This is a follow-up to an earlier entry about webmail and why I was ditching it. Also recommended: Thunderbird and GPG.
I had set up someone I know in real life’s computer. Hid Internet Explorer, installed Firefox and Opera, and set things up to generally block things from domains other than the one the person had gone to. You know, just the basics that everyone’s computer should be set up to do.
I get called over because “Gmail doesn’t work.” They did a site redesign, but I never see the site because I don’t use webmail. It turned out that part of the problem was that Google added more domains, and downloading an attachment caused it to be sent from a different domain, which was blocked. The rest of the problem was that the new layout is not friendly to those users who have both high volumes of current messages and large backlogs of stored messages.
This sparked thought about the problems that webmail causes, which those of us that use clients do not see.
Not My Problem: I Do Not Use Webmail
I did discover that I still had some Yahoo Mail accounts from as far back as 1997. Since Yahoo does not support client access (except for paid accounts, I believe), I have no reason to ever use them, so I’ve closed 75% of them and have started clearing out all connections to the last one.
Best of all, I can use GPG signing on the one account that I still remember my passphrase.
If you read yesterday’s entry and followed the link to Thistleweb’s original post, you’re starting to understand that encryption is foundational to the establishment and preservation of computer and online freedoms. I do not have any inside information, but I assume that there is some government agency which can, with reasonable effort, crack any encryption you and I might use. Encrypting your communications may dissuade most agencies from “fishing expeditions,” but once you’ve gotten priority attention, they’ll know in an hour or two what you’ve been saying.
One reason we should be encrypting our communications is that the corporations who act as hubs for our data typically offer to handle that data for zero-price, in exchange for advertising. Advertisers, in turn, want more and more of your personal information, sometimes including the content of your communications, in order to target their ads at people who are going to be interested. Personally, I do not believe it works very well. An ultra-targeted advertisement is spooky, and tends to chase people away. Be that as it may, once all the sporting goods chains have a copy of your plan to go skiing next December, you have no clue what they will do with that information. As privacy policies may be changed at any time without notice, they are not worth the paper they are written on.
Now imagine if you and your friends use PGP or GPG in your client, so that your mail service cannot read your messages. That means that the mail service cannot sell or rent that information to their advertising partners, and that sporting goods stores and home security alarm companies won’t be calling you with their offers. It means that the mail service’s director’s nephew won’t show up and ask your boss to “temporarily” assume your job during a trip that your boss does not yet know about. It means that the Keep Snow Pretty Coalition will not show up at your door (and your workplace) to protest your plan to fill some snow with ski tracks.
Now, that is all exaggerated, but the fact is, any information an organization collects will eventually be stored; any information an organization stores will eventually be misused. Encryption is your tool to help prevent the misuse or abuse of your information, and webmail is not designed for end-to-end encryption, but instead to allow the service provider to access, utilize, and present your data as they see fit.
I should add that most proprietary instant messaging services have similar issues. First of all, many of them are presented inside the service provider’s webmail service. That means that everything you send may be subject to monitoring (even after-the-fact monitoring, depending on how long the service stores messages), just like your e-mail. Their client applications are likewise advertising tools, although I’ve never seen any indication that IM contents are being fed to advertisers for targeting purposes.
Instead, I’ve found that I prefer to use Jabber / XMPP. XMPP does not have a central service provider, although Gmail / Google Talk instant messaging and Facebook’s IM are both said to be powered by XMPP. There are plenty of public providers, such as Jabber.org, Tigase.im and comm.unicate.me. One of the most important things you should do is ensure the client software you use supports both encrypted connections to the server and especially OTR. With OTR, you have some assurance that your messages are going to the correct person, with no one else reading them.
Special thanks to DuckDuckGo. When writing these posts, working the duck really helps my research.
Your private data isn’t a physical product. If someone steals your laptop, you can get a new laptop, or get it returned. It may have sentimental value, but it’s just a replaceable physical item. Information is not something that can be returned.
The value is not in the laptop, it’s in the private data contained within it. Do you have images or videos only meant for your eyes or your partners? If your laptop is stolen, count on those being shared online, count on the fact that anyone you see in your day-to-day life may have seen them, and recognize you from them. Still think that can be reversed and no harm done if you get your laptop back or get a replacement?
Digital Prism has a new post up telling how to improve the security of electronic mail.
Signing & Encrypting Email In Thunderbird
Email security isn’t just for the experts, or the rich. It’s for you too. It’s a bit of an enigma at first, but once it’s set up it’s pretty easy to use. This post is about the basics of how to set it up and use it, but first a look at why it’s important and what benefits you get from doing it. You can sign and / or encrypt your email. This has a variety of benefits and limitations.
Recommended reading for all.
KeePassX is a program for storing your passwords in a convenient and very secure way. Here is a excerpt from their webpage (with slight modifications):
KeePassX saves information such as user names, passwords, urls, attachments, and comments in one single database. The entries are sorted in groups. KeePassX also offers a little utility for secure password generation. The complete database is always encrypted either with AES (alias Rijndael) or Twofish encryption algorithm using a 256 bit key.
Originally posted in January 2010 on Xanga: When Is A Door Not A Door? | lnxwalt on Xanga
I have been watching this health care bill with both anticipation and some dread. I have to say that the dread now tops the anticipation.
It all starts about sixteen years ago. William J. Clinton was President, and a commission led by his wife Hillary R. Clinton was working on a proposal to bring health coverage to nearly all Americans. There was a loud roar, “let the market solve the problem, private industry will do a better job for a lower price”. Clinton’s health bill collapsed, and we got the medical insurance industry of today.
Did this solve anything? Not really. You see, health care insurance is generally too expensive for those who are not covered under an employer-sponsored plan. Those who are covered find that their insurer’s cost-control processes are illogical. There are a number of Americans who are no longer with us whose demise should be blamed on insurance company “death panels”.
The health bill, as covered in the press, has these characteristics:
(1)No “government option”. This means that only the same companies whose incompetence and greed keeps 1/3 of Californians away from medical care are going to be the sole beneficiaries of this policy. Unlike the right-wing, who think this is “socialized medicine”, I recognize this as 1940s-style fascism. Requiring people to patronized a favored group of privately-owned businesses is not only wrong, it is scary. What industry will be next? Will we soon be required to buy automobiles, even in places like DC, where it makes no sense to drive? Will the dairy industry require us to buy milk products?
(2) Mandatory insurance. One would think that our experience with mandatory auto insurance would show people that this is a bad idea. Lower-income employees, including younger workers, will face the choice of whether to pay their rent and buy food or pay their insurance. Unless they are already in poor health, most of them will make the (wise) choice to pay their rent and buy food. Using the IRS to punish the young and the lower-income worker is not an acceptable answer when coverage for some level of “BasiCare” should be be available without any direct reference to the patient’s wallet.
(3) Insufficient attention to preventive care. Sixteen years ago, insurance companies promised that “health maintenance organizations” would focus on preventing illnesses, that this would be the way they would ration care… by making much of our medical care unnecessary. I ask you, where is the emphasis on diet, exercise programs, addiction-management (including smoking, prescription drugs, recreational drugs, and so on), management of chronic illnesses (e.g., diabetes, obesity, hypertension), psychological counseling (which can help avoid domestic violence and other violent crime)?
(4) Leaves up the dividing line between on-the-job medical coverage (worker’s compensation, disability insurance) and off-the-job coverage. As long as that line is there, people on both sides will continue to try and cheat the other side’s coverage. It is said that people come to work concealing an injury in order to “get hurt at work” and get treatment. It is also common for someone who really has been hurt at work to use their personal medical coverage because they fear retaliation by their employers. What is needed is a single, overall coverage.
(5) No workplace / classroom ergonomics requirement. Have you seen the little seat-desks that have a little area for a right-handed student to write upon? How often have you seen a lefty dealing with a seat that isn’t designed for him / her? What about office chairs and desks whose height cannot be adjusted properly for the employee assigned to them? When this kind of design violation affects workplace machinery, it can cause killing or maiming accidents. Even when such accidents don’t occur, human-centered design can reduce the number and severity of repetitive strain injuries.
(6) Exemptions galore. There are exemptions from the national plan for members of Congress, for those covered under government employee plans, for those covered under Medicare and Medicaid. There needs to be a single plan that provides “BasiCare” to everyone. Extended coverage (beyond what is contained in BasiCare) can be handled by today’s dizzying array of medical payment solutions (e.g., privately-owned or government sponsored health insurers or even Visa / MasterCard) separately from BasiCare, but some basic level of care, including preventive and chronic illness care, should be handled through a central BasiCare system.
(7) Constitutional violation. No, I’m not a lawyer. But I can read, which is more than can be said for most judges, congress-members, or presidents. Continuing to overload the interstate commerce clause of the Constitution can subject us to easy takeover by a “Roman emperor”-style tyrant. Instead, this should be something where Congress approves of a “joint operating agreement” by the states, territories, DC, and the Commonwealth of Puerto Rico, but without any direct federal involvement.
In this, I see echoes of Massachusetts’ failed plan. Their plan was based on persuading “I’m invincible” young and healthy workers to pay premiums, so that older and sicker workers’ costs would be lower. The problem was that younger workers don’t avoid joining health insurance plans because they don’t believe they’ll be hurt. They avoid joining health insurance plans because they find it difficult enough to pay for all the things they need (food, clothing, housing, transportation, tuition), plus all the things they don’t need but are required to pay for anyway (auto insurance). Adding another “you hafta pay me” to their overstretched budgets didn’t work for MA, and it won’t work for USA.
Is this the best we could do? A massive giveaway of your income and mine to the insurance companies? This could have been such a boon to our economy. Think about your co-workers who are coming to work sick and in pain, and how much more productive they could be if they received medical / dental / vision / hearing care.
Here are some things that a national health care plan should have included:
(1) All other insurers off the hook. Anything covered under BasiCare should be only covered by BasiCare. Other insurers shouldn’t collect premiums for anything within that area. This would both reduce premiums and reduce insurance company costs.
(2) Medical price parity. Right now, if you walk in and pay for your treatment with your credit card, you pay the most of any patients. In effect, you are subsidizing the discounted rates received by insurers. Medical care providers should have one rate for everyone who pays for a particular treatment.
(3) Direct and speedy patient recourse against medical payment organizations (that is, insurers and other payment intermediaries). This would help avoid situations such as a transplant recipient whose insurer refuses to pay for regular liver enzyme tests or the person whose insurance is canceled once she is diagnosed with cancer.
(4) Treatment incentives: A person’s need for care will be influenced by his / her lifestyle choices. I’d rather pay for someone to get a free slow-cooker and healthy menu choices / healthy cooking classes now than pay for treatment later. I’d rather see someone joining an exercise program now than having to be carried on a flatbed truck to the hospital. We have to ensure that cost is not an obstacle to healthy living, and that someone who chooses to live unhealthily despite the availability of assistance doesn’t use up all our treatment resources.
(5) Centralize payments. There should be one third-party payer for all BasiCare treatment. This doesn’t mean that direct patient payment will be prohibited, although they should get the same prices and payment terms as BasiCare does and that payment should be accepted as full payment, just as with BasiCare. (That is, no double-billing. Fraud should subject a treatment provider to permanent ineligibility for payment, including ineligibility to directly bill individual patients.)
(6) Universal coverage. Every individual in the country, whether young or old, male or female, citizen or not, should be covered for BasiCare. No exceptions or exemptions. This includes congress-members, military, state / federal employees, and even certain employees of religious organizations who are (for some curious reason) exempt from Social Security.
(7) Non-federal organization. It is time to start following the Constitution. States are closer to the voters, and present a more dispersed target for those who would corrupt the process (such as the major health care insurance providers).
(8) Premiums paid through state taxes, not federal taxes, and not directly by the covered patients.
(9) Co-payments encouraged. If it costs you nothing to go see the doctor, you’ll be there when you get a scratch or when your toenail is about to come off.
(10) Personal responsibility. When you refuse to care for your new piercing, you should have to reimburse BasiCare for the treatment of your infection, or even better, be made to pay some portion of it up front and to repay whatever you didn’t prepay. Personal choices have consequences, and you should pay for those, not everyone else.
Somehow, I doubt that the imperial Congress will hear my voice. They are too busy listening to big insurers and centralized government advocates. But they should be listening to me and millions of others like me, because we’re the ones who will get stuck paying for their mistakes if they fail to hear our voices.
When is a door not a door? When the government shuts it and keeps you from using it.
You may not have realized this, but sending an email is not that different from sending a postcard---with the right know-how, anyone could intercept, read, or change it.
Signing an email with a digital signature means that the recipient can verify that no one has changed anything in the email in transit. Better still, encrypting an email means that no one can read it except the sender and you.