It recently became known that in some cases the government may read your private e-mails, which can’t be good news for any citizen. This is why security experts of different sources and Electronic Frontier Foundation introduce a few ways to counter the government’s surveillance techniques.
The EFF has created a Surveillance Self-Defense website in order to educate the US citizens about the law and technology of government surveillance in the country. First of all, you should know how your e-mail service works: the information is transferred between the sender and the receiver “through the wire”, i.e., through other nodes/servers, and this is where the government can get it.
1. End-to-end encryption.
You can use such software as PGP (aka Pretty Good Privacy) and the GNU Privacy Guard (GnuPG) to protect your transiting e-mails. They will also secure stored information. When you use end-to-end encryption, you ensure the privacy not just of your e-mails through the wire, but also of the e-mails stored on your PC or other machines. Don’t forget that these programs work only if the receiver has them installed as well, and you need to find and verify the receiver’s public keys.
2. Server-to-server encrypted transit.
When you send an e-mail, its content usually passes through a chain of SMTP mail servers. You can check e-mail’s headers to find out which servers it passed through. Although most free e-mail providers don’t encrypt your messages when they pass the SMTP servers, you still can secure your e-mail’s content when it transits those servers through TLS (Transport Layer Security). Just make sure your e-mail provider supports this kind of encryption.
3. Client-to-mail server encryption.
If you use webmail services, check whether your e-mail provider uses the HTTPS protocol. Hushmail.com, for example, always uses HTTPS, and also provides end-to-end encryption. Then, even if webmail services use HTTPS to their login page, they may switch back to HTTP after this step. In this case you need to look for a configuration option or a browser plugin which would keep the secure protocol enabled at all times. Gmail, for instance, always enables the HTTPS security protocol.
4. Information stored on other PCs
Unless you have your own private mail server, other machine gets your e-mails. Your ISP or a webmail provider’s sent texts are traceable and therefore can be accessed by third parties. Make sure to delete messages from your ISP mail server after download or delete them after you finished reading them. However, this can’t guarantee 100% that the mail is forever gone. In this case, the best way is to use PGP/GnuPG encrypted e-mails.
0 comments:
Post a Comment