It's Your Security

In many regions today, merely communicating with 'undesirables' is considered adequate proof of a crime. You may be deemed an undesirable because of political, or even religious, beliefs. Even in more 'progressive' nations, privacy has become a scarce commodity.

There are a number of organizations claiming to provide secure email. Some are capable, while many are not. When considering any secure email service, do some research, and ask questions.

There is nothing more dangerous than a false sense of security, when, in reality, security is lacking.

Pronouncements of meaningless, or unknown, security 'levels' and protocols are smoke and mirror illusion, intended to confuse the unknowing. This is known as snake oil, and you'll find many purveyors of such security ' patent medicine' on the Internet.

Some services seek to beguile you, with claims of sincerity and common interests. Often, this is merely an attempt to obfuscate inexperience, inability, ineptitude, or even malfeasance.

Cost is one means of evaluating security services, but the results will be of no value if the comparison is 'apples-to-oranges'. Consider the cost factor appropriately, and seek answers to some basic questions.

Is the service run by a full-time, dedicated, staff, 24/7/365, or is it merely ego fulfillment or a 'hobby' for someone whose primary responsibility is in another field?

Are those responsible for running the service securely adequately qualified to do so? Consider whether someone having a degree, professional license, or experience in a totally unrelated field is truly qualified to be responsible for protecting your security.

Email security must extend beyond message content, to encompass headers containing information making it elementary to determine who, and where, you are. ANY self-professed email security service that fails to do so is putting it's users at great risk, and is, at VERY best, peddling snake oil.

You can determine this for yourself by expanding the headers on a message from any security service you're considering.

If you see two or more sets of Received: headers, with the last one displaying something like 'Received: from [218.89.xxx.xxx] (account xxxxxxx@xxxx.net HELO XXxxx)', this secure email service has just told everyone not only the sender's IP address, their ISP, and their location, they've even identified the private name of the computer the sender used. This is a gross breach of security, by any standard.

Look at the Message ID: header. In many cases, this seemingly random set of numbers and/or letters can provide absolute identification of the sender. If it's not a meaningless random number, your security is pseudo, at best.

An email security provider who doesn't remove such personally identifying information from it's user's outgoing messages is NOT, by any stretch of the imagination, providing adequate security.

Look, listen, ask questions, and become an active participant in your security, and you'll be much more able to make an better qualified decision

If you have any questions, please feel free to write us at: SecureNym