Free services make Gmail, Google Drive, Google search more private
Sendinc encrypts mail sent via a Gmail, Outlook, or other account; BoxCryptor encrypts Google Drive, SkyDrive, DropBox, and other cloud storage; and Startpage serves up Google search results without recording your IP address or otherwise tracking you.
It's no secret that any information you provide to a Google service is no secret.
When Google changed its terms of service last year, the company granted itself and any other company it chooses complete, unfettered access to anonymized (we hope) versions of all the messages you send and receive via Gmail, all the files you upload to Google Drive, and all the terms you enter in the Google search box.
As CNET's Rafe Needleman reported in April 2012, Google's rights go beyond simply perusing your personal information. Google's terms of service include the following:
When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
The U.S. government is pressuring Google and other online services to allow law enforcement to tap e-mail, VOIP calls, text messages, and other Internet communications just as they do standard telephone calls, requiring only a court order to do so. The Internet services claim that providing such access when a court orders it is anything but easy.
In a post that appeared yesterday on Thomson Reuters News & Insight, Joseph Menn and Mark Hosenball explain the Obama administration's proposal for facilitating such access and the technical and security hurdles it must overcome. In particular, ISPs are concerned about hackers exploiting any back doors the services would be required to build into their products to accommodate such government demands.
There's also concern that the government's current wiretapping activities exceed what the law allows, as CNET's Declan McCullagh reported earlier this week. Declan's subsequent post explains the U.S. Senate's response to reports of such warrantless e-mail searches.
Free service locks out all e-mail snoops
Law-enforcement agencies need to be able to access the communications of people they reasonably suspect of criminal activity, subject to the Fourth Amendment warrant requirement and other Constitutional limitations. On the other hand, there's no reason law-abiding citizens need to let Google, its partners, or any other third party "use, host, store, reproduce, modify, create derivative works..., communicate, publish, publicly perform, publicly display, and distribute" their private information.
Some people argue that the cost of using free Web services is providing the service with your personal data. Similarly, whenever I write about ad-blocking browser extensions I'm criticized for allowing people to freeload by not allowing sites to make money via ad clicks.
The vast majority of people using the Internet will not use an ad blocker, just as most people watch commercial television without recording the shows and skipping the ads when they replay them. (Is it unethical for someone to examine a product at a brick-and-mortar store and then go home and order the product online?)
Each day I send and receive dozens of messages via my Gmail accounts without worrying about Google scanning the contents. But every now and then I want to send an e-mail that I prefer not to share with anyone but the recipient. That's when I sign into my free Sendinc account.
Sendinc encrypts your message without requiring any downloads or browser extensions. It does require that you and your message recipients register your e-mail addresses with the service. Start by entering your address and a password on the main Sendinc page. The service sends you an activation code that you copy and paste into the registration page.
After your registration is complete, you compose your message and add attachments directly on the Sendinc site, but your own address is in the From: field. You then transmit the message to the company's servers using 256-bit SSL encryption. The service generates an encryption key for the message and encrypts it using a "military-grade algorithm."
The key is sent to the mail recipient as a link, at which time it is deleted from Sendinc's servers. When they click the link, the recipients are directed to the Sendinc site, where they sign in or create an account to view the message.
The free version of the service retains your message for seven days. Messages can be as large as 10MB, and you can store up to 100MB of messages with a free account. The free version limits you to 20 recipients per day and 20 recipients per message.
For $5 a month, the Pro account lets you send messages as large as 100MB, store up to 2GB of messages, and send to as many as 200 recipients each day and up to 100 recipients per message. With a Pro account you can retain the messages indefinitely, set self-destruct dates, retract messages, audit your messages, and send rich HTML messages. Multiuser corporate accounts cost from $25 a month for five users and provide more mail-management capabilities.
When I tested Sendinc, I was able to send messages to both ISP-hosted POP/IMAP addresses and Web mail accounts. The recipient is prompted to click a link in the e-mail notification to view the secure message.
You can't expect every person you communicate with via e-mail to be willing to create a Sendinc account simply to read the messages you send them, but for those times when you don't want Google, your ISP, or anyone but the recipient to be privy to the e-mail's contents, Sendinc fits the bill.
Add an encrypted folder to Google Drive, other cloud storage services
Google makes no apologies for not allowing you to encrypt the files you store on Google Drive. The company makes money by selling what it knows about you, so the more the company knows about you, the more money it makes -- at least in theory.
Google does encrypt file transfers and offers two-factor authentication to secure sign-ins, but the files you store on Google's servers are not encrypted. As the company explains on its product forum, you can encrypt the files before you upload them to your Google Drive account.
Several products and browser extensions offer to add encryption to Google Drive and other cloud storage services. I tested the Mac version of BoxCryptor, which is free for noncommercial use. The program is available for Windows, the Mac OS, Android, and iOS (an iTunes account is required).
The BoxCryptor installation wizard prompts you to create a new BoxCryptor folder or open an existing BoxCryptor folder. When you choose to create a folder, the wizard asks you to select a location for the folder (such as inside your Google Drive, SkyDrive, or DropBox folder) and to give the folder a name.
You're then prompted to enter your password twice. The service rates your password from weak to strong. The wizard warns you that if you forget your password, your data will be lost.
After the folder is created the installer prompts you to create a backup. If you choose this option, the program confirms the backup file and indicates where you can find information for restoring your account.
BoxCryptor places a lock icon in the Mac action bar for opening the encrypted volume, unmounting the volume, quitting the program, and opening its preferences.
When you open Finder, you see a new device named BoxCryptor. Save the files you want to encrypt to this volume. The files are stored in the folder you created within your cloud storage service's folder. You can access the files only through the BoxCryptor volume on the Mac.
The files sync automatically with the BoxCryptor folder inside your cloud storage service's folder. When you select a file in the subfolder, it opens in the BoxCrypt volume.
When you sign into your cloud service from another computer or device, you can see the BoxCryptor subfolder and its contents, but the files won't open. For a one-time fee of $45, you can encrypt file names and create an unlimited number of volumes; the free version lets you create only one volume.
Google searches without the tracking at Startpage
It isn't easy, but you can use Google search without being tracked. In January 2012, I explained how to prevent Google from tracking you.
There's a simpler way to get Google search results without leaving any traces. Ixquick's Startpage calls itself "the world's most private search engine." The service claims to be the only search engine that doesn't record your IP address. It also promises not to save your personal information any longer than necessary.
Startpage is "enhanced by Google," which means your Startpage search results won't be identical to the results served up by Google. In my unscientific side-by-side search tests, the two services returned very similar results in very different interfaces.
For example, when I did a simple search for "pistol annies," the top four results and six of the top seven returned by the two services were the same.
Google's results page has much more pizzazz than the text-only results shown by Startpage. You may not need the images and the other elements Google search results offer, but they sure make the results page more interesting. Startpage also loads the top of its results with sponsored links.
The one thing Startpage has in common with Sendinc and BoxCryptor is that most people won't often feel the need to use the service. For those times when you prefer not to share your Web searches with Google or anybody else, Startpage is the little search engine that won't tell a soul.