Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Privacy and security concerns using free e-mail accounts

Nov 8, 2013 8:44AM PST
Question:

Privacy and security concerns using free e-mail accounts

Hi all. I was wondering about privacy and security of using free
email accounts like Hotmail, Yahoo or Gmail? I remember reading
about it recently, but cannot relocate the topic. Certainly "Free"
email services come at a price. I know there are advertisements
being served as a payoff for the free services, but is there more
to it than just ads? How secure are these email services and what
price am I giving up in terms of my privacy if I use such
services? With so many people using these free email services, I'm
sure many don't even take the time to think what is at stake in
regard to their security or privacy, but I'm concerned. Am I wrong
for raising this question? If you have any insights for me on this
matter, I'd appreciate it.

-- Submitted by: Norm N.

Discussion is locked

- Collapse -
What Privacy
Nov 15, 2013 8:58PM PST

It's time to realize that privacy on the internet does NOT exist. The sooner that fact sinks in, the sooner you'll stop using the internet for private communication. The NSA and other agencies are always watching.
The more you try to hide things, the more you'll be on their radar screen.

- Collapse -
Guide for using TOR
Nov 15, 2013 10:32PM PST

I downloaded the guide from http://www.makeuseof.com titled "Guide to TOR". The intro is below: Read and HeedHappy

The issue of privacy on the Internet has long been a difficult one: there are a lot of good reasons that you might be
leery of strangers reading your emails or spying on the websites you visit - and there are equally compelling reasons
that various unscrupulous people, corporations, and governments might want to do just that. The whole issue has
come to a head recently with the revelation that the NSA has been illicitly spying on American citizens and others
through Facebook, Google, and Skype - including, probably, you.
This sort of invasion of privacy makes a number of people very nervous. If you're one of these nervous people, there's
some good news: a number of powerful tools exist which allow you to protect your privacy online. One of the most
useful of these tools is called Tor. Tor provides truly anonymous and untraceable browsing and messaging, as well
as access to the so called "Deep Web" - a network of anonymous, untraceable, unblockable websites, available only
through Tor, which provide everything from resources for political activists to pirated movies. The military-grade en-
cryption behind Tor is so powerful that it can't plausibly be broken by any organization on the planet.
While there are a number of ways to try to protect your privacy online, only a few of them are resilient against a really
dedicated adversary (like, for example, the NSA). One of the exceptions is Tor. Tor is designed to be, more or less,
impenetrable to any attacker without a completely implausible amount of computing power.
Even better, the software itself is designed to be easy to use without a technical background: if you can use Firefox,
you can use Tor.
In a nutshell, Tor is a powerful, easy-to-use piece of software that lets you keep your online life private. This guide will
provide a step-by-step guide to installing, configuring, and using Tor, and getting you started taking an active role in
defending your privacy on the Internet.

- Collapse -
FACT about the internet.
Nov 16, 2013 12:37AM PST

I am sorry to have to say that there is NO SUCH THING as "privacy", on the internet.

So-Called Security Tools, and Verifications, are completely USELESS.

Fact is, if ANYONE wants access to all of your information, all they have to do is go one line, with whatever web-pages you are using, then start a computer program called a Random Number Generator.

Consider this program to be like the lock-picks, used by police, and burglars.

And lets not forget the I.R.S., TSA, and "Homeland Security".

All of these groups, and others, use Random Number Generators, on a daily basis.

These RNG's just keep "shooting" random codes, at a selected computer, for days weeks, or months, on end, until they find what they are looking for.

These RNG's are the same program, used by the NORAD super-computer, in the movie WarGames, with Matthew Broderick. This movie is a perfect example, not only of RNG's, but of just how easily ANYONE, who really knows computers, can steal ANYONES identity, in less than five minutes.

This is why I LAUGH, openly, at "Security Safeguards", since I know how easily signals can be "piggy-backed".

Hackers know exactly what I am talking about.

- Collapse -
Who Isn't Watching?
Nov 16, 2013 2:34AM PST

As a person who watched the Internet grow up, I had always assumed a certain amount of privacy, after all, we always heard how police and government had to have court orders and probable cause, right? Forget it! I used a Microsoft IPO years ago when Dial up was the way to go. Over the years, I changed IPOs, and computers. One year, I went back to Microsoft as my IPO for my new computer. I logged on, set things up and was off and running. Two days later, to my surprise, My Favorites suddenly changed. I knew I hadn't done it, but some sites seemed familiar. Suddenly I realized that they were my Favorites from 5 years earlier, when on a previous computer, but on Microsofts home page. It then dawned on me, they had copied things off my PC, without my knowledge.
Recently, an FBI agent was interviewed on how difficult it was for FBI agents to get information on anyone. He said todays laws allow companies to gather all info on anyone, and then sell it to anyone. His job used to require a court order and wire taps, combing files for info. Now, they pay an annual fee and he gets all the info from an outside company, often within minutes. In fact, when pressed on the question of legality and constitutionality of pulling info off the internet or phone calls, he commented that all they had to do was ask our allies. Seems Isreal, the British, Canadians etc. all harvest the information, and there is no law saying they can't. As allies, we share info.
If you believe you have privacy, you must still believe in Santa Claus and the Easter Bunny. By the way, there is no Tooth Fairy either!

- Collapse -
Use Encryption
Nov 18, 2013 3:02AM PST

No email is secure. At least not the RFC-compliant stuff we call email.

The best you can do is strong encryption of the message contents at the end points / clients. That means the key is on the client, not on the server. You can do that using OpenPGP plus Enigmail plus Thunderbird, or a similar combo. You'll have to securely distribute your public and private keys to all of the devices you use to read email, or at least all of the devices you want to use to read and send encrypted emails. You'll also need a trusted way to distribute your public key to people you want to send you encrypted emails, and vice versa. By trusted, I mean in a way that they can be sure they have *your* public key, not the public key of someone pretending to be you. Having your key recipient read back the signature of the key they received over the phone with you is probably good enough. Exchanging keys in person is better.

Since you can use services like Gmail with POP or IMAP, you can use a setup like I described to send encrypted emails using those services. If you use the web service to read your emails, the encrypted emails will have contents that look, well, encrypted. Even then, you can download or copy/paste the encrypted text and manually run it through OpenPGP.

The biggest issue with stuff like that is convincing the people you correspond with to use it. It's really not that hard to set up now that there are plugins for email clients, but you probably still can't convince most of the sources who send you email to use it.

Even encrypting the message contents using tools like that doesn't give you complete privacy. An adversary can still determine who you email and when, and that you're using encryption. That information can be valuable in certain circumstances, but probably not the ones you care about. See the whole debate on metadata. You can mitigate the "who" part of the metadata by using anonymous email proxies and changing them frequently, but that's crossing into "how much hassle is your privacy worth".

There's a lot to be said for a good old fax machine when it comes to privacy. That's not secure from a nation-state perspective, but it's probably secure enough against the type of adversary you care about.

- Collapse -
An interesting site
Nov 23, 2013 7:54AM PST

Electronic Frontier Foundation SSD.eff.org