If you’re concerned about email security, my next few posts will discuss some aspects that you might want to consider. My feeling is that email is far less secure than it used to be, even compared to five or ten years ago. Whether or not anyone is reading your email, you might want to think about some way of securing your private and/or business communications from prying eyes. If you are already involved in illicit activity, you are likely more advanced in this area than I am. All of this is new territory for me. We’ll learn together.
My first stop on this journey is a Canadian web-mail site, Hushmail. Hushmail advertises itself as a ‘free secure email’ provider. It is free and somewhat secure. There is a pro version for use on your own domain but we’ll stick with the free version for now.
Hushmail encrypts your email to other Hushmail users, plain and simple. Once you are logged in, Hushmail provides an encrypted connection. The key to this connection is your password. If, for some reason, your Internet connection is being watched, logging-in to Hushmail will protect everything for you. Your emails are stored on the Hushmail site in encrypted form. Your passphrase isn’t stored anywhere by Hushmail. If you lose your passphrase, you can’t recover it…at least not through Hushmail. It all sounds quite secure, right? It is but Hushmail is very open about its limitations.
I don’t think anyone really reads the EULAs or FAQs that abound in the computer world. Hushmail’s FAQ was both incredibly easy to read and extremely honest. Take some time to read it and you’ll start to understand the limitations of a web-based email security system. Here’s a link to Hushmail’s FAQ: http://www.hushmail.com/about/technology/security/
Hushmail is perfect for the average person who wants a bit of privacy and simplicity with their free web-based email. There are ways to encrypt a regular email on Hotmail or Gmail and I’ll get to those later but for now, Hushmail is worth investigating.
The key to Hushmail is the passphrase. Sure, the email and the connection to Hushmail are encrypted but how can you keep your passphrase secure? That’s the problem, right? If you can manage to come up with a mnemonic passphrase, something that is easy for you to remember but ridiculously hard for anyone else to crack, you’re fine. If you have to write the passphrase down, things get substantially less secure. That’s for you to work out but I’ve got some tips here in another post.
Lastly, if you think that you’re immune to all of this and that no one really cares about your email, check out this PBS documentary. It’s an eye-opener: Nova: The New Thought Police
Thanks for reading!