Good Sam Community

Secure communications is pretty easy actually- I can give my pgp signature and anyone could send me a message using it which would take even the NSA quite a while to crack. My public key (which is also on a number of key servers):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFMvIV4BCAC/enNBTSTbKaTY97kcn/kKYUpFZzD6A23hWZrA+7tb7EILHdEs
qCyfyStpN7wYlyIbM51sVhtWZa05ORtg2s1qSQnnokZaOlqjShgbYUooLRwZoLRP
OGIkZwrlzHbgAGRAnZWEECVIizakMMEOCbJODTL6cFSZXPOVhXVEHgLNl/lM8Fml
UlEEaodQliidwmxf+fdF9zZv976vJn/q1i5jOH5MgDxXQwakgGdVCRWI4x6M7Lhl
s1ndwaMQL83UhULhTAhUq/vPHpYwjMVyKAyzUPAJKFbKwnjoRUIbuuLZqno728Nh
p3Yg33J5ESV6D5GpSIayTh3E0/yfy0Lb1S2zABEBAAG0M0NocmlzdG9waGVyIEQg
QnJ5YW50IChuZXcga2V5KSA8Y2hyaXNAYnJ5YW50cnYuY29tPokBPgQTAQIAKAUC
Uy8hXgIbAwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQxM+kxinT
DONsrwgAsMU7lMHVwluiNrC7dmASynK0t8wTFteVNOxRtwOAERhXdYhtARrTLjPY
j+9CA4Hj0PadRvhrfKFpG1L0kik2MvYp5XlsCbDPGDRQ6TTJWaR+a3JE/3tg0lDH
rQ7Bt8MTfsJmNucy1/velEfmISHu68uvf6sUvyfjgZFHF06M0Aw8zFWY1R8JO1J3
kZrQ0d1De8WZC1JCkju8WwdJ/4qgs+ZSXI+uYk3BMDqDN2ZJxh2y9EXvnDyey+nM
ydSolPKPPbcSSHv2hxd/ZMkishRBf8w6evbgRaIp3x0FTfHV0BSsdtqs3aSbIVor
a0F0NRXNyH856lxdnjZ1Ke25ENJFirkBDQRTLyFeAQgAx6ZtbnXEGEnbhZZ3kts4
IOHIfY4TDNyuDG7Qd2m/bzHp5duOXDCePgf5ghxha1xX6OSgTStdQB49iiY+6FNP
4TBe2A4U1niMmKvwNYbjrOnMOaQ/6kukcUq2ERqa77ORaFC5aT6pnQaOspH6eUbu
XOm7gH8b1HCt6W9+/nPbIzhPuPwkzgKXvvIDKyfOkoHh5JtrnEcKlfhJPc645TEd
aUaab/4468JYMUhMd64O4mH6kpnPS/W42/ENlYplo/z7YXs5lMJoErfg4rAPQ7Em
vQHfg892Kmzffh0EPcA0roluuCrXxQL5tKKKhPf8kwJa+v0FuSnj1M+voeaqO3Q+
IQARAQABiQElBBgBAgAPBQJTLyFeAhsMBQkB4TOAAAoJEMTPpMYp0wzjQu8H/jRa
DIlLQsrD9Sa0ZoipiZnVX4wbmH/X30q1erdovzBvgakyTWJbC1RXLAzKSiBk/O1C
1zU39/5N0sI3AirhXB9/olzrDjE/QmLGdMwJ+teuppXbfSZ+1+q5yZhBKGFa1MLs
yazl++XjcvG2XW3CPI1h8zoDZuMlY5Gwsi5FUhjQsCqcHBvC1tS9MqI0KR8SWAPj
29MT91BbBU9o7ppcU04w4ZH4ElQXX7DoOP1EGZJlG7lYzZ/62/SxlxlK3bJsdS9U
gQuMjYK/oU2HX5hA00gqOPifReqhLPzKnX58iMLaVlbpyzCKk7d4qtp/AYFqsNYE
Dna9gnV3GeZf4dcKZI4=
=0nhE
-----END PGP PUBLIC KEY BLOCK-----

Using pgp, anyone could send me a message that only I (with my secret key) could decrypt. Not sure which program is best on Windows, but http://www.gpg4win.org/ should work well.

If you decide to use Gmail, log out of it when you are finished, and uncheck the box that says "stay logged on". Otherwise, your browser will target ads based on your searches. So if you stay logged in and search for a new gas grill, you will get bombarded with ads about grills.

There is no such thing as secure email and there is no such thing as a secure computer. You are taking your chances no matter which email client or service you use or anything else when it comes to a computer that is connected in some way to the rest of the world. It is just something to accept. If you don't believe this talk to the major corporations and banks that are now regularly being hacked one after the other.

Bottomline, Gmail, Outlook.com, Yahoo Mail, and even AOL now provide SSL(https) encryption for both email login and sessions, so your email is secure using open public WiFi. No one can read it, as it appears as random characters even if intercepted by a man in the middle. My only advice would be to log out of your email account when your done. Don't just navigate away to another website before doing so.

BTW, if using public WiFi, turn off file and print sharing.

If often using public access, you might look in to a good Virtual Private Network service. If you *really* want secure email, there are providers like RiseUp, but the NSA doesn't like it 🙂

There is no secure email as such. The problem is using any public WiFi service anywhere. We pay for a Mifi device that connects to Verizonwireless towers and pay for internet connectivity. It is cheap compared to dealing with problems with security and malware and other problems.

Same applies doubly with any phone or tablet that is set to automatically connect to a local WiFi signal. It takes seconds for your smartphone to get hacked.

fj12ryder wrote:
And because email is considered not secure they won't, and perhaps can't, send your medical info in simple email

Even if I allow it, they won't. And they won't ebill yet either. That's the biggest billing problem I have when travelling. Medical bills are notoriously slow and often incomplete, and unforwardable. It's a real pain.

2oldman wrote:
I guess this discussion boils down to: What kind of information is the OP talking about? If he ever comes back, maybe we'll know.

Finally, the medical profession is using MyChart, where they will actually answer questions, set appointments, and many other tasks that they have refused to do via email.

fj12ryder wrote:
but do you sign into your bank on an unsecured website?

Can't. But I will do it on public wifi.

Exactly, MyChart is a secure site, and your information should be pretty safe. And because email is considered not secure they won't, and perhaps can't, send your medical info in simple email. My wife runs into the same thing with her doctor/s.

Yeah, I'll use public Wi-Fi for most stuff, a much different kettle of fish. 🙂

I guess this discussion boils down to: What kind of information is the OP talking about? If he ever comes back, maybe we'll know.

Finally, the medical profession is using MyChart, where they will actually answer questions, set appointments, and many other tasks that they have refused to do via email.

fj12ryder wrote:
but do you sign into your bank on an unsecured website?

Can't. But I will do it on public wifi.

The chances are small true, but what are your chances of having your password and user ID being stolen out of the millions and millions of them out there? A low percentage, but do you sign into your bank on an unsecured website?

That is the reason any reasonably secure organization will not send secure information in an unencrypted email. It's just not smart.

While the connection between your PC/Mac (not a phone by app by default!!!) is secured using the same encryption technology your bank uses to create a secure connection (Called an SSL)

Once the email you send leaves your provider (e.g. Outlook/hotmail, gmail, yahoo! mail), it's unencrypted straight text which can be pulled from the other of trillions of packets bound for your recipient.

The only true way to insure that the contents of the email remain "safe" are:

1. Using a third party (e.g. Zixmail) where your email is encrypted when it leaves your machine and his hosted on the Third Party's server.

2. Encrypt your email on your machine and then send it onto your recipient and provide them with a decryption utility (PGP)

Short of that, once it leaves your provider, it's fair game.

I work for an financial firm and we go through this all the time and yes, it's a pain, and yes, it's not without problems, but if you want to secure your customers data it's the only way to thwart the "bad guys"

fj12ryder wrote:
That is why email is like a postcard, it can be read anywhere along the line if someone cares to intercept it and has access to the network.

In the world of the possible, yes, that's true. But to consider email 'insecure' because of that would be irrational, in my view.

It's the same discussion as public wifi. Yes, anything can happen, but the odds of it happening to you are so small as to be negligible.

It's infinitely easier to read a postcard than intercept email.

No, all you need is software called a "packet sniffer". Here's a short explanation of how it works"

Packet Sniffer .

Notice that email is included in what can be read. No hacking skills required.

That is why email is like a postcard, it can be read anywhere along the line if someone cares to intercept it and has access to the network.