How could you keep your email secure?

Answer 1

There are many things you can do to make it harder for others to see your emails, but the bottom line is that if there is someone prepared to spend time and money (and perhaps legal muscle) on reading your emails they probably wouldn't find it too difficult. Even if you use perfect encryption, a realtime surveillance operation can detect the electromagnetic radiation from your monitor and reproduce what you are seeing on the screen. (search for "Tempest" technology.) It all depends on who you want to keep secrets from, and who might think you have secrets they'd be interested in. (And how nosy they are.)

There are email services that specifically cater to those who want to keep their emails private:

- Hushmail, offers free accounts. They are based in Canada. I think their encryption software is open-source and therefore, in theory, available to be audited. I understand they have been known to cooperate with law enforcement on both sides of the border and compromised some suspected criminals' email accounts.

- S-MAIL, about whom I know next to nothing.

- You can install encryption software on your own computer, like Gnu Privacy Guard (GPG) or Pretty Good Protection (PGP), that can often integrate with your email client (like Thunderbird), then you can either set up an email server on your own system (if you have a static IP (otherwise others can't find your server)) or use your ISP's pop and smtp servers to receive and send encrypted emails. Note that the Subject line of such emails is never encrypted, only the body.

There are two easy things you can do to make life more difficult for eavesdroppers. You can try to use https:// instead of http:// wherever possible. There's an add-on for Firefox that does this automatically called HTTPS Everywhere. Also, you can use the tor onion routing program, which encrypts your traffic multiple times as it bounces it round the net via a bunch of servers, so that eavesdroppers have a hard time telling what you're accessing and the servers you visit find it hard to tell where you're coming from. There's an add-on called TorButton for Firefox that turns tor on and off with the click of a mouse button.

Slightly harder, you can get some degree of protection by encrypting your hard drive. Processors have been getting faster quicker than hard drives, so these days the overhead of having the CPU do encryption and decryption on-the-fly is not as bad as it was in yesteryear. Truecrypt springs to mind, as a software solution, and some hard drives these days have hardware-based encryption which gives some level of protection, but who knows whether or not there are backdoors in it?

It may also be preferable to keep your private crypto keys on an encrypted SD card or USB flash drive so they are not normally accessible to your computer, but are only present when actually needed.

To protect against a compromised operating system on your computer giving away your secrets (for example, logging your keystrokes,) it may be advisable to keep a complete, but possibly cut-down operating system on a flash drive and boot to it only to use your secure email. If you boot it up, connect to the net and update it, then reboot before plugging in the device holding your crypto keys and using email, you should avoid most problems, but it is probably worthwhile using an operating system that has a reputation for security. If you can make it work from a USB flash drive using your internet connection, OpenBSD might be a good choice, but it's not for beginners.

If you're really paranoid, and worried that someone might read the EM radiation coming off your screen, then get a notebook computer where the screen is in an all-metal housing and acquire some transparent conductive film and apply it to the face of the display. No guarantees, but it should reduce the EM emissions from the screen.

You might try searching the internet for dontechnic's vcf series of adhesive films, and I read on the net once of a place in New York that will sell you a piece of film over the internet for this purpose, to suit your display size.

Another method that eavasdroppers can employ to steal your data is to add extra wires to selected parts of the computer's innards, so that it radiates some signal(s) that the eavesdropper is interested in. Pulling your computer apart from time to time might be the only way to satisfy yourself that this has not been done. Unfortunately, just finding an odd wire on a PCB doesn't automatically mean that someone is eavesdropping. Sometimes production PCBs do ship with rework. It is highly likely that simply having wires plugged in to the computer, like the power and mouse cables, also adds to the RF emissions from your computer.

Finally, if you think it's any safer putting your message on paper and posting it, there's at least one odorless volatile liquid that can be used to make ordinary paper envelopes virtually transparent, and I suspect that there are computer vision algorithms that could take a picture of such a transparent envelope and make a decent stab at reconstructing the contents of a folded letter.

Answer 2

how can you make your email transaction more secure.