I was reading this article and I began wondering how many of you on the SDMB use email encryption?
Email sent unencrypted is totally available to anyone who wants to take the time to copy it off of the wire. And protection standards have been in place for quite sometime now. But is anyone using it? How many of you protect yourself?
Please post whether you bother or not, and if you do, what form of protection you use. What app or method?
Thanks 
Did I get anything good?
But seriously, I try to follow the “If I don’t want to see it on the fron page of the Times, don’t send it in e-mail philosophy,”
At my company, we use plaintext for the mundane stuff, but we encrypt anything sensitive (proposals, bids, system admin info, etc.). We use PGP, which integrates well with Eudora. We also use an encrypted IM app when needed.
heh , i used to use PGP , but then my PC went all funny , then i got a new PC and i barely ever get emails anymore anyway , but then i don’t think the government is interested
in stuff i do , like how bad my day was , happy bday msgs etc
PGP is really easy to use and it is free. It has a great pluggin for Eudora and probably outlook and netscape. I have seen pluggins for pine, kmail etc. But it takes two to tango nobody I correspond with uses encryption for email so I don’t either.
i’m quite aware of encryption options available, but i rarely ever use them 'coz i don’t send much sensitive data over the 'net. also, i see keylogging as a greater threat to most users than interception of the transmission mid-way to destination.
i recently tried dissapearing email ( which is not encrypted, but it’s an interesting concept ) from www.omniva.com, so the email self-erases after a set period of time, and doesn’t allow you to print, save or screen capture it. i’ve found it interesting but not too effective, 'coz i managed to get a screen capture anyways.
but i’d say a lot of ppl use PGP.
What kind of event would it take before you decided that encrypting email really is worth the effort? Would it take a global email disaster?
I think this is hardly true for most users. Keylogging is certainly a way to gain access to everything a user does and it has been used by the Feds et al. to circumvent encryption, but it has a much higher threshold for involvement. To keylog, you have to gain access to a machine and install software or hardware to do the logging (except for wireless keyboards which spew your strokes for all to see and various van Eck attacks which read E/M emissions). Sure, you may be able to penetrate my firewall, crack my OS and install your software or sneak into my office to slip a transmitter or recorder in the box, but that’s relatively hard.
Any bored sysadmin or cracker on your mailserver, my mailserver, or any of the dozens of hops in between can read our mail. Do a traceroute between your box and the domain of someone you send mail to. Do you think keylogging your machine is the easiest attack against your communication?
Sure, you should be concerned about security on your local machine, but this is a completely separate topic from securing communication. In an office situation (or school, or public terminal), your employer might certainly be monitoring you, but I’m more concerned about concealing things from the competition than from my co-workers.
I’ve read several debunks of these self-erasing systems, but I can’t find a cite right now. Do you have a brand name you were interested in that would help me track them?
In general, there’s no way to really do this. It suffers from the same fundamental problems as copy protection in that you want to allow me some sort of access but not another kind. I’ve seen literally dozens of products that purported to prevent copying, even by screenshot, and not one of them stood up to even a few minutes of experimenting.
Sorry xash, I skimmed past the company you cited. I’ll check them out.
I don’t put sensitive info in email so I really don’t care if anyone reads it. I don’t see a valid concern for a global email disaster. There are enough pc idjits out there that email viri and worms will always be a problem. The only way we could have a hope of stamping them out is by making computers too difficult for the avg. schmuck to use. Since that isn’t going to happen, just don’t use email for anything important. There are lots of other areas of computer use where security is a bigger problem. Ftp,telnet,DNS and so on. I’m a unix admin for a large telecom software developer and email is the least of my concerns. We have a company policy that states confidential material must be encrypted and even the managers don’t follow it. The OS that handles your email should concern you more.
If you want really devious encryption, try
http://www.spammimic.com/
Now that’s genius. Of course, it might defeat the purpose of the encryption if your recipient’s mail filter deletes your ultra-secret missive. Oh, well. Such is life.
Omniva is formerly Disappearing, Inc. This article discusses them and their competitors:
http://www.glreach.com/eng/ed/it/151000.php3
And here is Schneier’s commentary on this kind of system in general:
http://www.counterpane.com/crypto-gram-0005.html#TrustedClientSoftware
I don’t know if Omniva has changed its system in the year since these comments were made. I think it looks like a great system for managing archival enterprise systems, but I wouldn’t rely on it to get rid of anything you wanted to be temporary and “eyes only”. In any case, I don’t think it’s a substitute for end-to-end encryption.
Polling threads belong in IMHO. Off it goes.
bibliophage
moderator, GQ
I couldn’t care any less if people read my mail. It is always really mundane stuff.
“Hey, did you get my last email? Anyway, call me at 8, c ya”
It’s never much more complex than that, even with my eBay stuff
Nope, can’t be bothered with encryption, but then my emails are pretty pedestrian; no credit card details, no plots to overthrow government etc…