Should You Encrypt Your Email? - Comments Page 1

"Encryption is essential if you want any assurance of privacy. "

Kind of. 99% of us have security through obscurity because we are just not that interesting (especially if we are not sending financial passwords or hints to them) for people to want to wade through the drivel.

The DNC and Secretary of State are on a whole different level of interesting.

An additional benefit to public key mechanisms is to be able to sign emails. This ensures to the recipient that what they are reading is what you sent. Again you need to have exchanged public keys to utilise this else the recipient gets a signed message but the signing doesn't add anything, they have no means to check the signature.

I agree with bill - I am not concerned about email security. I rarely get any emails from my financial institution and the bulk of my emails are newsletters like Bob's. I like hearing about the latest technology or the latest news. I don't have any earth shaking emails that warrant security means. Encryption is for secret stuff and I don't send out any emails to anyone anymore. Most people now use Facebook which has a ton of security issues!!!

How does one secretly exchange the encryption keys, with someone in another country? lol

EDITOR'S NOTE: The same way you'd do it if they lived in the next town. You could send the key by registered mail or Fedex. But a messaging app with end-to-end encryption would be a better idea. Here's one example: https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en

Of course I remember when all correspondence was sent by what is now known as snail mail.

Plenty of opportunity for someone to open the envelope and read or destroy the contents. I don't think I even gave it a thought.

I am glad though that Bob brings this option to our attention so that we can decide for ourselves what level of interest our missives inspire.

Mine are oh so boring, some not even of interest to the recipient I suspect :-)

Thanks Bob for this article. Like others, my emails do not contain confidential information to the masses, but shaky relationships, divorce, and at the very least no more targeted ads. With Protonmail it is just you and the recipient. I signed up and love the auto delete feature at the receivers end, which can be turned on or off when ever you like). Passwords for your encrypted emails can be on the fly and different for each address and/or email. Clean layout and easy to use.

The only suggestion I have for Proton is it would have been great to simply have your address as *@proton.com instead of *@protonmail.com

I have used Proton mail for a few years now. What I like about Proton mail is that I can send encrypted mail to non-Proton mail users. In addition, you can also put a time frame on the e-mail or attachment existences.

I agree with the others: nothing I send is that interesting or sensitive. That may change as our political situation evolves. For now, it's way too much work for the small benefit. When I get an email encrypted for no good reason from an organization I work with, I refuse to open it and let them know that.

Proton(.com) is a Malaysian car manufacturer.

Have you ever attempted to tell your Aunt Gertrude that (for privacy/security’ sake) she needs to install PGP on her POP3 or that she should change her email client to one that uses STARTTLS for IMAP?

If some of the best pragmatic security information is found in humor; then, it's definitely worth having a read of this masterpiece (pdf) > by James Micken >

Extract >> “…In general, I think that security researchers have a problem with public relations. Security people are like smarmy teenagers who listen to goth music: they are full of morbid and detailed monologues about the pervasive catastrophes that surround us, but they are much less interested in the practical topic of what people should do before we’re inevitably killed by ravens or a shortage of black mascara. It’s like, websites are amazing BUT DON’T CLICK ON THAT LINK, and your phone can run all of these amazing apps BUT MANY OF YOUR APPS ARE EVIL, and if you order a Russian bride on Craigslist YOU MAY GET A CONFUSED FILIPINO MAN WHO DOES NOT LIKE BEING SHIPPED IN A BOX. It’s not clear what else there is to do with computers besides click on things, run applications, and fill spiritual voids using destitute mail-ordered foreigners…”

I'm curious to investigate Send Inc, the only service in this post I do not know of. What they seem to propose seems to good to be true (many unsaid things there), and they have almost no explanations on their site, apart from "shoot us a question".

Sorry guys, I need a bit more. As far as I know, there is no really good way to do encrypted email right now, and I have this on authority of cryptography experts such as Bruce Schneier.

By good way, I mean : simple and foolproof (so : not PGP, or related solutions), universal (can be used with people you don't know, and you don't need to exchange a password on the phone), and thorough (metadata have to be encrypted as well).

I'm not even adding : needs to warn you on receipt of email, or : can be used anonymously. That's even more difficult / unavailable, as far as I know.

I'll be 86 this year and I don't care who reads about my tortoise, my interest in plants or any of the gripes I may have. My bank and other institutions use encripted mail to me and that's all I really need. But I have filed this article away in case things do change. The article was an eye-opener to me and was much-appreciated. Thanks.

The MAC OSX encryption tool is FileVault not Filelocker.

EDITOR'S NOTE: Oops, fixed now. Thanks !

I've been using ProtonMail for a couple of years now. Apart from a serious incident that incurred some downtime (apparently state-sponsored attack), I like it and it makes it transparent to the recipient. In other words, the recipient doesn't need a key to open your email. Login in involves two levels of password and that's it. I saw that on a TED Talk, and I immediately thought, hey great idea! Not that I have anything to hide mind you, but as it is, the Government sees enough stuff already, they don't need to intrude further.

To answer the comment on exchanging keys for public key systems. The real answer is very complex but in simple terms there are 2 matching keys, one is public and one is private usually protected with a password. You send the public key out anywhere you want, doesn't really matter. There are special keyservers to handle things that provide other details like email address and so on. To send a message you use the recipient's public key. The only person who can then read it has the matching private key (and its password).

Think of it like this. The public key is like a set of padlocks with only one key. You send out lots of padlocks (you are really rich). If someone wants to send you a secure message, they pop it in a box and lock it with your padlock. Only you have the key to open that padlock.

It seems to me that, in order to encrypt my e-mails and have them received by others, the recipient has to have a key. So what happens if someone with whom I correspond (usually family) refuses to sign in with the Virtru program?

Check out EFF for their opinions on https

Enough already with the limp-wristed, pencilneck twits saying "I don't care. I have nothing to hide."
It's these sheeple cowards who opened the door for attacks against our constitution like the patriot act and allowed a government of wolves to enact the communistic police state we're now fighting

Why doesn't Microsoft include encryption in Windows so we don't have to worry about sharing keys?

Why doesn't Microsoft include encryption in Windows so we don't have to worry about sharing keys?