CenturionSoft (http://www.centurionsoft.com/). Is anyone else on here able to comment on this program?

Also, I’m wondering if, Simon, you’ll be writing on secure phone communications or if others here on the site have any knowledge of this subject. Specifically, I’m curious about encrypted cell phone communications and/or Skype-type phone services.

Thanks and I am finding the newsletter to be…interesting.

Don

By: William

William — Fri, 20 Nov 2009 20:45:08 +0000

Simon:

Thank you for the info. It is tough to persuade all your associates to use such a program. Many folks don’t see the need since they think everything on the internet is private.

What has concerned me for years about this:
encryption flags your message and raises your profile. (Not to mention that it is illegal in some countries – France and Russia come to mind.)Nothing here would prohibit any of the “bad guys” from figuring out who the sender and the recipient are. Then (if they thought it was worth their while or they had nothing better to do) they would apply pressure. (Have you ever heard of “rubber-hose cryptanalysis”? How about “waterboarding”?)
What is the solution to this?

By: Möpsi

Möpsi — Fri, 20 Nov 2009 15:38:39 +0000

Well George, it “slipped” into the congressional record once that such agreements were in place with IBM and 2 other top industry players across their full product lines. I expect that’s what the MS antitrust suit was really all about. Bruce Schneier, America’s electronic security guru, writes about it some. And I always used to wonder why MS Word stores 2 copies of my text in each file! (encrypted content is decoded in a short amount of time if it contains any repeating content, and such a technique avoids the need for a formal back door having to exist in code form, which would leave a smoking gun for programmers to get a guilty conscience over, so to speak)

Likewise, and embarrassingly, it continually comes up that such back doors are in the routers and security hardware from Ci***, and probably all the other top-tier players.

Why would anyone expect it to be any other way? It is not in the human nature for the situation to be otherwise. Controls, snoopery, and huge black budgets, have been on the ascent, not descent, for the past 3 decades, so it would only stand to reason that things are considerably worse than they were in the 80’s when PGP was in court.

The so-called terrorists have taken what is probably the best sober position on the subject… when it comes to computer tech, the US govt cannot be beat. It is literally “their game”.

By: Peter Macfarlane (Q Wealth)

Peter Macfarlane (Q Wealth) — Fri, 20 Nov 2009 14:26:16 +0000

The software can easily keep track of 25-30 keys or 25,000.

Yes, of course it is necessary to persuade users to adopt PGP or GPG in the first place. But once installed, it is completely transparent and very easy to use. I would definitely recommend GPG with Thunderbird. It works very well.

GPG is open source software so you can be really sure there are no back doors. Commentators might be remembering the prosecution of PGP creator Phil Zimmermann many years ago, but that did not actually force a back door and many people have gone on to develop the software since.

Still, I would not choose to use the commercial version of PGP precisely because of this risk. If you use the open source software it is free, anonymous and you can be sure there are no back doors.

Also Pradip has a good point. It is very important to secure your actual PC in your absence. That is the whole point of the site I mentioned in my earlier comment.

By: Pradip Shah

Pradip Shah — Fri, 20 Nov 2009 07:44:41 +0000

After reading the main article I had the same thought as MJ.

I also see other problem of management. Let us say one communicates with 25 to 30 individuals where secure communication is required. I either have to refer to my diary every time I want to send them a message or the email software has to keep a track of the 25 – 30 corresponding public keys. I would then have to secure my PC such that no one can access it in my absence. This is to prevent anyone from sending malware from my pc or reading my secure mail.

Either that of run my mail / web browser software from a pen drive and hang on to it for dear life.

By: MJ

MJ — Fri, 20 Nov 2009 06:49:47 +0000

Hi Simon,

Very good article and very useful. I have used PGP pro long time ago and it was hard to set it up with MS outlook. You are right, e-mail msgs do go ways around and I agree everyone should protect his privacy.

I run into this problem with it though so if you have an advice would be great:

When I started sending e-mails to my friends they were not encrypted because my friends don’t have pgp. So I was the only one who could get encrypted e-mail from them when I sent them the public key. The trouble was that I had to urge them to get a PGP program also.

Thanks

By: Don Boyer

Don Boyer — Fri, 20 Nov 2009 02:06:42 +0000

I would be very interested in such software as GPG and FireGPG

By: George

George — Fri, 20 Nov 2009 00:36:48 +0000

Unless I am mistaken, didn’t the US government strong-in the arm the creator of PGP to give them a backdoor to the program, in the ineterest of national security of course.

By: Dr. ADE RAHEEM

Dr. ADE RAHEEM — Thu, 19 Nov 2009 23:59:48 +0000

Hi.
Please mail detailed information about secured mail systems.
best regards.
A.Raheem

By: jaci

jaci — Thu, 19 Nov 2009 18:33:22 +0000

Dear Simon,
I went to the site you mentioned for the privacy emails and not being a computer expert. I found it rather difficult to understand exactly which option I had to click on. the instructions were very vague.
Could you shed a little light on the subject and perhaps list the order in which to proceed. I very much would like to take advantage of the privacy they offer.
I love reading your news letters. They are always informative and interesting.
Thank you very much for your help.
Your avid reader,
Jaci

By: Peter Macfarlane (Q Wealth)

Peter Macfarlane (Q Wealth) — Thu, 19 Nov 2009 18:21:13 +0000

You will find some interesting products and info around the subject of secure e-mail and communications at http://www.securelaptop.org including step-by-step info on installing PGP, Thunderbird etc, saving you having to go to the different sites to read installation instructions.

By: Möpsi

Möpsi — Thu, 19 Nov 2009 17:34:46 +0000

My main concern has always been that encrypted e-mails flag themselves as “interesting”, which stands to bring my whole social network under scrutiny.

I prefer to fly under the radar, and I switch over to phonetic English (funetik inglish) in the middle of a sentence whenever I want certain words to slip past the lexical analyzers.