Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Enable Mom w/ Encrypted E-Mail?

Posted by Cliff on from the maintaining-the-illusion dept.

mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"

16 of 269 comments (clear)

  1. GPG/PGP: Thunderbird and Enigmail by Dark+Coder · · Score: 4, Informative
    Checkout Enigmail extension.

    Enigmail project website features are:

    • Encrypt/sign mail when sending, decrypt/authenticate received mail
    • Support for inline-PGP (RFC 2440) and PGP/MIME (RFC 3156)
    • Per-Account based encryption and signing defaults
    • Per-Recipient rules for automated key selection, and enabling/disabling encryption and signing
    • New: OpenPGP key management interface
    • Automatically encrypt attachments for inline PGP messages
    • Powerful GUI for easy configuration and management
    • User Preferences for advanced configuration
    • Integrated OpenPGP PhotoID Viewer
    • Supports OpenPGP key retrieval via proxy servers
    • Integrates with GnuPG
    • Works with the Mozilla Thunderbird, Mozilla Suite, and Netcape 7.x mail clients
    • Supports Thunderbird's Multiple Identities feature
    • Available for: Windows / Mac OSX / Linux (x86-32, x86-64, SuSe, Debian, Mandrake PPC & x86 ) / UNIX (Solaris 8.0, *BSD i386)
    • Language Packs available for localisation

    Works for me!

    1. Re:GPG/PGP: Thunderbird and Enigmail by Anamelech · · Score: 4, Informative

      This is the route I took, but trying to convince others that it was worthwhile was another story. Most of the individuals I deal with within my family and friends network use the free, web based email services(most of them hotmail) and can't use encryption/signing to begin with.

      Some free clients have limited support for GPG/PGP, such as gmail through thunderbird. The last time I tried the encrypted attachments, however, they didn't go through quite as expected(Don't remember what the actual effects were, but the cause was a mishandling of the MIME types.)

      As it stands, Thunderbird and Enigmail seems to be the easiest method for sending/receiving encrypted/signed emails, but free services are still a grey area for support. If it handles the MIME type on the encrypted attachments improperly serverside(the basic problem I ran into with Gmail) or they use the web interface regularly, there really isn't much you can do right now.

  2. I hope you know by missing000 · · Score: 5, Informative
    Encrypting your communications like this will just cause you to be a target. The NSA can most likely crack whatever you can throw at them, and even if not they will not hesitate to use some more creative methods if they want to listen in.

    Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.

    1. Re:I hope you know by ColaMan · · Score: 4, Informative
      Can the NSA crack RSA?

      Well, I know that they appear to know more than what the general cryptography community knows. For example (lifted from wikipedia, emphasis mine):

      During development by IBM in the 1970s, the NSA recommended changes to the (DES) algorithm. There was suspicion the agency had deliberately weakened the algorithm sufficiently to enable it to eavesdrop if required. The suspicions were that a critical component -- the so-called S-boxes -- had been altered to insert a "backdoor"; and that the key length had been reduced, making it easier for the NSA to discover the key using massive computing power.

      However, the public reinvention of the technique known as differential cryptanalysis suggested that one of the changes (to the S-boxes) had actually been suggested to harden the algorithm against this -- then publicly unknown -- method of attack; differential cryptanalysis remained publicly unknown until it was independently reinvented and published some decades later.
      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
  3. Re:Don't bother by waytoomuchcoffee · · Score: 4, Informative

    Don't bother using encrypted emails, because if you're not sending anything incriminating, THERE'S NO NEED.

    I love this type of thinking.

    Check out the 60 minutes inteview on Echelon:

    KROFT: (Voiceover) Is it possible for people like you and I, innocent civilians, to be targeted by Echelon?

    Mr. FROST: Not only possible, not only probable, but factual. While I was at CSE, a classic example: A lady had been to a school play the night before, and her son was in the school play and she thought he did a--a lousy job. Next morning, she was talking on the telephone to her friend, and she said to her friend something like this, 'Oh, Danny really bombed last night,' just like that. The computer spit that conversation out. The analyst that was looking at it was not too sure about what the conversation w--was referring to, so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.

    KROFT: This is not urban legend you're talking about. This actually happened?

    Mr. FROST: Factual. Absolutely fact. No legend here.

    http://www.freerepublic.com/focus/f-news/1543347/p osts

  4. Re:Hushmail by waytoomuchcoffee · · Score: 4, Informative

    May I reccommend a hush.ai address, as they're offshore.

    They used to be. The servers are in Canada now. You know, the Country that tried to pass the Lawful Access bill last session to "compel all telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number."

  5. GMAIL and Thunderbird/Enigmail by Dark+Coder · · Score: 5, Informative

    To send email securely over your Google's gmail account, just configure Thunderbird mail account to retrieve gmail email using your Google POP3 account information.

    Thunderbird/Enigmail combo neatly address your privacy issues for both sending and receiving.

    With PGP/GnuPG perfect forward-secrecy protection, you can leave all your emails in your gmail account and not bother to delete them (EVER or until your GnuPG passphrase is compromised).

    Google deux-machination of trying to find AdWords in your email for their massive onslaught of advertisement campaign will come to a screeching halt when your gmail InBox contains nothing but psuedo-random data.

    Good riddance to invasive AdWords into your emails...

  6. Ciphire by Custard · · Score: 2, Informative

    Anyone know about Ciphire?

    https://www.ciphire.com/

  7. Re:Don't bother by name773 · · Score: 2, Informative

    i read the whole thing, and i'm not sure how much of it i actually believe. Mr. Frost says they get a lot of info from baby monitors... they'd have to be pretty close to the originating house to do that, because even if the range extends far enough (which it probably doesn't, it costs money and takes fcc licenses to do long range broadcasting), baby monitors are on a band that is used by a lot of other things as well, and their transmissions would join a flood of others.

    so i can only think of a few ideas to explain this guy: he might be sensationalizing his story, possibly on behalf of his former employer, possible to his own ends. that, or when they hired him, the cse or whatever may have shown him a demo that made him believe they had more capabilities than they really did. maybe 60 minutes ran out of ideas for shows and hired an actor to spout off things they based off of conspiracy websites. ok, maybe not, but i still find this hard to believe, especially former workers talking about it to a television show.

  8. Enigmail does not work with HTML. by Futurepower(R) · · Score: 2, Informative

    Enigmail does not handle HTML.

  9. PGP by Detritus · · Score: 2, Informative

    The commercial version of PGP (PGP Desktop) supports the Macintosh and Windows. It will automatically sign and encrypt email.

    --
    Mea navis aericumbens anguillis abundat
  10. If changing the mail client isn't an option by Curmudgeonlyoldbloke · · Score: 2, Informative

    How about WinPT ("Windows Privacy Tray") for your Windows relatives? It front-ends gpg with something that sits in the system tray. Can encrypt from the clipboard or the foreground window.

  11. Re:The best plaintext is encryption by ivan256 · · Score: 2, Informative

    I'll be darned if I'm going to live my life in fear that some TLA will mistake some perfectly innocent activity for terroristic proclivities.

    Forgive me for adding a hint of rationality to this discussion, but really... Just don't live in fear. Sure, there may be some reprehensible things going on that you should oppose, but you shouldn't be afraid. How many people have been investigated? Give it your best bet. Hundreds perhaps? Divide that by the number of people out there and then compare it to the posibility that your house will get hit by a meteor, or better, that you'll be killed by a drunk driver on the way to work. Oppose what you disapprove of, but don't live in fear of somthing that there's no rational need to be afraid of. It's likely that opposition will put an end to the spying well before there's any reasonable chance that it will happen to you.

  12. Use S/MIME / personal certificate by patrick42 · · Score: 2, Informative

    You can get a free personal certificate from Thawte that works great. Once you've setup your account with them, you can create a signature for each email address you use. On the Mac side, you just download the certificate, and the Mac takes care of automatically installing it. Mail will also detect the certificates you install, and you'll see sign and encrypt (provided you have the recipients public key) buttons when you compose new messages. Here's a tutorial on getting it up and running with Mail:

    http://joar.com/certificates/

    It also works with Outlook, Outlook Express, Thunderbird, and Mozilla:

    http://www.marknoble.com/tutorial/smime/smime.aspx

  13. Re:Reality Check... by Grym · · Score: 2, Informative

    Has the Bush administration actually invoked FISA as their legal basis?

    No they have not. Interestingly enough, the FISA court itself became quite alarmed when evidence started to appear in its proceedings which was obtained through the executive order.

    The current justification for the wire-tapping executive order is based upon the War Powers Act. As I understand it, the basic gist of this position is (1) we are at war and (2) any surveillance gathered is therefore military intelligence, exempt from the usual proceedings and review. This is, of course, is quite a dubious position to take and is probably why the president personally requested that the NYT editors not release the story about a year ago.

    Remaining unsettled are some of the following questions:

    • Does such a broad interpretation of the War Powers act apply in a war not involving any particular nation-state?
    • Can the president specifically violate a congressional law using the War Powers Act?
    • If the old FISA standard of evidence was "more likely than not" which was supposedly too much (ex. being on a known terrorist mailing list), what is the new one?
    • Could this be grounds for impeachment?
    • Should those responsible for leaking this story to the press be prosecuted?
    • Exactly why didn't the NYT release the story when they first knew about it? Seeing as how they released it now, national security seems unlikely. More to the point: why now? Was it to scoop the James Risen's forthcoming book?
    • And, probably most importantly, was this executive order really necessary to further the War on Terror?

    It's going to be interesting to see how it all unfolds over the next couple months, but it looks like it's going to get REAL ugly. Those interested should check out the new book from James Risen, the NYT reporter who did all the legwork, which should have more details. It's called "State of War," and should come out later this week.

    -Grym

  14. Here's the right to privacy by Alien54 · · Score: 2, Informative
    Its there in the 4th admendment.

    Forth Amendment

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    pretty much covers privacy, since you can't violate privacy without viloating something in the above, not at least without twisting the meaning and intent of the words.

    --
    "It is a greater offense to steal men's labor, than their clothes"