When You Need To Secure Your Email Tight

Sure I love Gmail. But every so often, we hear stories of Gmail hacking and cracking and the online privacy dialog starts up again in force. What can a user do?


The obvious option is to use an application or service that encrypts your email. Whether via the web, or desktop or as a layer of security on your existing email program, encrypted email makes it that much more difficult (but not impossible) to crack your security code.


There are several options available to those seeking security. The one I see and hear about the most is Hushmail. Hushmail is a secure web-based email service that has been around since 1999, which is like 1,000 years in internet years. Email is stored in Hushmail in encrypted form, and decrypted when you log in with your password. When you send to another Hushmail user, the encryption / decryption process is automatic. Non-Hushmail users are  provided with a secret question to answer before the email is decrypted. Hushmail also works on the iPhone and Blackberry devices (wait, no Android?) and can be incorporated as a layer on your Outlook program. Hushmail via the web is free, while domain-based, fully customizable Hushmail costs $1.99 per user per month.


The more expensive option is Zixmail, frequently used by companies seeking HIPAA compliance. This service works much like Hushmail and  also allows you to send encrypted email to others, whether or not they are Zixmail users. Zixmail provides desktop email encryption that includes automated key management and delivery through a secure web portal. It can be used with any corporate or web-based email system, and optional plug-ins are available for full integration with Microsoft Outlook. ZixMail can be set up to automatically scan out-going emails sent from the secured network  for sensitive information and encrypt them. Recipients receive a notification in their inbox informing that a secure message from the Zixmail sender is waiting to be read. Click the link and the recipient is taken to a message center where the user is prompted to log in with a password to view the email; new users are prompted to create an account and establish their password. Depending on the number of users, that cost can start at $75 per user per year.


There also is VaultletMail, a desktop app that allows you to send encrypted mail to others, whether or not they are VaultletMail users. Those who don’t use VaultletMail can access a SpecialDelivery Service, which prompts you to create an account and special catchphrase (“The Eagle Flies At Dawn”) or some such to access encrypted messages.  VaultletMail has lots of controls over what can be done with emails (no copying, forwarding, printing, etc.), can employ a “self destruct” for emails that sit unread for a period, and can even send from an anonymous email address.


Google has now enabled encryption for Gmail by default when you use the Chrome browser. The tech behind the encryption is called HSTS, which directs the browser to only use a particular website over a secure connection. If you use Firefox, you can add an extension that encrypts your Gmail – Gmail S/MIME which allows you to send and receive signed and encrypted messages in Gmail. The extension operates with every S/MIME-capable mail client including Microsoft Outlook (2000-2010), Microsoft Outlook Express, Mozilla Thunderbird, and Apple Mail.app, and now works up through Firefox 4.0, Seamonkey, and the latest versions of Gmail.


Speaking of Mozilla, if you use their Thunderbird email system, you can use the Enigmail extension. Enigmail requires you to install the Enigmail extension for Thunderbird and the GNU Privacy Guard software for your operating system. The application adds an OpenPGP dropdown menu in Thunderbird which contains the set up wizard. Encryption is selectable in the S/MIME dropdown menu in the composition window. While the encryption process is a bit cumbersome, you can use it with any email provider serving as the backend of your Thunderbird program.


It goes without saying (but I’ll say it anyway) that secure email encryption is all well and good, but it is no panacea or defense against a valid government subpoena. These programs will protect your legally permissible communications, but will not protect you from disclosure of your illegal activities. So email wisely. And securely.


Do You Read Your TOS?

Have you ever tried to access an online service, only to be prompted to read a TOS and click the “agree” button? Do you actually read those multi-page, tiny-print-emblazoned documents before clicking your agreement?

As I have often stated, it is important to read the TOS of any web service or application before you consent to using it, if for no other reason than becoming informed about what happens to your data and information after you start using the service. Sure, it makes for a long and boring read, but to be forewarned is to be fore-armed, as it were.

Lifehacker posted a few weeks back about how to quickly read a TOS to get the key points down. While the lawyer in me cautions users to read the entire agreement, the layperson in me sees the practicality in skimming for the important bits. The TOS are important when it comes to any service, but even more so for free services.

First, if you don’t know how to do this, use the “search” function in your browser to search out key terms. Control + F for Windows and Command + F for Macs. If you don’t pull anything else of value out of this post, pull that – this keyboard function will save you TONS of time when browsing the Web or your own documents and files.

What to look for? Lifehacker suggests, and I agree, check out whether your information will be shared, whether you can easily opt out of aspects of the service that don’t appeal to you, waivers, releases and methods for dispute resolution. Particularly when using free services, see who maintains control or “owns” the content you load into it and what uses the service provider can make of your stuff.  Watch for add-on content in purchases, especially on-line software and downloads – you might be getting more than you thought. Check out the details on how to unsubscribe or cancel a service.

These are the key parts. And, as Lifehacker suggests, it won’t insulate you from ever getting involved in a raw deal, but it may help you to avoid some and limit problems in others. Hit the link above for some more tips on how to scan the TOS. In the information age, it pays to stay on top of your information.