Email? Send a post card, it might be even more secure.

in #technology7 years ago

Whether on a mobile phone, computer, car, game consoles – an email connection is available almost everywhere. It can be said that anyone who uses the internet also has one (or more, long live polygamy! – for email addresses, I don't want activists on my neck) email address. These addresses verify us on the Internet, we need them to register for services or receive messages from friends or reminders of the services we use. Of course, we also get desperate cries on calls from the services we no longer use.



Emails offer an easy way to communicate, unfortunately they have not been developed with the background of private data protection. This means that e-mails are in principle sent as postcards through the Internet to the respective recipient.

But there is SSL?

Right. There is. There are also airbags, if it pops right you are at least directly wrapped– but still dead. SSL is a method of closing traffic between two points. If I send a postcard from Basel to Lucerne, it will be sent to the receiver via various stations and nodes, just like an email.

Sending a Postcard

I write the postcard, this can be read by anyone near me. I bring this in a bag to the post (the postman can read it). The postman wraps them in a sack (no one can read it anymore, unless he sits in the sack, let's do that). The sack is sent to a branch and taken out of the sack, oh, the postcard can be read by strangers again. Then the sack story repeats... Until at some point the card is brought from the postman to the receiver (in a sack or does he always hold the card in his hand?).

This is almost identical with a normal email. The sack represents the encryption via SSL. This is valid for transport routes. We do not know if the postcard is still transported in a sack after the first transport.

Now let's take a look at the example by email

I write an email, who sees my screen (or has hijacked my PC) can read along. I send the email via email program to the server, which manages my emails (Post office). If I have SSL configured, it's pretty Safe (PGP – Pretty Good Privacy). The server then transmits the email to the relevant server of the recipient via various nodes on the Internet. I have no influence on this transport. So, I don't know if the data is transferred securely. I also do not know whether the provider stores my email encrypted? And when he does, he holds the keys in his hand –certainly not a good privacy. The recipient then picks up the message from his server. Also, there I do not know if the transmission takes place encrypted. As you can see, emails are by no means a secure means of communication.

And it turns out – secured mails are possible!

A method to send email securely is to encrypt it before shipping (s/mime, since Uncle Google will provide enough guidance). However, this has the disadvantage that all recipients also have to make use of it to read the email. So, the transportation is not encrypted, but directly the text I write – only the recipient has the key to make the message readable again. In principle, this would be like writing the postcard in a language that only the recipient understands. If someone else wants to read this stuff, he won't have a clue.. 

A cheer for Protonmail

I'm lazy and do not want to encrypt and teach others how to read my mails – that's why I use Protonmail. The Swiss startup offers free email addresses based on the zero-knowledge principle. Everything is encrypted and only I alone know the key. If I forget the key, I'm screwed! Without my key, everything will be lost – and that's good! All email sent from a Protonmail address to another Protonmail address is automatically secure. If I send an email to an external address and want to secure the content, the guys have a solution ready as well. The recipient receives a link via email, where he then has to type in a password that I have defined so that the message can be decrypted. Of course, I can also use the email address like any other email address.

But don't I have anything to hide?

This may be the case today. What if one sends emails about eating at a steak house and in public he claims to be vegan. It's ok for now. But if that guy ever candidates for some political job and gets hacked? What if you write an email that you go out every Wednesday night and some hackers see the mail and know exactely when nobody is at home?

Conclusion of story

Send as many unprotected emails as you want, I don't care. But when it comes to confidential content, put it on a secure email provider, like for example Protonmail. There are also paid mailboxes or the opportunity to act as patrons. For me, it goes without saying that I do not want to use the great service free of charge. 


Cheers and take care of your privacy, trollfarmer

Sort:  

This is a stellar post! I will be featuring it in my weekly #technology curation post for the @minnowsupport project and the Tech Bloggers' Guild! TBG is a new group of Steem tech bloggers and content creators looking to improve the overall quality of the niche.

If you wish to not be featured in the curation post this Saturday please let me know. Keep up the hard work and I hope to see you at the Tech Bloggers' Guild!

Thank you! :)

For sure! Keep up the great, original content!

That's a very good read, but I don't know anybody who is still using email for person to person communication. Email was the new kid on the block when the internet started, but the only thing I use email for now is to track purchases and catalog receipts. If I want to talk to somebody, I text or call...it's just so much quicker!

Great post tho...well written and informative! :)

Thank you! Well, in business communication, email is still a big player. :)

This is true...I do receive quite a bit of correspondence as an Editor...but most of it is junk email from advertisers and marketers.

Even communication inside companies is still mostly email.. If that email is hosted somewhere, this is not pretty secure.

Any digital footstep we give always has privacy risk. Can be compromised at any time.