Slashdot Mirror

← Back to Stories (view on slashdot.org)

Locally Secure Email Clients?

Posted by Cliff on from the protecting-your-email-from-prying-eyes dept.

Mattcelt asks: "I share my PC with my roommates, two of whom don't have their own PCs. In order to keep things simple, I have Windows98 running on it - they are used to the interface; it runs the programs they need to run from the University; and I refuse to pay the money to Microsoft to upgrade to a newer Windows OS. Unfortunately, there are some issues with privacy, and though I trust my roommates, there are work-related things I wouldn't want them to stumble into. Has anyone seen an email client other than Outlook that has -local- file security? Outlook has a feature to allow the password protecting of .pst files on the local drive, but it seems that every other email client figures that once the mail is on your machine, you don't need it protected any longer. Is there another email client with integrated password protection?"

4 of 77 comments (clear)

  1. Tried a combination of... by Vaevictis666 · · Score: 4, Informative
    Thunderbird (or any quick simple mail client) plus a software library to encrypt/decrypt a directory? Two batch files, one password, and that should set you up.

    Just set thunderbird up to store your mail in a subdirectory of the root thunderbird dir, and encrypt it from there recursively.

    1. Re:Tried a combination of... by GoodbyeBlueSky1 · · Score: 3, Informative

      I guess the question I have for Mattcelt is how much protection he needs (he uses the words "stumble onto", which to me implies he wants something hidden, but maybe not too involved)

      As such, if you use Mozilla Thunderbird (great client, better every month) you can put the following line in your user.js file (check the mozilla site for how-to)

      user_pref("mail.password_protect_local_cache", true);

      which will hide all e-mail (except for a folder list) until you enter a password.

      Obviously this is very low security, but if these roomies really are trustworthy it might do the trick; they won't see the classified project header or read your sappy love poems while you're gone. Plus I don't think we're dealing with computer-saavy roommates here (using a borrowed win98 pc?)

      --
      why? forty-two.
  2. IMAP? Web Mail? SSH? by JabberWokky · · Score: 4, Informative
    Leave the mail on the server, and don't store your mail password. Using IMAP means you can use just about any mail client, but are limited to certain mail servers. Webmail is available all over the place, but I don't like it. There are loads of decent text mode mail programs, and I'm sure there's a system somewhere on campus that allows you to connect and pull your mail.

    --
    Evan "IMAP/Kontact user myself"

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  3. Bottom line: you're screwed. by Anaxagor · · Score: 3, Informative

    If you don't trust them, no e-mail client is going to help. What's to stop them installing a keystroke logger and getting your IMAP credentials/PGP passphrase/shell account details? Running a cracker over the PST encryption? Shoulder surfing your password?

    Say you install a more secure, multi-user OS like Linux or FreeBSD or (gasp!) Windows 2000. Even if they can't learn your password, they can boot Knoppix or similar, mount your partitions and crack your box that way.

    The bottom line is that if they have physical access to your box, you're pretty much screwed. Either trust them and find some other way to separate work from home, or lock your box away in a cabinet they can't get to, install Linux/BSD, keep them patched against local root exploits, and don't let them get you drunk/stoned/in a state where you might divulge your passwords.