Back in the late 1990s, I encountered webmail services. I quickly signed up for accounts with every service I knew:
- Yahoo! mail—sponsored by Yahoo!, which had a top-notch human-curated
- Mailexcite—later known as Excite mail—at that time sponsored by Excite and Webcrawler search engines
- Hotmail—before it became a Microsoft property
- and over time, various services that went by names like Warmmail, Coolmail, Coldmail, and CoolEmail—these services came and went and sometimes came back under completely different owners
What I liked about them was that I could go to the local college, the state college, or to friends’ homes and still check my e-mail without having to set up client software for each computer I used. This was before we knew a lot of the things we have learned about online security. Passwords were often restricted to 4-6 characters, often either all lower-case or all numeric.
If you forgot the password you used on site ‘X’, you would click ‘Send my password’ and check the relevant webmail account where the password would be sent.
Over time, things changed. Passwords started to require a mix of upper and lower case, along with one or more numeric digits. Then special characters were added. Passwords became longer. And ‘forgot my password’ started taking you through one or more secret questions before sending a password reset link to your e-mail. (No more mailing your password.)
It became more and more time consuming to log into a website, scroll through your new and existing messages to find the ones you choose to read, and write responses as necessary. This would be enough to make me switch back to the convenience of using client software to handle my e-mail messages (at the small cost of more complicated set-up than just typing a name and password into a couple of boxes on a webpage). But this is not even really the problem.
You see, in some areas, we have never advanced. We call it electronic mail, but it is really more like electronic postcards. This means that anyone, anywhere along the chain between you and the other party (or parties) could easily and quickly read your messages. That contract to buy a retirement property in Hawaii? Someone could have grabbed a copy, whipped out their word processor, and read everything in it. Same with that e-mail to your kid’s school about her grades. Didn’t you say they use Social Security numbers as student ID numbers?
You may say that you don’t do anything illegal and you don’t use e-mail to conduct financial transactions, therefore you have nothing to worry about. That is not so. You cannot know in 2012 whether information you “leak” today will become useful to someone who decides to use it against you in 2017 or 2022.
What is the answer? PGP. PGP (or Gnu Privacy Guard, which is a freedom-preserving implementation of OpenPGP). PGP puts your e-mail messages into an envelope, making it more difficult for someone to snoop on your message. Since the message is electronic, the envelope is also electronic, a type of public-key encryption.
Now, there are some who believe that anyone who encrypts data is doing it because they are doing something wrong or illegal. Those people are wrong. I personally believe that it is patriotic to encrypt your data. First of all, I do not believe that the government would have permitted its use if they had not figured out how to penetrate the encryption, if they are willing to devote enough time and computing power to do so. This means that encryption is not going to protect spying or terrorism. Our government will still be able to see what evil deeds such people are planning.
However, for unimportant people like you and I, people who may occasionally speed on the freeway, but do not otherwise break the law, the government is not likely to invest the effort. Our lives are too boring. There is nothing to be gained. I cannot imagine Jon and Ponch showing up at your door to write you a ticket because you admitted in an e-mail message that you drove 70 in a 65 zone.
I should point out that I have no evidence that our security agencies can read your encrypted messages. It is purely my opinion that they would still be trying to suppress PGP is some security agency had not figured out how to penetrate it. (Disclaimer: I work for a federal agency, but I don’t speak for them and they don’t speak for me.)
On the other hand, using encryption gives you some privacy. While I firmly believe the government can read your encrypted messages, the average computer criminal cannot. And more importantly, the casual observer who inadvertently is exposed to your message is not able to read it. The beat cop who is trying to make his quota cannot read it. The junior high kid down the street cannot read it.
So you and I should be using PGP (or the open source implementation, GPG) for most of our messages. Remember that an envelope only protects its contents in transit. If you’ve got the unencrypted contents sitting on your hard drive, or if the person on the other end has them, all that anyone has to do is gain access to that computer.
It is sometimes convenient to think of encryption like a vault. The locks on 1920s-era vaults probably would not slow modern criminals very much. The locks on current bank vaults are probably sufficient to slow down the majority of criminals long enough for the police to arrive. If you think encryption will protect your secret treasure map forever, you’re mistaken.
Now, once you decide to encrypt your e-mail, you’ll immediately be faced with two big issues. First of all, none of the big webmail providers supports using PGP through their websites. So unless you can get FireGPG working, you cannot do the prudent thing. Secondly, installing and configuring PGP/GPG is somewhat complicated. It isn’t really–some of the most tech-adverse people I know today set up similarly-complex software on their computers back in the 1990s–but it isn’t as easy as it could or should be.
Enter GPG4Win. GPG4Win comes with a lightweight mail client (Claws Mail), the GPG and Kleopatra and GPA software to manage the process from creating keys to uploading to public key to a keyserver to signing keys of others whom you know in person, a file encryption plugin (GpgEX), and an optional encryption plugin for Outlook. Mac users can use GPGTools instead of GPG4Win. BSD, Hurd, and Gnu+Linux users can use a somewhat less polished version or KDE’s Kleopatra.
Clearly, though, the process of using PGP and GPG needs to be simplified and streamlined. However, even in their current condition, you and I should be using PGP / GPG. And that means, given that the webmail providers have not figured out how to support it in their interfaces, that I need to pull back from using webmail for most of my messages.
I should also point out that you have to remember your passphrase, or you will not be able to use PGP / GPG. You should probably not create keys that are valid for more than a year or two. I am still learning about it, so I am by no means an expert. It just seems to me that if you forget your passphrase, you want a quick expiration, rather than waiting for years.
The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.
Here’s an excerpt:
The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 76,000 times in 2011. If it were an exhibit at the Louvre Museum, it would take about 3 days for that many people to see it.
I am in mid-America right on Independence Day. Some Californians would think negatively about this. I find that Kansas and its nearby states are full of people who are much like the people in LoCal (both areas lack the arrogant self-righteousness that is often found in “coasties” and especially in NorCal residents). In either place, people are not aware of the extent to which corporations have gained control over our lives and our political processes. Further, they lack awareness of just how important copyrights, patents, and proprietary software are to the corporate puppetmasters who are rapidly enslaving us.
Let me make it clear. The new corporate slave-masters are not concerned about your sex (“plumbing”) or gender (how you perceive yourself), or ancestry or ethnic background, except to the extent that they can use that to deprive you of legal leverage. Thanks to a recent court ruling, these things matter even less. Boilerplate language that deprives you of the ability to use the legal system again powerful corporations is now inviolable.
In this time, it is even more important to help awaken US-ians to the need to sacrifice if necessary, but by all means start to deprive the copyright cartels, mobile telephone network operators, cable television operators, broadcasters, and large proprietary software companies of financial resources. I intend to become more active here and elsewhere with long-form writings to inform, persuade, and propel people to use freedom-respecting / freedom-preserving software (open source / free software) to produce their own original, remixable media.
Finally, let us no longer be captivated by the conjoined twin political parties (Republican & Democratic parties). Neither one is for you and I instead of for-profit & non-profit organizations. Neither one is on our side.
As we saw in Part 1, the information you share on social networking sites is vulnerable because they are subject to closure at any time. Site closure is not the only way your data can be lost leaked. When you sign up for a service, somebody is paying rent on a building, paying electricity to run a server, paying staff members, and paying for network service. As much as you may like to think that random companies like you so much that they provide all these things for free, that is really not the case. They are seeking to get paid by someone for something. Many sites are partially or entirely advertising-supported. This means that you are bait to enable them to catch advertising sponsors. Several years ago, this meant that they had to use pop-ups, pop-unders, and other unsavory techniques to try and divert your attention from the content that brought you to the site. In exchange, these advertisers would pay the site money. These days, advertisers want personal information to enable them to “target” their ads at groups to which you belong, in an effort to make you more likely to buy their products and services. Facebook is willing to help application developers access users’ names, usernames, genders, addresses and mobile phone numbers. (While this is a particularly egregious example, Facebook is not the only one doing such things). It is important to understand that if you don’t have a financial relationship with the company offering the service, you are not their customer. You are merely the bait they use to catch their customers. Now let us think about some scenarios.
The DeLorean Scenario: Person decides to start an ad-supported social network. Service never gains enough users to produce enough ad revenue, so person resorts to “desperate measures” in order to keep the doors open a little longer. In this case, person sells access to the user database. Ooh. Now “Scumbag Collectors LLC” starts calling you because someone you went to high school with owed their client some money.
The Leaker Scenario: Something you said angers rich and politically-connected people. Suddenly, your accounts at big, centralized social networking services are cancelled, and you have no access to your pictures or other data which you had uploaded.
The Cracker Scenario: That big social networking site suffers a security breach. They gain your information, including a password which you use for your e-mail and three other social networking sites and your bank. Before you know it, your money is gone and images of you are edited to show you performing disgusting acts with farm animals before being re-uploaded to your sites.
Shameful Scenario: The service chooses to accept advertising from companies, organizations, and causes you personally find distasteful. People who visit your online profile are greeted by extremist group recruitment ads featuring video of group members telling why non-members’ lives have no value to them.
Monopoly Scenario: The company behind the site makes so much money from ads that they stop responding to the needs of site users at all. However, your online data and veryone you know is on that site.
DMCA Scenario: Something you post brings a charge of copyright violation. Rather than allowing you to prove that someone else’s copyright is not being violated, the site decides to cancel your account.What each of these scenarios have in common is centralization. Centralization makes social networks vulnerable, more vulnerable than they would be otherwise. With centralization comes unequal power. With centralization, $BIGNETWORK can treat you any way they choose when everyone you communicate uses that network and only that network. With centralization comes the need for big data centers, big expensive data centers, with plenty of ad revenue to pay for them. With centralization comes the overpaid CEO who somehow believes he/she “deserves” to earn millions of dollars per year while the site which is paying that salary is unmaintained for years at a time. Lesson number two: With centralization, especially where you have no financial relationship with the company providing the central site, comes all sorts of abusive activities. With centralization, one company has its hands on the collective throats of its users’ social networking activities. Unless you pay for the site, you’re not a customer, and the company that owns the site will likely have no loyalty to you, nor much of an urgency to solve any situations you find problematic. Keep a watch on the things that are being done by the social networking sites you use. Try to be ready to jump off of those which are provided to you without charge in order to protect yourself from the anti-user activities such sites often engage in.