Ask Leo!: Email Privacy

Why is it so bad to leave the email addresses in an email I forward?

leo@pugetsoundsoftware (Leo A. Notenboom) — Tue, 04 Oct 2011 13:16:48 -08:00

When forwarding an email, what risks or problems are there when all of the prior email addresses are included?

]]> Well, first of all, I want you to make sure that you really want to forward that email. If it's something that's pages and pages of email addresses followed by some content, it sure does feel like it might be an urban legend that shouldn't be forwarded at all.

But, assuming that the email is something to legitimately forward, it all boils down to a couple of things:

Spam and privacy.

What can someone tell from my email address?

leo@pugetsoundsoftware (Leo A. Notenboom) — Sun, 02 Oct 2011 09:38:48 -08:00

I was on a dating site & I received a message from a lady & she gave me her email address so we could talk privately in which I emailed her back. Now that she knows my email address, can anything bad or dangerous happen? Like a virus or having my account cleaned out? My email is with Google.

]]> Ultimately, it really depends on your own level of security savvy, as well as how you've used that email address in the past.

For example, you could just have given your email address to a spammer.

Unfortunately, that's not the worst that could happen.

Can encrypted e-mail be sniffed?

leo@pugetsoundsoftware (Leo A. Notenboom) — Thu, 01 Sep 2011 10:05:34 -08:00

Can sniffers be used with encrypted email like Gmail? Aren't https connections secure even for public/ wireless connections? Someone told me Gmail was hacked by China. Can they do this?

]]> There's a misconception here that I want to clear up: Gmail is not encrypted mail.

In fact, encrypted mail is very rare.

I want to cover what encrypted mail means and how it relates to https.

And then I'll talk about getting hacked.

Is it safe to get receipts and statements in email?

leo@pugetsoundsoftware (Leo A. Notenboom) — Thu, 07 Jul 2011 10:43:38 -08:00

From a security-wise perspective, should I get my receipts (i.e. from my insurance, ISP, or cellphone provider) by email or snail mail? I use https, but I don't know what kind of security goes on the sender's side. To my understanding, I cannot use PGP as corporations don't use it.

]]> As I've discussed before, email is basically an unsecure medium.

Even if you use https to connect to your webmail provider or the equivalent ssl connections for the POP3, SMTP, or IMAP connections to your desktop email program, that's only securing the last leg of your email's journey to you. Most email remains "in the clear" as it travels from email server to email server on the internet.

From a practical perspective, that's typically good enough. Considering that most people don't use https or ssl when they should, however, it's important for you to think about ways to transfer important and sensitive information more securely.

Why should I use a different computer to send anonymous email?

leo@pugetsoundsoftware (Leo A. Notenboom) — Wed, 14 Apr 2010 08:00:00 -08:00

About sending anonymous email. You say "step one use someone else's computer...or public library computers." Question: why use someone else's computer? Why not to take a laptop to an internet cafe, create fake account there, send an email, and then later check responses not from home? Do PCs, laptops have a unique ID?

]]> Computers don't really have a unique ID that would make it into your outgoing email.

However.

Email headers sometimes contain a lot of information that, when examined, or used with other information, can often result in some surprising deductions.

Like "Oh, it must've been Leo that sent that email!"