Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Enable Mom w/ Encrypted E-Mail?

Posted by Cliff on from the maintaining-the-illusion dept.

mad.frog asks: "Given the recent revelations of the Bush administration spying on US citizens without warrants -- and their promise to continue doing so -- it's clearly high time for me to switch to encrypted email, after years of being too lazy to bother. The real question is how I can get all (or at least some) of my email contacts to switch as well; clearly, encryption does me no good if the recipient can't decode it. What are my options, and more importantly, what are the options that will be comprehensible and usable by my parents, and in-laws? (Keep in mind that good solutions must include robust Windows and Mac support...)"

7 of 269 comments (clear)

  1. GPG/PGP: Thunderbird and Enigmail by Dark+Coder · · Score: 4, Informative
    Checkout Enigmail extension.

    Enigmail project website features are:

    • Encrypt/sign mail when sending, decrypt/authenticate received mail
    • Support for inline-PGP (RFC 2440) and PGP/MIME (RFC 3156)
    • Per-Account based encryption and signing defaults
    • Per-Recipient rules for automated key selection, and enabling/disabling encryption and signing
    • New: OpenPGP key management interface
    • Automatically encrypt attachments for inline PGP messages
    • Powerful GUI for easy configuration and management
    • User Preferences for advanced configuration
    • Integrated OpenPGP PhotoID Viewer
    • Supports OpenPGP key retrieval via proxy servers
    • Integrates with GnuPG
    • Works with the Mozilla Thunderbird, Mozilla Suite, and Netcape 7.x mail clients
    • Supports Thunderbird's Multiple Identities feature
    • Available for: Windows / Mac OSX / Linux (x86-32, x86-64, SuSe, Debian, Mandrake PPC & x86 ) / UNIX (Solaris 8.0, *BSD i386)
    • Language Packs available for localisation

    Works for me!

    1. Re:GPG/PGP: Thunderbird and Enigmail by Anamelech · · Score: 4, Informative

      This is the route I took, but trying to convince others that it was worthwhile was another story. Most of the individuals I deal with within my family and friends network use the free, web based email services(most of them hotmail) and can't use encryption/signing to begin with.

      Some free clients have limited support for GPG/PGP, such as gmail through thunderbird. The last time I tried the encrypted attachments, however, they didn't go through quite as expected(Don't remember what the actual effects were, but the cause was a mishandling of the MIME types.)

      As it stands, Thunderbird and Enigmail seems to be the easiest method for sending/receiving encrypted/signed emails, but free services are still a grey area for support. If it handles the MIME type on the encrypted attachments improperly serverside(the basic problem I ran into with Gmail) or they use the web interface regularly, there really isn't much you can do right now.

  2. I hope you know by missing000 · · Score: 5, Informative
    Encrypting your communications like this will just cause you to be a target. The NSA can most likely crack whatever you can throw at them, and even if not they will not hesitate to use some more creative methods if they want to listen in.

    Personally, I just assume that whatever I write or say is being listened to. It sucks, but that's the world we live in. Don't like it? Vote for a non-fascist next time.

    1. Re:I hope you know by ColaMan · · Score: 4, Informative
      Can the NSA crack RSA?

      Well, I know that they appear to know more than what the general cryptography community knows. For example (lifted from wikipedia, emphasis mine):

      During development by IBM in the 1970s, the NSA recommended changes to the (DES) algorithm. There was suspicion the agency had deliberately weakened the algorithm sufficiently to enable it to eavesdrop if required. The suspicions were that a critical component -- the so-called S-boxes -- had been altered to insert a "backdoor"; and that the key length had been reduced, making it easier for the NSA to discover the key using massive computing power.

      However, the public reinvention of the technique known as differential cryptanalysis suggested that one of the changes (to the S-boxes) had actually been suggested to harden the algorithm against this -- then publicly unknown -- method of attack; differential cryptanalysis remained publicly unknown until it was independently reinvented and published some decades later.
      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
  3. Re:Don't bother by waytoomuchcoffee · · Score: 4, Informative

    Don't bother using encrypted emails, because if you're not sending anything incriminating, THERE'S NO NEED.

    I love this type of thinking.

    Check out the 60 minutes inteview on Echelon:

    KROFT: (Voiceover) Is it possible for people like you and I, innocent civilians, to be targeted by Echelon?

    Mr. FROST: Not only possible, not only probable, but factual. While I was at CSE, a classic example: A lady had been to a school play the night before, and her son was in the school play and she thought he did a--a lousy job. Next morning, she was talking on the telephone to her friend, and she said to her friend something like this, 'Oh, Danny really bombed last night,' just like that. The computer spit that conversation out. The analyst that was looking at it was not too sure about what the conversation w--was referring to, so erring on the side of caution, he listed that lady and her phone number in the database as a possible terrorist.

    KROFT: This is not urban legend you're talking about. This actually happened?

    Mr. FROST: Factual. Absolutely fact. No legend here.

    http://www.freerepublic.com/focus/f-news/1543347/p osts

  4. Re:Hushmail by waytoomuchcoffee · · Score: 4, Informative

    May I reccommend a hush.ai address, as they're offshore.

    They used to be. The servers are in Canada now. You know, the Country that tried to pass the Lawful Access bill last session to "compel all telephone and Internet companies to create and maintain infrastructures that are intercept capable and to provide access to basic subscriber contact information such as a name, address or telephone number."

  5. GMAIL and Thunderbird/Enigmail by Dark+Coder · · Score: 5, Informative

    To send email securely over your Google's gmail account, just configure Thunderbird mail account to retrieve gmail email using your Google POP3 account information.

    Thunderbird/Enigmail combo neatly address your privacy issues for both sending and receiving.

    With PGP/GnuPG perfect forward-secrecy protection, you can leave all your emails in your gmail account and not bother to delete them (EVER or until your GnuPG passphrase is compromised).

    Google deux-machination of trying to find AdWords in your email for their massive onslaught of advertisement campaign will come to a screeching halt when your gmail InBox contains nothing but psuedo-random data.

    Good riddance to invasive AdWords into your emails...