Do you encrypt your emails?

scojones

This is a poll as to whether or not you encrypt your emails with PGP or something of that sort. I do, and have actively done so for a while but recently had to create a new key. I've noticed that the majority of my friends do not encrypt their emails nor do they have any intention of doing so. This is obviously bad. If you do, what do you use? I use the enigmail plugin for thunderbird. Be honest in this poll!

dahamsta

Why is it "bad"? Sure, it would be better if there was more awareness of crypto out there, and everyone had a key, but I doubt even 1% of my communications would need encryption. As it is, there would be no point in encrypting all my mail, since I'd imagine <.1% of my recipients would have a clue what the gibberish was!

adam

Karoma

The poll is lacking options methinks.
All of the time? For all e-mail addresses? No. I don't. I know e-mail is insecure, but for the majority of time, I couldn't care less, and as you pointed out-the recipient may not be able to use suitable software (Organisational computer restrictions, beyond their ability, etc.)

scojones

Ken Shabby wrote:

but I doubt even 1% of my communications would need encryption.

You don't mind if your isp reads your email? You don't mind if someone has "owned" the mail server you use for outgoing mail (mail.eircom.net in my case) and is running a sniffer and reads your email?

It all comes down to your personality. I'm paranoid by nature. That's just me. I don't like talking on the phone in public if I know someone beside me is listening to my conversation. Similarly, I don't like being recorded by CCTV cameras when I'm walking down the street. My anonymity is my right, and I don't like people reading my email - whether it is meaningless or otherwise so that's why I encrypt it.

zippo22

You should never say anything on the phone that you wouldn't shout across a crowded room. Likewise with E-mail, you shouldn't put anything on E-mail that you wouldn't put on a postcard.

Cake Fiend

"Obviously bad"? I doubt many people would see it as a problem that their 'Fwd: Fwd: Fwd: Fwd: Read this LOL' type emails (which is about 80% of the kind of mail most non-techie people send) are sent in the clear.

I've never sent a mail yet that was so in need of secrecy that it would be worth educating the recipient in encryption.

scojones

bedlam wrote:

What about your friends who do not want to use pgp or the likes, do you let them slide or simply not converse with them via email?

I converse with them via different means.

aidan_walsh

I can't encrypt the majority of the emails I send, because they are work related and the company doesn't have a policy of encrypting emails. Since no one else would be, its pointless.

Besides that, the majority of mails sent don't need to be encrypted for reasons already stated above, IMO.

dahamsta

sjones wrote:

You don't mind if your isp reads your email?

For 99%+ of it, I couldn't give a toss. I'd imagine it would take them quite some time to find anything remotely interesting in my mail alone, never mind the thousands of other people they host.

You don't mind if someone has "owned" the mail server you use for outgoing mail (mail.eircom.net in my case) and is running a sniffer and reads your email?

I operate my own mail server.

Do you only visit websites that operate over SSL?

Ruu_Old

Dont encrypt my emails, couldnt be bothered

kippy

Nah, couldnt give a toss.
Let them off if they want to meander through my (mostly pointless) emails.
Mostly for the reasons stated above. The people I send my mail to wouldnt know what to do with an encrypted mail and I dont think its worth the hassle myself.
I wouldnt call it obviously bad either.......

pantar_dubh

sjones wrote:

This is a poll as to whether or not you encrypt your emails with PGP or something of that sort. I do, and have actively done so for a while but recently had to create a new key. I've noticed that the majority of my friends do not encrypt their emails nor do they have any intention of doing so. This is obviously bad. If you do, what do you use? I use the enigmail plugin for thunderbird. Be honest in this poll!

Answered "Yes" to your poll, but the correct option would be "Depends." If sending material to my co-author of a novel, absolutely, because their are thieves of intellectual property, and you could be tied up in court for years trying to regain the rights to something that belongs to you.

If just chatting about nothing important, then "No."

Is privacy a problem? Most definitely. Frequently run into people packet sniffing other people's communications at hotspots. Why do they do this? I never would, so I don't quite understand them. But someday I will learn to spike, and have a little goodie embeded as a link in one of my emails, and when they click on it, well, it just might get interesting for these snoops. Of course, I would alert my correspondents before setting this up. Some might respond to setting such traps as being illegal or whatever. Well, is it legal for someone to violate your privacy?

scojones

Ken Shabby wrote:

Do you only visit websites that operate over SSL?

I can't see the relevance of the question tbh. My web traffic is alot different to the contents of my email.

scojones

pantar_dubh wrote:

If sending material to my co-author of a novel, absolutely

Cool, what kind of novel are you writing?

liamo

No, I don't encrypt my emails. The majority of the addressees in my emails wouldn't have the ability to decrypt them.

As a previous poster pointed out: don't put anything in an email that you wouldn't put on a postcard. I don't put anything in an email that would worry me if it was made public.

I do, however, sign my emails with GPG. This doesn't adversely affect anyone who has an email client unable to interpret the signature - it's just an attachment.

If I was communicating with someone with whom I needed to exchange secret emails and who had the ability to send/receive encrypted emails, then yes I would use encryption. But that situation hasn't arisen yet.

Regards,

Liam

pantar_dubh

sjones wrote:

Cool, what kind of novel are you writing?

Novel genre? Action romance (fiction informed by a true story) that emerges between two virtual characters on the web, beginning with boards, to emails, to eventually face-to-face. Have been writing since February and it's well advanced. No working title yet, but a lot of content.

scojones

pantar_dubh wrote:

Novel genre? Action romance (fiction informed by a true story) that emerges between two virtual characters on the web, beginning with boards, to emails, to eventually face-to-face. Have been writing since February and it's well advanced. No working title yet, but a lot of content.

Sounds great, keep me informed

schrodinger

I dont encrypt my emails becasue everyone else on the earth is lame and seems think that privacy is a given on the internet. I sign each of my emails with my PGP key and provide links to it in the hope that someone will actually figure out what I'm doing and/or send me their key back or go generate on for themselves. Most dont.

I have yet to meet someone who actually does encrypt their email or actually asks me to do so when I mail them, I would be frigging astounded to see it happen and very happy tbh

kippy

A somewhat relevant story:
http://news.zdnet.com/2100-1009_22-6073654.html?tag=zdfd.newsfeed

JohnK

No, I dont. I've never sent anything by email that would need encryption and it would be far too much hassle to try and explain to most people what encryption is in the first place. Until its in built in windows there is not much point in whole sale encryption i feel because the adverage user just wont understand or embrace it.

secret1

Hey found this interesting, from the point of view of someone that is totally naive regarding emailing, never mind encryption!
Have a question though..........is emailing really like sending something on a postcard??
Is it not private to the sender and the receiver? obviously the server can have access but what about anyone else? to someone who would have the email address but not the password? Can anyone read my mails once they have been sent off my computer? i dont keep a record of sent mails btw, but can someone retreive them off my harddrive etc??
Really confused .........

aidan_walsh

secret1 wrote:

Hey found this interesting, from the point of view of someone that is totally naive regarding emailing, never mind encryption!
Have a question though..........is emailing really like sending something on a postcard??
Is it not private to the sender and the receiver? obviously the server can have access but what about anyone else? to someone who would have the email address but not the password? Can anyone read my mails once they have been sent off my computer? i dont keep a record of sent mails btw, but can someone retreive them off my harddrive etc??
Really confused .........

Basically yes to everything you ask, though in different ways.

liamo

It's got nothing to do with emails on your computer or in your outbox or your email address or password. It's got everything to do with the handling of the email from the time it leaves your computer to the time it arrives at its destination.

The postcard analogy is a good one. The sender writes a message and, during the journey to the addressee, anyone who handles the postcard can read its contents.

Similarly, unless an email is encrypted the email can be read at any point along the journey to the addressee.

In practice, this doesn't happen. But the knowledge that it can happen should make you think twice before you send something in an email that you would rather not see being made public.

Regards,

Liam

Black Swan

Like why encrypt? Don't do financials over web, not after all the hacks.

esskay

I think encryption should be the norm not the exception. Email is so easily intercepted its laughably. Would you like it if anyone could listen to your phone calls? I don't currnetly encyrpt my mails but would if more people knew how to use encryption software.

Martyr

I don't encrypt emails i send, sometimes i probably should, but i don't use it for anything sensitive anyway, like say..a credit card number.

For me, it depends on what information you're sending over the internet.
i don't see any point in sending an email to say a friend, telling them whats going on in my life because its pretty uninteresting & boring

unless i was a gangster, terrorist, paedophile or some kind of criminal breaking the law trying to hide my activities, i have no use for encrypting my communications.

i'm not saying anyone who uses crypto is crim either, ok?

again, someone snooping on my phone calls, as long as its somebody i don't know & will never meet, i couldn't care less.

scojones

Average Joe wrote:

again, someone snooping on my phone calls, as long as its somebody i don't know & will never meet, i couldn't care less.

That's the problem. The majority of people think like this, and it's why I started this poll. The majority of people I have asked similar questions to, have the view: "If I've nothing to hide, I don't mind my calls being monitored, my emails being read, or being recorded on CCTV cameras walking down the street". If we let the people we have given the power to govern us, get away with things like this it will soon be as bad as it is in the States, here in Ireland. Ok, maybe I am going a bit over the top with that one, but in America the government no longer needs to get authorisation from a judge to tap someone's phone line. They can do it when they like to who they like without telling anybody anything. Privacy is your right, and you should use it.

NutJob

Us Echelon network
http://news.bbc.co.uk/1/hi/world/503224.stm



Where does all irish net traffic go?
http://news.bbc.co.uk/2/hi/uk_news/670092.stm


Personally id love to have to have crypto on all communications but undil its pre packed with windows mail clients the average user just simply wont have a clue.

Martyr

but in America the government no longer needs to get authorisation from a judge to tap someone's phone line. They can do it when they like to who they like without telling anybody anything

yes, but what would stop authorities tapping your phone line anyway, if they wanted to?
as long as they don't say anything & nobody can prove it, no law is being broken ( not in ireland anyway )

look at the morris reports, where a garda involved in corruption said that it was common practice to bug conversations between lawyers & their clients in stations around the country.

the claim doesn't surprise me at all & i believe its true, not because i love a conspiracy.
its very difficult trying to get a conviction when the criminal knows how fragile the law is & any piece of information, even if it can't be used in court can help in some way put the person away.

encryption is good, but increasingly its being used too much for nefarious purposes inevitably making law enforcement more difficult.

NutJob

The English had an answer to criminals using crypto was
http://news.bbc.co.uk/2/hi/science/nature/290964.stm


Hand over the key or well send you down for a year or two. Or hand over your keys and well convict you of running a drugs ring ad you’ll get 15 years.

That’ll work!!!!!:D

You cant legislate for stuff like true crypt where plausible deniability is part of the spec “ogh no my 4 gig iso got corrupt” and its not an encrypted file system.


Anyone with an understanding of the tech will dance around the law. Nothing to stop someone who knows what there doing organising anything over the thor network with 1000bit+ crypto. I had crazy strength crypto at the age of 12 and I used it(I got older and lazy).

There have been more than the Morris tribunal. Anyone remember this

http://topics.nytimes.com/top/reference/timestopics/subjects/w/wiretapping_and_other_eavesdropping_devices_and_methods/index.html?s=oldest&offset=80&

Government inquiry expanded into the police wiretapping of politicians and journalists during the administration of Prime Minister Charles J. Haughey. At issue in the inquiry is whether top officials in the Haughey Government illegally used the police to gather purely political information at a time when Mr. Haughey was struggling to remain in power last year.

So to conclude

There are definitely enough cause for everyone to use crypto but smime /PGP until they make there way into standard packages like thunderbird outlook and are as easy as clicking 3 or 4 buttons …… Asking for someone’s public key will just cause confusion.

scojones

Well, enigmail is a plugin for thunderbird that lets you use PGP. It's what I use.