Message security

richard8279 · 13 Aug 2011, 11:05 PM

I think email can be read when it is transmitted via the internet. Therefore, it is possible to encrypt email messages to prevent them being read - during transit. I think this will work, encryption, with any kind of email, be it Gmail, hotmail etc.

Okay, the above is about security when sending. But, what about the messages that get onto a server or onto storage? Is it any more risky sending messages to hotmail, than fastmail? Or, are certain email services more risky when it comes to confidentality?

For instance, I have got in my head, that messages sent to hotmail addresses, are less secure than some other email services, because the messages are less secure whilst residing in hotmail storage.

kijinbear · 14 Aug 2011, 12:24 AM

Security during transit is what SSL/TLS is for. As for security in storage, of course the server's administrator can read everything. How do you think Google places ads in Gmail? By reading and analyzing your e-mails, of course. How do you think spam and virus filtering works? The filtering software needs access to the e-mail contents in order to do the work. There are a few e-mail service providers who claim to encrypt your mailbox, but whether or not you trust them is up to you.

If you use PGP, nobody but the intended recipient will be able to read the message. To everyone else (including Google and Microsoft), the message will appear to be a jumble of random letters. The recipient will also need to know how to use PGP, though.

janusz · 14 Aug 2011, 02:03 AM

Quote:

Originally Posted by kijinbear

of course the server's administrator can read everything. How do you think Google places ads in Gmail? By reading and analyzing your e-mails, of course. How do you think spam and virus filtering works? .

Poor server administrators, havimg to read every message and decide whether it contains a virus and what ads to display. Don't envy them....

richard8279 · 14 Aug 2011, 02:26 AM

So use PGP. I wish email was encrypted by default.

richard8279 · 18 Aug 2011, 04:22 PM

Are there any email hosts that promise not to look at emails unless for a legal or criminal reason?

janusz · 18 Aug 2011, 04:28 PM

Are there any sites which do NOT make such a promise?

richard8279 · 18 Aug 2011, 04:59 PM

Quote:

Originally Posted by janusz

Are there any sites which do NOT make such a promise?

I don't know.

I suppose you are saying every email host makes that promise.

rblon · 18 Aug 2011, 06:05 PM

Quote:

Originally Posted by richard8279

I think email can be read when it is transmitted via the internet. Therefore, it is possible to encrypt email messages to prevent them being read - during transit. I think this will work, encryption, with any kind of email, be it Gmail, hotmail etc.

Some providers also encrypt messages in transit, eg FastMail. Both sender and receiver need to support it, and I am not sure how many providers do.

The alternative is encrypting the emails yourself (with PGP for example). The disadvantage is that it doesn't work in combination with web access, as that kind of defeats the purpose, security wise (unless you run your own server). Also, the counterpart on the email needs to support it.

janusz · 18 Aug 2011, 06:10 PM

Quote:

Originally Posted by rblon

Some providers also encrypt messages in transit, eg FastMail. Both sender and receiver need to support it, and I am not sure how many providers do.

From the quoted source:
"This is not full end-to-end encryption of the email. The email is only encrypted during transit from our server to the other server, once it’s at their side, it’s stored in whatever form the other side stores emails. For full end-to-end encryption, you need something like PGP".
Using SSL for the whole-session encryption is not unusual.

jeronimus · 19 Aug 2011, 05:53 AM

It also depend on what information you want to hide and if the recipient can decode the message.

- Send not the text but a picture with the text (The lucky sysop that does not need to read all the mail now needs help from OCR software )
- You can attach a file with the encrypted message. (You download the file so it is not decripted on the mail -server.
- Hide the message in some special bits of a picture.
- Mail a signal with a hidden message (You can even post this signal public on your blog) [Picture of a dog the answer is yes, picture of a cat => answer is no)
etc.

13 Aug 2011, 11:05 PM	#1
richard8279 Junior Member Join Date: Jul 2011 Location: Live in UK Posts: 15	Message security I think email can be read when it is transmitted via the internet. Therefore, it is possible to encrypt email messages to prevent them being read - during transit. I think this will work, encryption, with any kind of email, be it Gmail, hotmail etc. Okay, the above is about security when sending. But, what about the messages that get onto a server or onto storage? Is it any more risky sending messages to hotmail, than fastmail? Or, are certain email services more risky when it comes to confidentality? For instance, I have got in my head, that messages sent to hotmail addresses, are less secure than some other email services, because the messages are less secure whilst residing in hotmail storage.

14 Aug 2011, 12:24 AM	#2
kijinbear Cornerstone of the Community Join Date: Mar 2011 Location: ~$ Posts: 652	Security during transit is what SSL/TLS is for. As for security in storage, of course the server's administrator can read everything. How do you think Google places ads in Gmail? By reading and analyzing your e-mails, of course. How do you think spam and virus filtering works? The filtering software needs access to the e-mail contents in order to do the work. There are a few e-mail service providers who claim to encrypt your mailbox, but whether or not you trust them is up to you. If you use PGP, nobody but the intended recipient will be able to read the message. To everyone else (including Google and Microsoft), the message will appear to be a jumble of random letters. The recipient will also need to know how to use PGP, though.

14 Aug 2011, 02:26 AM	#4
richard8279 Junior Member Join Date: Jul 2011 Location: Live in UK Posts: 15	So use PGP. I wish email was encrypted by default.

18 Aug 2011, 04:22 PM	#5
richard8279 Junior Member Join Date: Jul 2011 Location: Live in UK Posts: 15	Are there any email hosts that promise not to look at emails unless for a legal or criminal reason?

18 Aug 2011, 04:28 PM	#6
janusz The "e" in e-mail Join Date: Feb 2006 Location: EU Posts: 4,944	Are there any sites which do NOT make such a promise?

19 Aug 2011, 05:53 AM	#10
jeronimus Member Join Date: Jul 2004 Location: NL Posts: 73	It also depend on what information you want to hide and if the recipient can decode the message. - Send not the text but a picture with the text (The lucky sysop that does not need to read all the mail now needs help from OCR software ) - You can attach a file with the encrypted message. (You download the file so it is not decripted on the mail -server. - Hide the message in some special bits of a picture. - Mail a signal with a hidden message (You can even post this signal public on your blog) [Picture of a dog the answer is yes, picture of a cat => answer is no) etc.