Mail Privacy

"An individual with nothing to hide may well be an individual with nothing to offer."

The internet provides one of the easiest communications tools ever afforded mankind. It is quick, convenient, cheap....and as insecure as it is quick, convenient, and cheap.
But you ask, "Why should I worry about privacy and security? I'm not a criminal or a terrorist; I've got nothing to hide." If you really think that helps, you probably shouldn't be here after all.
Show me an e-mail user who has no financial, sexual, social, political, or professional secrets to keep from his family, his neighbors, or his colleagues, and I'll show you someone who is either an extraordinary exhibitionist or an incredible dullard. Show me a corporation that has no trade secrets or confidential records, and I'll show you a business that is not very successful.

A variety of different elements weaken your email privacy and while some are widely known - such as email viruses - others tend to be ignored. Emails carrying confidential information can not only create immense inconvenience and expense for a person but remain on an ISP's server or in a backup, and be easily retrieved by anyone who knows how to do so. The same goes for spammers who use the email systems to send thousands of unsolicited email messages. And what about the vast damage and time-loss caused by email viruses, which seem are making ever more frequent appearances these days?

Email-related threats to your security

The threat of information leaks

Most electronic mail is notoriously UNPRIVATE. E-mail is less secure, and in many ways more dangerous, than sending your personal or business messages on a postcard. Internet e-mail is child's play for some people to intercept. Your typical e-mail message travels through many computers. At each computer, people can access your personal and business correspondence. It's a safe bet that administrators (not to mention hackers) on Bulletin Board Systems, college campus systems, commercial information services, and Internet hook-up providers can read your e-mail. Of course most snoops will deny they're reading your e-mail because they want to continue doing.
Many Internet providers and network administrators "archive" (store) your incoming and outgoing mail on a computer disk for six months or more AFTER you think that you've deleted your mail. If someone sues you (for example, in a divorce), he or she may be able to subpoena and READ your previous correspondence (Whether you consider his actions right or wrong, Oliver North provides a good example of how old messages may come back to haunt you. His erased messages were recovered some six months later and used against him in legal proceedings.) Of course, unauthorized snoops might choose to read your archive for their own reasons. This may be just an administrator of your ISP or your office intranet, with no malice intended. Or it might be a competitor, legal foe, or government agency, with much more serious intentions. Information is power. Snoops want power.

The threat of mail tracing

All e-mail contains headers, and most tracing of e-mail begins by looking at this message-header information. A message header is text at the top of an e-mail that travels through the Internet. It contains the source of an e-mail in the "From" line, while in the "Received" lines, the header lists every point the e-mail passed through on its journey, along with the date and time. The message header provides a trail of every machine an e-mail has passed through.
Since this "post stamp" is rather ugly and useless for correspondents, the email programs normally hide it. But for snoops it's a valuable source of information. For example it contains one or more IP addresses that can be traced to you, your Internet service provider or organization So you should be ready that any mail admin can glance at your mail and learn your country, city, IPS, maybe your telephone number and so on. Besides tracing an IP address is essential for most hack attack.

The threat of viruses

Viruses are a major email security hazard that people simply cannot afford to ignore. Over 11,000 different computer viruses exist to date and some 300 new ones are created each month. Their effects range from negligible to bothersome to destructive.
The extent of the problem is so great that today begun to prohibit the use of email attachments, as this is where viruses are often embedded. Unless forewarned, users are generally unaware that they have received a virus until they open the infected attachment. By this time, it is too late: the virus is activated and starts to take over, completely infecting the hard drive and the messaging network.
The danger of viruses transmitted through macros, another common form of virus transmission, is that they allow the user to continue working and sharing documents. This way, the virus spreads faster, infecting more and more users. One such macro virus, known as Melissa, reared its ugly head on March 26, 1999. Melissa forced a lot of people all over the world to suspend all email transactions.
Other fiercely destructive viruses followed fast on Melissa's trail, such as the Chernobyl (CIH) virus and the Explore Worm, both of which wipe out files, resulting in data loss. And, as if all this were not enough, anti-virus researchers predict that more damaging email viruses are yet to come.

The threat of spam

If you thought the problem of junk e-mail was bad enough now then it is about to get a whole lot worse. The research organization, Gartner Group, reported that at that start of 2003, spam accounted for 30% of all business email; by July 2003, that percentage had risen to over 50%.
As well as consuming bandwidth and slowing down email systems, spam is a frustrating time-waster, forcing you to sift through and delete mounds of junk mail. It proves irritating and offensive to recipients who feel their privacy has been invaded and could also result in valid emails being discarded along with the junk mail.
Also spam or any other unsolicited message could be used to convince you to reveal sensitive information about yourself or internal computer systems, a message posing as an online survey could ask recipients for your password. The survey could also ask for other information which may allow an attacker targeting to gain valuable intelligence prior to launching another type of attack.

There are more reasons to want to protect your privacy than can be listed here. The important principal is that you have a right to privacy as long as that right is used within the bounds of the law. Seeking privacy should not make one feel guilty; privacy should be expected, and demanded. The reasons might be as simple as preserving your right to express unpopular opinions without being subjected to persecution, or as serious as communicating sensitive business information, legal discussions with your attorney or accountant, or hiding your true identity from an oppressive government. Regardless of your reasons, privacy is your right and hallmark of civilization.

OK, maybe I could use e-mail privacy. What can I do?

There are a myriad of means available to protect online privacy. Some are cumbersome and complex while others are extremely simple. Of greater importance is that some methods are almost totally lacking in security while others are nearly bulletproof.

Here the brief overview of two big, practical steps that you can take. First, use PGP (Pretty Good Privacy) software to encrypt your e-mail (and computer files) so that snoops cannot read them. Second, use anonymous remailers to send e-mail to network news groups or to persons so that the recipient (and snoops) cannot tell your real name or e-mail address.

Encryption scares the hell out of many computer users. If it's any consolation, it appears to scare the hell out of many snoops too, but for altogether different reasons.
Encryption can be a relatively simple process, or as difficult as the user wants to make it. The degree of difficulty does not necessarily relate to the security of the encryption method.
The defacto standard for encryption is PGP. PGP (also called "Pretty Good Privacy") is a computer program that encrypts (scrambles) and decrypts (unscrambles) data. For example, PGP can encrypt "Andre" so that it reads "457mRT%$354." Your computer can decrypt this garble back into "Andre" if you have PGP. The PGP is the most widely used and supported, and most readily available encryption method. PGP is available for almost every operating system, with a variety of versions for each. The features and functionality of each version should help determine which is best for you. The newer versions of PGP include plugins for popular email clients, and some include desktop security features as well.

The best means to insure e-mail and use net anonymity remains the remailer network. Remailer is a program that works the way like anonymizer but for e-mail. It allows you to send e-mails anonymously by wiping out all the headers that can disclose your identity. There are some trade-offs, but used properly, there is no way a user can be identified. Note that some of remailers (so-called "pseudo-anonymous") keep the database of 'real names' so you can be potentially traced back. The owner knows your identity and can be forced to give this information away. (For example, it's known that the Finnish police forced Julf Helsingius (owner of well-known anon.penet.fi) to do this at least once) The rest of them act using 'fire and forget' principle and keep no logs. To ensure that your real address won't be logged I'd recommend you to send your messages through several remailers. Some remailers will send you a help message on request.

As the user, it is your responsibility to know that your internet anonymity is only as secure as you concern about it. And if you don't follow some simple rules it is remarkably easy for someone else to read what you write.

Tips for Using Email Safely

Be smart about your password.
Change your password regularly - at least once a month. Choose a good password. Above all, don't share your password with anyone. ISPs and most server administrators never ask for your password. If you receive an email asking for your password, do not respond.

Use pass phrases instead of passwords.
This is because most people, when asked to choose a password, select some simple common word. This can be cracked by a program that uses a dictionary to try out passwords on a system. The term pass phrase is used to urge people to at least use several unrelated words in sequence as the pass phrase.

Never send payment information via email.
Unlike secure web sites that protect your private data, email-or any other exchange of information over the Internet is not fully protected from being read by outside parties.

Use the latest version of your browser and email program.
Up-to-date browsers contain the latest security technology.

Know your network.
Ask your email provider, ISP, and network administrator (if you have one) to explain what sort of security arrangements they have made.

Don't open suspicious attachments.
If someone you don't know sends you an email with an attachment, don't open the attachment. Though email messages themselves can't infect your computer with a virus, infected attachments can.

Don't respond to spam.
Responding to spam lets the sender know that you have an active, valid email address. Ignore the spam and delete it, or forward it to the customer service department of the sender's email provider.

Log out of your email account.
If you use a web-based email program, don't just point your browser to a new page; log out of your webmail. If you are using a public terminal (such as an Internet café), close the browser before you leave.

Trust your instincts.
Be cautious about sharing personal information with anyone you meet through the Internet. Do not respond to any messages that ask you for your password, even if they appear to be from someone in authority.