Protecting Your Email Privacy One of the things people don't completely understand yet is that they seem to trust their email client when there is very little reason to.
People think email is secure. This is a fallacy. To start with... if you're viewing your email through an online client, unless it specifically says https in the url bar of your browser as shown below....
Your connection is simply not secure. Web pages are transmitted over HyperTextTransferProtocol or http. If the transmission from the web page to you is encrypted, an s will be added - meaning it is http Secured or https for short. So unless your url specifically shows that it's an https connection, it has a major vulnerability that offers a route of attack from those of "questionable morality".
Take note that an internet connection may be taking a random route through many computers before it arrives at its main destination - your computer. It could be traveling just about any where - through communist China or through Iraq.... and ANY computer along this route has the ability to read anything sent or received. Any data you send or receive, including passwords, are easily viewable along said route unless the transmission is secured via https.
So just be aware and be careful.
Another thing to consider is if you are using a portable device that uses wifi such as a netbook, notebook or Ipad at a public or unsecured wifi access point. Unless you are using a https connection, everything you send to the website can be easily read by anyone else connected to that hotspot. Consider this very seriously before using a free wifi hotspot provided by your local library or fast food restaurant.
Gmail (Google Mail) defaults to an https connection for everything, so if you're using Gmail, you are entirely safe. If you are using other services, a lot may offer https for login, but go back to http for everything else - which means that the emails themselves, forums, or whatever else can be easily read across both of the scopes mentioned.
Also ISP's and Email services are being required by the law to keep an archive of everything you do for a varying period. In the U.S, I think it's around 18 months atm. However, law enforcement officials want to extend that to 2 years. Now, while you may not be overly concerned about the government having access to this data, how many times has even classified data been leaked? Hell, employees of a certain phone company were reading messages to and from Obama during the Presidential election. Sarah Palin's private email was "cracked" during the same election. I think privacy is something we all need to start caring about a whole lot more.
Email Encryption
Once the email has been sent from your email service, even if it's Gmail, your email is the complete opposite of private. It is sent as plain text through the same random route that I mentioned above for internet traffic. Unfortunately, using an https connection here will not protect you since the "email" is going from your service provider to someone else's that might not have https. The only real way to secure this data is to encrypt it, before it even leaves your computer.
One great way is using PGP/GPG encryption. GPG is an an Open Source implementation of PGP. Encryption is the one area that you would want to use open source, since there has been a big issue with governments forcing companies to implement back doors in proprietary solutions.
This is how to implement GPG or GNU Privacy guard as it's more properly known:
First off, you'll need an email client on your local computer that supports GPG encryption. The client I recommend is the Open Source Mozilla Thunderbird. Thunderbird and a gpg plugin are free and readily available on most systems. Simply go to
http://www.mozillamessaging.com/en-US/thunderbird/ and download a version that matches your system. A lot of Linux versions have them in their already in their repositories. It's up to you to determine which method of installation is needed for your computer.
Secondly you'll have to have an email service that either uses POP (Post Office Protocol), which is very commonly offered by ISP's these days, or IMAP (Internet Message Access Protocol), which is also very commonly offered. Refer to your email providers help documentation on how to set this up. I know Gmail offers both and is a free email service. IMAP is highly recommended for this setup.
Ok, I am assuming at this point you have Thunderbird setup and working with your email service using either IMAP or POP. Now you'll need to install the GPG encryption program that will handle the actual encryption of your email. The windows version can be found here
http://packages.qa.debian.org/m/mingw32.html, a version for the mac system can be found here
http://macgpg.sourceforge.net/. Linux, in most cases, will have it installed already. Ubuntu, for example, has a graphical manager called Seahorse. If you are running Linux and do not have it installed, please consult your appropriate help forums and/or help documentation.
Next, you'll need the Enigmail plug-in for Thunderbird. First off, if you are running Linux and have downloaded a version of Thunderbird from your specific repositories, search them for in there as well. (I love Linux because the repositories' automatic download and install is so easy.) Otherwise, head on over to
http://enigmail.mozdev.org/download/index.php and download a version that matches your version of Thunderbird (once inside Thunderbird, just go to help->about Thunderbird, to see your version) and Operating System. Just download it to your desktop, as per typical. Then, delete the file after the plug-in is installed.
To install the Plug-in, simply open Thunderbird and go to your top menu. Choose tools, then add-ons, select install, then locate and then select the Enigmail add-on you just downloaded. Then click install, after which you'll more than likely be prompted to restart Thunderbird. After installation, you'll notice a new menu item called OpenPGP. Open the menu and select Key Management. You'll be asked whether to use a wizard or to do it manually - in this case, just choose manual. Then click Finish.
A new window will open. Tick - show all keys by default - then select Generate. Then new keypair. You have a choice. Do you have anyone else use your computer that you don't 100% trust? Or do just feel more comfortable having to enter a password to encrypt every message. If yes to either question, enter a passphrase where it requires it and retype it where it tells you. If you are confident that no one else is using your computer that you don't trust, then just tick the box that says no passphrase.
You can choose if the key you generate will have an expiration date, (which is when the key becomes no good and a new one needs to be generated later), OR, if you just want to tick the box that sets it up so it never expires. Again your choice.
Next, tick generate key. This may take a couple of minutes, because you are going to generate a key that is several thousand bits long....
Now the thing to remember here is this - it generate 2 keys for you. A public key and a private key. A public key is the key for you to send to all your friends/colleagues/family, that they can use to encrypt email only your private key can decrypt. Your public key is free to email or send to everyone. They can encrypt email to be sent to you, however they cannot decrypt anything from you. That is why the public key is safe to make public. The private key is yours alone and is the key that is used to decrypt messages. This it the detail that makes "public key cryptography" so safe - the encryption keys can be safely handed over an insecure channel.
A new key will appear in the key management window. Right click on it and send public keys by email to friends/colleagues/family who you wish to have access to it. Have your friends/colleagues/family do the same for you. To import a key from friends/colleagues/family, just save that long key that was sent in the email in a text file that hold holds the key. A valid key will contain all of this: (this is my actual public key - don't worry it's safe for me to send this and you'll read why below....)
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
mQGiBEtHQcgRBAD2fnyj+VVh3L8XIvpLQsMCzl0uxMBs8Z3LMmQx4aGMieTm1krl
nHjH5FwF+FgMJQf+woPuMajpj/3Cm3Gtg69UFkG/e1JPF/e9m5FDKFelB+9xujZD
Hcnk5BSlVwDeucLJJTDbgKGJ+P1DwgxUyfV4qsS2QTtC1vkltU+1IA0eUwCg2jMa
aMO2OWrIw6w4Qp3jKPZuhJkD/2bWHEH5Px3qKDuU4lTNBhbhXv0grYfRmpTNQbOX
L0KB37aaqJHsuZeYJgJLXR562UUE1T0SrbzZYdbzs7lzGjQXe2j2kRT0AngA2id0
RP/jqMNJWuB73fY0ZoVGwdIygUTrxO4wz3yVeCcYlbomMpTOUMUSWvEMCcdTpM1T
0RPCBADmsVK8Yk0lNjt2Z2b7W3n2Th635uOLE9EuhNKYR30+vEC0SmMJmxBgYCpf
7T2D7te6DN3audqe8of+TbytoE/JXrWTMXV5zkInTwoo8+hHJPclFNYgru+LMJpr
4f5bJ2nNDsSYW6oDCTIJPQC4SREaQ/jCt0cJ5KPlEZx+OTKpNrQzQnJhZGxleSBK
IEZsb3lkIChFbWFpbCBLZXkpIDxwcmltZWZhbGNvbkBnbWFpbC5jb20+iGAEExEC
ACAFAktHQcgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRD9MzgD9Q6ZcWOP
AJ9xBYzttLaMyJ+VEP9v/NaGUAZGfQCgj5xB1KypRRWiwReWBi4xEAPUeMS5Ac0E
S0dByBAHAJboFTR7lWGLowxmHKHGGmOkntbOtGAgPt/WRMsAOOnTVtsY+08uu4m5
eJw2ooaHVlX/dMiw7qv8aI067N9ZtI7ZaeBY+DbKweBB8H96RyXwnSETr+8epTzS
KyTuQ6BYSS2OzDqab0PTxVEH9uX8KBLzvhmGIm6zIl9VTWd1djFnuNYXxfXjS72W
/NA2RNTIqwGe636Ooz/Hnu4UGX/7KimBRgGMacOMaHyA8wehcslss1FmAvTr5sZI
xp2W3U5eyFfRb0RhFA2HXreCjp58jJRKM63OiXWDgQ8xL5lh9z7bAAMFBv4r3KIG
HHKINMinSyuZUcqVLMFi6NYdsy96IxAQlacqFFvwN83J1OFKu/qE2wYSeBqcinep
aStNH565uLk+eBedYTzMEYtz8vlMZu5is6pXWx94lNqIJ22QMVtEOof1q8/7x+p4
4HwynD6sq5riyknjwaBGFlx6tY4STf3dbWF/BaVhznB8zHrKGrLLzoPUQfimunCi
msguSMxZfbj1gCoE7xkQbnYN0KOT7Wskn5L46VZCwZvciFePDBjzlViQEos+CdjD
jrbAzBhJ4xzdwFX/UXXq/CpR3Jv9BBEos08EfYhJBBgRAgAJBQJLR0HIAhsMAAoJ
EP0zOAP1Dplx02QAnjBlPE0BGwEAbyLGfA4bzMTuFvXpAKCAp/SyN0MqhpU6vCy4
pFlyaMFgtg==
=fnYe
-----END PGP PUBLIC KEY BLOCK-----
Remember you even need to include the -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK----- lines. These are critical, but leave no space before or after those lines, those lines and everything in between needs to stay exactly as is though.
Then go to your key management window and select import key from file. Select the key your friends/colleagues/family sent you. Congratulations, you're now set up to send and receive encrypted email.
Ok, when you receive an encrypted email, the email should just open in your client without problems. There will be a little sign that says something to the effect - Encrypted. The client is pretty automatic about what happens.
To send an encrypted email, you'll see an option called OpenPGP in the new mail/reply window. Simply choose encrypt message, and then send. That's it! You probably also noticed another option there called sign message. This is an option that uses your private key to generate unique signature for your message. Only you can generate it.(It also depends on your email client.) Anyone that has your public key will be able to verify that the message came from you since no one else could generate a valid signature.
Another way is using an S/Mime certificate but that can be costly but doesn't provide any extra benefits for security.
So for security sake, encrypt your emails if there is any private or personal data you would not be thrilled to see on FaceBook or YouTube......... raised eyebrow..........
Posted by Primefalcon on 07/09/2010 at 14:33
Well found a bug, accidentally deleted a post, and finally fixed the bug..... My wife, Marlaine, was doing some grammar (and spelling - MMF) checking on my posts earlier today, and managed to find a bug that had slipped by me.....
This is the bug....
When you import a bunch of text into a form text area, it parses HTML entities and basically turns the entity into the tag. For example, say you have the tag <p> when you dump this into a text area (say you're editing a post) it will actually reduce the tag to <p>. The browser will treat it as a paragraph instead of displaying it. This created the issue of either having to edit all the tags back into entities or trying to fix the problem.
Unfortunately, asking around on the coders/programming forums got me nowhere. The only advise I got was to use the <xmp> tag, which was deprecated back in HTML version 3 in favor of the pre tag. It only keeps format and layout and was removed from the current HTML 4. It was also removed from the upcoming HTML 5 as well, which is already starting to be implemented! So implementing this code would completely break web standards, let alone being unreliable in how browsers will chose to implement this - if at all - since there is no longer any standard for xmp.
After a bit of bashing around I ended up coming up with a solution......
Convert it further into a second stage of entities for displaying in the text area like so:
Then convert it back afterwards like so:
For future reference - MMF or MM - will be commments made specifically by my wife.......
Posted by Primefalcon on 04/24/2010 at 18:52
![[Valid RSS]](http://techtalk.storehows.com/images/valid-rss.png "Validate my RSS feed")