Email Privacy & Security
 
I
N
D
E
  X  

Email Privacy & Security: Intro/Overview

Of all the different things that one can do on the Internet, email has proven to be the most popular by far. Regular folks have adopted email very quickly and incorporated it into their daily lives. In just a few years, it will likely surpass traditional "snail mail" as the most popular form of written communication (if it hasn't already).

Unfortunately, most folks have little regard for just how non-private and insecure email really is. The simple fact is, email offers very little privacy and security, yet people treat email as if it were an extremely private form of communication, trusting personal info and private secrets that they would never think of putting in a letter. Yet traditional letters sent through the US Mail at least offer the protection afforded by an envelope (as well as by a whole body of laws criminalizing the tampering with mail). Email offers none of those protections. Anything you say in email might as well be shouted in the public square. It's that insecure.

Still worse, many folks have started using high-powered email clients like Outlook, Outlook Express, Netscape Messenger, and Eudora (to name just the most popular ones) to access and manage their email. While these clients make email incredibly easy and convenient, these programs are also ticking time bombs, if you will. The programs can be exploited to compromise your privacy and security in ways that are simply not available if you're accessing your email via telnet (which lets you use Pine or Elm on the University server).

As if the non-private nature of email and the potential risks of graphical email clients weren't bad enough, email users have must also contend with "spam," that annoying unsolicited bulk email that clogs people's inboxes and drives folks around the bend.

Email is a very handy form of communication, but it carries risks. It is your job in this report to advise people how to protect their privacy and security while using email, no matter what method or program they might be using to access and manage their email.

Email Clients

Graphical email clients are becoming more and more popular among home users of PC's. The most commonly used email clients are:

While these email clients are convenient and powerful, they also open users up to several potential privacy and security threats. 

First, all of these clients make email attachments incredibly easy to send and receive. As you undoubtedly know by now, email attachments have become a "popular" means to spread viruses, worms, and trojans horses. The "Melissa," "ILoveYou," and "AnnaKournikova" viruses/worms were all spread via email attachments that exploited certain weaknesses in Microsoft Outlook and Outlook Express. There have been numerous other email borne viruses and worms, as well. These email clients are potentially dangerous applications inasmuch as they make it incredibly easy to trick users into compromising their own PC's (and the PC's of their email correspondents) by opening email attachments with dangerous content.

You can read about the various threats of viruses, trojans, and worms borne by email attachments on many of the pages linked to in the Email Info section of the Privacy Docs & FAQ's page:

Privacy Docs & FAQ's

...as well as at some of the links to information on email and viruses/worms on the Anti-Virus Info page:

Anti-Virus Info

Second, all of these clients enable users to send and view HTML email. HTML (Hyper-Text Markup Language) is the language used to make web pages. HTML can also be used to write emails, however, if you're using one of the big four email clients listed above. The traditional format for email is plain text (and that's the format you're using if you telnet in to your email account on the University server), but HTML formatted email can be written and read by these newer email clients.

HTML email can be snazzy, like any web page, and it can be annoying. It can also be dangerous. If you're using an email client capable of rendering HTML email, then you've opened yourself up to a whole host of threats. When you open an HTML email in any of these major email clients, you're really opening a web page, just as you would in your web browser. Put simply, any threat that you might face on the World Wide Web while using your web browser is now a threat to you while you open and read email.

Think about it. What privacy and security threats do you face on the web with your web browser? Two main threats:

When you're surfing the web, all of those technologies can be used by web sites to compromise your own privacy and (in extreme cases) the security of the data on your computer. When you receive HTML email in one of those HTML capable email clients, however, you face the SAME threats.

You can find a number of links that talk about HTML email in the same Email Info section of the Privacy Docs & FAQ's page listed above:

Email Info

You might also search through many of the more comprehensive privacy related sites listed on the General Privacy Info page here:

General Privacy Info

...though you'll have to do a bit more digging on those sites to find specific information and documents.

For basic info on the threats posed by active content, take a look at the ActiveX, Java, & Scripting page:

ActiveX, Java, & Scripting

I'd also recommend hitting Google or DogPile and doing searches on "HTML email." Among the numerous tutorials you'll find on how to send HTML email, you should also find a few pages that explain the problems with HTML email (and why you shouldn't send HTMl email yourself).

So your job with email clients is two-fold:

First you need to explain the privacy and security threats that users of email clients face (attachments, HTML email), and the links provided above should help you get started researching those threats.

Second, though, you also need to explain to users how they can protect themselves from those threats.

Protection from the threat of email attachments first and foremost involves smart behavior. Most folks have some idea that opening email attachments can be risky, but the principles of safe behavior with email need to be elaborated in more detail and reinforced. Many of the sites referenced above should provide plenty of advice along these lines.

Second, I'd also recommend that you look into the Microsoft Outlook Email Security Update for Outlook 98 and Outlook 2000 (Outlook 2002, which comes with Office XP, already incorporates that patch). Originally released in the summer of 2000, this security patch was designed to prevent Outlook users from opening potentially unsafe attachments (and Outlook has been the prime culprit in the spread of so many of the nasty viruses and worms over the past few years). You can find plenty information about what this patch does and how to obtain it on the Microsoft Office home page:

http://office.microsoft.com/

Outlook and Outlook Express are the two most dangerous email clients when it comes to email attachments, primarily because of the ways in which they're so tightly woven into the fabric of Windows and Microsoft Office. You can get burned opening an attachment in any of the major graphical email clients, though.

You might also take a look at the several programs that have been written to supplement or reconfigure Outlook after it has been patched with the security update from Microsoft mentioned above:

Outlook/Outlook Express Services/Solutions

Finally, we also need to introduce our readers to the major anti-virus applications that can scan incoming emails for potentially dangerous content. Not every anti-virus program has this functionality, but the big ones (like Norton AntiVirus and McAfee VirusScan) do. You probably already have one of these programs on your PC. You should take the time to look through your anti-virus program and its help files to learn more about email virus scanning so that you can give an overview of this functionality to your readers. You can find a list of major anti-virus programs here:

Anti-Virus Programs

You might also take a look at the several specialized anti-virus apps that exist solely for email scanning:

Email Protection

To protect ourselves against HTML email, we need to configure our email client correctly. Safe email client configuration varies from program to program, but none of these clients is very difficult to configure for safe use. It's really just a matter of looking through the "options" menus and seeing what's there. The best thing you can do is start nosing through the "options" menus in those clients and reading the Help files that accompany them. If you don't have one of these email clients, then you'll have to obtain and install it (and I can be of help here). Above all ask questions. I'm familiar with all four of these clients (some more so than others) and I would be more than happy to sit down and go through them with you step-by-step.

Ideally, we should be able to "turn off" HTML email in these clients, but, unfortunately, it's not that straightforward. Although we can change the format in which we SEND email to plain text, none of these clients offers a simple way to simply "turn off" HTML rendering for the email that we RECEIVE. What we can do to mitigate the risks of HTML email varies from program to program, but there are effective strategies for configuring each of these clients.

There is one interesting third-party program that was recently released for Outlook that does have the capability to reformat incoming HTML emails as plain text: NoHTML (though I haven't tried this program myself):

http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=55&did=38 
or http://www.secadministrator.com/articles/index.cfm?articleid=23391

With Netscape Messenger (but not Outlook or Outlook Express), you can also set up a Message Filter to catch incoming HTML emails and do with them what you will (automatically delete them, send them to a particular folder, etc.). Whether you can do this in Eudora, I don't know.

One final way to make these major email clients safe is to use a POP3 mail checker or email filtering program in conjunction with your main email client. These POP3 mail checkers or filters are small programs that can "screen" emails before they hit the inbox in your main email client, allowing you to delete unwelcome and potentially dangerous email before they open in a program like Outlook or Outlook Express. You can find a good number of POP3 mail checkers here:

POP3 Email Monitors 

Safe configuration and use of popular email clients is an important part of email privacy and security, and anyone who write about this particular sub-topic will be immersed in the ins-and-outs of these four major email programs.

Anonymous Email

Most of the time when we use email we're perfectly happy to let people know who we are and where we're coming from, especially if we're corresponding with friends and family. But sometimes we aren't. Sometimes we wish to communicate with people while protecting our identity. In other words, we wish to remain anonymous.

Now, one thing that computers do very well is keep records. In fact, every email you send passes through a whole chain of servers on the Internet, and each one of those servers keeps very detailed information about the email that passes through it. Moreover, a good deal of that info is tacked on to your email as it passes through all of those servers -- sort of like the set of stamps you accumulate on your passport as you pass from country to country. These records about your email's journey to its final destination are known as "headers," and every email has them.

So what's the upshot of all this record keeping? Answer: it's very difficult to be truly anonymous when sending email. By anonymous, we mean that your identity is completely unknown to the recipient of your email (as well as the majority of the servers that pass your email along to its final destination). Yes, you can forge your name and email address in your email program, but the headers on your email will reveal the true story. That email can eventually be traced back to you by anyone who cares to look through the headers.

So what is one to do if one wishes to remain truly anonymous when sending email?

The answer is: use remailers.

Remailers are special email servers that strip out all identifying info from the headers of your email as they pass along your email. Once those headers are stripped of identifying info, it will be difficult, if not next to impossible, to trace an email back to you. Moreover, some remailers are capable of using encryption, adding several layers of protection to your anonymity.

Your job in this particular sub-topic is to explain what remailers are and how to use them to protect one's anonymity when sending email.

There are two main types of remailers in use around the world. Type I (or Cypherpunk) remailers are the older type of remailer, but the anonymity they offer is necessarily limited. The newer Type II (or Mixmaster) remailers use encryption, remailer chaining, and several other techniques to increase greatly the level of anonymity afforded you.

You can read about remailers on the Remailer Lists/Info page here:

Remailer Lists/Info

I'd recommend that you start with the introductory FAQ's and documents found towards the bottom of that page and then move on to the more advanced discussions at some of the other links.

In order to use these remailers, however, you'll have to download and install special remailer software known as a remailer client (you usually can't use your standard email program, esp. with Mixmaster remailers). You can find remailer clients on the Remailers & Anonymizers page:

Remailers & Anonymizers

The most popular remailer programs (or clients) are Jack B. Nymble and Quicksilver, both of which are "front ends" to the Mixmaster client (which is a DOS program). Once you get ready to try out one of these programs, let me know, as you might need some pointers in order to get these programs up and running. And I'll be more than happy to exchange anonymous email with you so that you can see just what the remailing process looks like on the sending and receiving ends.

You might also look at the lists of secure email services here:

Email Services

Many of these email services allow you to set up email accounts to send anonymous email (as well as encrypted email)
Obviously, anonymous email is not for everyday use. (Although I myself know how to use these programs, I very rarely have good reason to do so.) Additionally, you'll probably also recognize that these programs have enormous potential for abuse. Nonetheless, anonymity is an important part of privacy, especially with email, which normally reveals all.

Crypto

Anonymity is one important aspect of privacy. Confidentiality is another. As we discussed above, standard email affords absolutely no privacy protection -- everything in the email you send is out there in the open as plain text and can be read by anyone who cares to look. And the people who might be looking aren't necessarily just the intended recipients of your email message. At any stop along the way to its final destination, your email can be intercepted, perused, read by any number of people. Surprised? You shouldn't be. As we said above, anything you say in email is as good as shouted in the public square. Your email, in other words, is not confidential.

So what can we do if we wish to keep the contents of our email confidential -- safe from prying eyes?

The answer is: use crypto.

Crypto is short for encryption. Encryption is the process of taking a plaintext original -- a message or a chunk of data -- and using a special code or cipher and a special key to transform or "scramble" the plain text into ciphertext -- text that is literally indecipherable (except by certain people). To make sense of that encrypted text, we use a key to decrypt the ciphertext back into plaintext. That's a very simple explanation of what encryption is, and while crypto methodology involves more complicated concepts and processes, such an explanation is enough to allow us to understand what crypto does.

Crypto basically allows us to take plain text that we wish to protect from the prying eyes of others and change it into encrypted text so that only certain people -- those with the proper keys -- can make sense of it. Put another way, crypto gives us the power to lock information up in a secure fashion so that only those with the proper keys can unlock it. Thus, we can use crypto software to protect the confidentiality and integrity of the data on our computers as well as our digital communications (our email) with others.

The field of crypto is a well-covered subject on the World Wide Web. You can find many web pages that offer accessible, "down-to-earth" explanations of basic crypto concepts and terms, as well as more advanced discussions of the crypto issues geared towards specialists. A good place to start would be the following page, where you'll encounter links to any number of intro guides, overviews, primers, and even dictionaries and glossaries:

General Crypto Info

While it helps to have at least a rudimentary understanding of crypto terms and ideas before we embark on attempting to use crypto software, we don't need to be experts to use the crypto programs that are out there. 

So what can we use crypto software to encrypt? Any number of things, including emails and other messages we exchange with other people. When we encrypt our email, we protect it from folks who might be tempted to take a look our email as it travels through the Internet to its final recipient. Even if our encrypted email were to fall into the wrong hands, the encrypted message would be unreadable garbage, because only the final recipient would be able to decrypt it in order to make sense of it.

With some kinds of crypto software we can also digitally sign email messages so that those who receive those emails from us can verify their origin and integrity, somewhat like we sign letters and other documents to allow others to verify their authenticity.

Pretty Good Privacy (PGP) 

At the heart of modern crypto solutions is the public key encryption system (asymmetric encryption), pioneered by Whitfield Diffie and Martin Hellman back in the 1970's. The most famous and widely used software application to implement public key crypto is Phil Zimmerman's Pretty Good Privacy, PGP for short. PGP has several core functions and capabilities, including:

In the more recent releases of PGP from Network Associates (NAI), which took over PGP a few years ago, this core set of functions and capabilities has been expanded to include:

...but these new functions aren't central to your discussion of using PGP to encrypt, decrypt, sign, and verify email messages.

PGP has proved to be such a popular encryption application among home users and non-specialists because it integrates so readily into one's everyday use of Windows and email programs like Outlook Express, Outlook, Netscape Messenger, and Eudora, making strong crypto almost as easy to use as more familiar applications like word processors and spreadsheets. 

PGP exists in a variety of different versions and packages, some free for home and personal use, some for pay. You can find an explanation of the various PGP versions and packages, as well as links to the many sources for PGP, on this page:

PGP Versions, Sources, and Alternatives 

That page also introduces several major alternatives to PGP, including the Gnu Privacy Guard (GPG), which is compatible with PGP because it is based on the Open PGP standard. 

Given PGP's popularity, the net is chock full of pages and sites devoted to helping you get started using PGP. This page contains links to some of the more helpful ones: 

PGP Information & Resources 

Again, keep in mind that you don't need to be a crypto guru in order to get PGP up and running; all you need is a little patience, some time, and a willingness to learn a few new and unfamiliar concepts. 

Email encryption is by far the most popular use of encryption. While PGP is the best known for email encryption utility, it isn't the only email crypto solution out there. On the following page you'll find links to other email encryption packages like GPG (discussed above), as well as online services like Hushmail, InvisiMail, and ZixMail:

Email Encryption Software 

The next page lists still more email services, many of which provide encryption capabilities of sort or another:

Email Services

Keep in mind that in order to use most of these email crypto packages, you'll need to be communicating with others who use the same packages. In other words, in order to use PGP to exchange encrypted with others, for example, those other people must also be using PGP (or some similar, compatible program like GPG).

At some point you'll need to install and use PGP so that you can write about and explain it to your readers. When you get to the point at which you're ready to try PGP, let me know. I'll help you set up PGP and configure it. We can then exchange encrypted emails so that you have a solid understanding of how PGP works. I know that crypto in general and PGP in particular may look intimidating and confusing at first, but once you get PGP running and send a few encrypted emails, I'm sure you say, "But that was so easy!" No kidding.

Digital Certificates and Signatures

As we noted above, PGP offers us the capability of signing and verifying emails so that we can guarantee the authenticity and integrity of emails we send to and receive from others. PGP isn't the only means of using digital signatures with your email, though.

If you use an email client like Outlook, Outlook Express, or Netscape Messenger, you can get a unique digital certificate from VeriSign or Thawte (companies known as CA's or Certificate Authorities) and use it to sign emails that you send to others. Those email clients can also verify emails from other people that have been signed with similar digital certificates. 

These digital certificates (and the signatures you can make with them) are based on the same crypto techniques as PGP's digital signatures. The difference here is that when you use a digital certificate from VeriSign or Thawte, the validity of that digital certificate (and the digital signatures based on it) is derived from the company who issued it to you (instead of the "web of trust" built for you by other PGP users who sign your public key).

For information about digital certificates and signatures from VeriSign and Thawte, check out the links on the PKI: SSL, S/MIME, Certificates, & Signatures page:

PKI: SSL, S/MIME, Certificates, & Signatures

Once you get to that page, you'll notice that there are links to other related technologies that aren't necessarily relevant to your research into digital certificates and signatures in email, so pay attention and ask questions.

I'd also recommend that you fire up Outlook, Outlook Express, or Netscape Messenger and take a look through the options menus for anything related to digital certificates. And don't forget to look through the Help files for those programs as well.

Your goal here is a simple one: explain what digital certificates are, what they can be used for, how to obtain a digital certificate, and how use it in one of the major email clients mentioned above.


Password/Passphrases

If you're using encryption software like PGP, one important decision that you'll have to make involves the passphrase that you use to protect your private key. Passphrases are, in a sense, just super-long passwords. Passwords, as you know, are often used to authenticate and authorize users on computer systems and networks and within computer software applications. You gain access to your email account, for example, by providing the email server a login and password. You'd be surprised, though, just how insecure passwords and passphrases can really be.

Whether we're considering standard 8-16 character passwords typically sued with email accounts or the longer passphrases used with PGP, it is important that we understand the weaknesses of poorly chosen passwords and passphrases and learn how to choose strong passwords and passphrases that won't easily fall to either brute force attacks or dictionary attacks. For information about passwords and passphrases, see the links on this page:

Passphrase/Password Info

Fortunately, there are a number of password utilities that can help us choose strong passwords and passphrases and then store them securely. See the programs listed on this page:

Password Utilities

Spam Combat

This sub-topic involves more of an annoyance than a straightforward privacy threat. Most folks hate "spam" (unsolicited bulk email). So how do spammers get our email addresses in the first place? How can we stop spam from clogging our inboxes? Your job is to answer those questions.

You should have a couple of strategies to offer your readers:

  1. spam do's and don'ts -- simple advice for protecting one's email address from spammers and for dealing with spammers when they do spam
  2. spam tricks -- we're mainly talking about munging one's email address in public postings and using email filters (also known as "kill files") to remove spam from inboxes automatically
  3. disposable email accounts -- folks need to know how to set up "junk" email accounts and then use them in order to protect their "real" email accounts from unwanted junk email

You can find plenty of info on spam at the many anti-spam web sites on the Internet -- look through the links on the Spam Combat page:

Spam Combat

...as well as the links on the Privacy Groups/Coalitions/Portals page:

Privacy Groups/Coalitions/Portals

And don't neglect the several "spam busting" programs that exist:

Spam Busters

Finally, you'll be discussing with your readers the usefulness of disposable email accounts that they can give out to marketers and other such people in order to protect their main email addresses from spam. This page lists a number of email services that allow you to set such email accounts (either POP3 accounts or webmail accounts):

Free Webmail/POP3 Providers

By its nature, this particular sub-topic isn't that complicated, but most of your readers will be very interested in learning tips and tricks for keeping spam out of their lives.

Email Etiquette

This last topic lets us turn the tables on our readers, so to speak. In all of the other topics introduced above, we'll be advising our readers how to protect themselves from others when using email. In this sub-topic, we'll be telling our readers how to act responsibly themselves when sending email in order to protect the privacy and security of others, namely their email correspondents.

The main objective here is to instill in our readers a sense of obligation and responsibility when corresponding with the people by email. Specifically, we need to teach them some common rules of etiquette with regard to such things as:

When people send large executable file attachments without warning, or use HTML email with blinking fonts and cute pictures, or cc: half the civilized world in every email, or forward on every dumb joke email that comes their way, they're not only being obnoxious, they're placing the privacy and security of their email recipients at risk, which is dangerous and just plain unacceptable. Our goal here is to persuade our readers to behave courteously and responsibly when sending emails themselves.

This Page Last Updated: Mar. 26, 2002

Home [frames]        Home [no frames]

Advice, Organization, & Compilation 
2000, 2001, 2002 Eric L. Howes