So today I wanted to share something a bit off topic, but it is something really important to consider in this modern digital age. Some of you may already be aware that I am in the process of changing carrers. For the last 15 years or so, my day job has been in physical security. So recently I decided to jump across into the information security industry. Why? Well mainly because thats were all the money is. And my motivation is quite simple. Like many, a wife, three kids, mortgage and all the other bills need to be looked after and sadly the life of a Ruinhunter dont pay the bills, so in order to take care of all these things and continue my Ruinhunting activities a change is needed.
My first step on this journey was to complete a cyber security course, which I just finished this week. It was a real eye opener and learned alot about securing both personal and work data and information. One major issue I came across was email? We send emails every day, some are mere chat messages, but many can be confidential. Ask yourself this question?
How Secure am I???
Despite what you think, and what the big providers would have you believe. When you send an email, it is like sending a postcard in the regular mail. Anyone can read your message on a postcard as it travels to its destination and you will never know. But then again, postcards would never really contain any private or sensitive information right. Its usually a message from Auntie MAry to let you know she is having a great time on holidays. Well your email works the same way. Any most likely it contains information which might be sensitive. Have you ever sent details in an email that you wanted to be private? Maybe copyrighted images or a transcript of your next novel to your publisher? Perhaps communications with your bank or solicitor? Well the fact of the matter is you might have well sent them on the back of a postcard!
Never fear, all is not lost, you dont have to discard your Gmail, Yahoo or Outlook acccounts just yet. There are a number of encryption prograpms that can be used to secure these email messages. Some examples of tools available for encrypting emails include:
- GPGMail – this tool is designed to integrate with the Mail software provided by Apple. It can be used to both encrypt and digitally sign your email. It is easier to configure and use than the Windows tools, but is only useful if you use a computer running OSX.
- Mailvelope – this is a plug-in for Google’s Chrome browser that uses an implementation of the Open PGP standard. It works with a variety of web-based email systems, such as Gmail or Yahoo Mail.
The problem with these tools is that they can be quite awkward to use and require the reciever to also have the program. I wont bore you with all the tech jargonbut suffice to say that the encryption process requires both parties to have a private and public key each. These keys are used to secure messages.
Well to the purpose of this article. I have found a solution to easily send and recieve secure mail which is pretty much hassle free. Many would have heard of the CERN facility in Switzerland, famous for its Hadron particle collider. Well a bunch of brains from the facility got together on a little side project in reaction to the 2013 disclosure of global surveillance and interception of email by the NSA. And what they came up with is ProtonMail.
ProtonMail uses a combination of public-key cryptography and symmetric encryption protocols to offer end-to-end encryption. When a user creates a ProtonMail account, their browser generates a pair of public and private RSA keys. The public key is used to encrypt the user’s emails and other user data. The private key, which is capable of decrypting the user’s data, is symmetrically encrypted with the user’s mailbox password in the user’s web browser using AES-256. The public key and the encrypted private key are then both stored on ProtonMail servers. Thus, ProtonMail stores decryption keys only in their encrypted form, so ProtonMail developers are unable to retrieve user messages.
Idealy this system works when both sender and reciever use it, but you can also send secure messages to a non user at the click of a button. They will however need a password (temporary key) created for that message which you can send them via other means. when they recieve the encrypted mail, they will be prompted to enter the key in order to view the message. After waiting for two months, I finally got my Proton account and have been using my new security knowledge to put it through some tests. I must admit, Im really happy with it, and feel quite confident using it to send secure messages which cant be intercepted by anyone, even the proton developers, its almost foolproof. You can find out more about it by checking out the Protonmail website HERE. On the downside getting an account takes some time as it is a free service, the amount of accounts is limited due to resources, but I for one think it was well worth the wait. If you would like to tey it out you can mail me at firstname.lastname@example.org and ill send you back a secured message. Please feel free to leave a comment, I would love to hear your thoughts. Normal Ruinhunting posts shall resume tomorrow 🙂