Each individual message is highly encrypted using AES keys, which means that any hacker would have to decrypt each message to get the entire conversation–and decrypting one AES key is a task worthy of a team of hackers. OTR was set up to provide deniability for metadata, which means that unlike with many less-secure kinds of email, even if somehow you get your hands on a transcript, there’s no way to prove exactly who was communicating. The way to go here is with a setup called OTR, or Off The Record Messaging. Instant messaging, often referred to in security circles as “synchronous communication,” is, surprisingly, often more secure than email. If you’re truly paranoid, here are your options. government has shown its willingness to compel even legendary secure email services like Lavabit–which Edward Snowden used for five years–to shut down.
There are steps you can take to protect yourself, through both free and paid services, but the U.S. Secret Circle did not receive a requests, but merely “saw the writing on the wall” and voluntarily deleted everything.Įmail encryption is pretty wonky, but basically it boils down to this: email is basically not secure. Lavabit posted a message saying the creator can’t “legally share” what the impetus for shutting it down was, but that he chose that option, along with erasing all his data, rather than submit to government demands. Lavabit shut down after, we assume, receiving legal demands for information.
In the past week, two of the most prominent secure email companies–Lavabit and Secret Circle–have shut down voluntarily rather than be forced to comply with real or potential NSA requests (which are legally binding). (I used a letter, a number, and a symbol!) But with revelations that the NSA can pretty much demand any email service turn over valuable and private information about our email, more attention has been turning to sources for encrypted secure email services. Many of us had assumed our feeble Gmail passwords were secure enough to keep prying eyes out of our email accounts.
0 kommentar(er)
