[ExI] internet security

[Dave Sill]

On Mon, Jan 19, 2015 at 6:27 PM, Harvey Newstrom <mail at harveynewstrom.com>
wrote:

> Email is cleartext and can be read by anyone.


Email in transit between servers can be read by anyone with low-level
access to the network between them. That makes it *possible* to read some
email, but targeting a particular user's email is non-trivial. If everyone
in the group is using, e.g., GMail, this isn't an issue.

Most ISPs and big services (google, yahoo, etc.) scan your email for
> keywords and sell advertising based on keywords.  So indexes, summaries,
> and
> keywords from your emails are distributed to companies and governments who
> request these.


Google, at least, doesn't give away your emails or email address. They look
for keywords and display the ads themselves.


> So I would say that Email is probably the least secure protocol possible
> for
> this purpose, and the most likely to copy and distribute clear-text
> versions
> of your data around the world.
>

Unless messages are encrypted with something like PGP or the entire group
is on one server.


> And most of the other services that claim to be secure aren't.  They just
> play off the hype to get customers who want to be secure, but most of them
> don't have enough technical knowledge of spying or surveillance to actually
> stop it, even if they do have some heightened security.
>

And, again, the hard nut to crack with security is the end users. The
technology may be awesome, but if the users don't use it correctly, it's
easily defeated: bad passwords, shared passwords, public open wireless
networks, naive users, unpatched systems, unlocked screens, etc., can all
undo the best security.

-Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20150120/a1b59d3c/attachment.html>