Electronic Mail

« tiếng Việt »

updated: 2022-09-13
(add solution)

~*~


Problems

~*~

Digitalisation are bringing us many benefits. But it also gives us problems that with the lack of knowledge, it is very difficult for the whole society to improve.

Past

Before there were any kind of digital technology, the only way we could communicate with other people was to either meet them physically, or call them on the phone, or send them a letter through the post office. All of these methods would cost us not just money but also time.

Digital technology has completely lifted this limitation when we can just communicate through the internet - the system of computers that are connected to one another all over the plannet. All of the sudden, we can read news from the other side of the world without having to wait for the newspapers to be printed.

To do any kind of interaction with the internet other than reading and watching the news, we need an E-mail address. An E-mail address is not just where we receive infomation that are exclusively transmited to us as individuals but it also provides us the ability to write to other people on this plannet without having to wait for a couple of months.

Other than having the ability to read, having an E-mail address is one of the basic requirement in this digital era.

Yet, instead of learning on how this technology work, most of us rely solely on faith that a service provider would give us a “free” E-mail address. I was also guilty of this just a very short time ago.

We have all forgotten the old saying:

“KNOWLEDGE IS POWER”

~Francis Bacon~

Present

The problem of privacy in this digital age therefore, I think is our own fault.

When talking about security, we should always think of who we want to be secured from. Unless it is face to face communication, we always have to dependend on tools, infrastructure and other people or third party organisations.

E-mails if use the way that most people are practising at the moment has worse security level than sending hand written letters. When we send a letter, no one in the post office system could read the content without the receiver knowing. Hence no one can change the content of the letter through out the delivery process.

In contrast, I am the administrator so I can read all the mails on the E-mail system any time I wish. This is not just true @trung.fun but it is the fact for every E-mail service providers.

The reason is simply because data are not encrypted.

The service provider can advertise as much security features as they want but at the end of the day if data are not encrypted from the client machine before being sent to the provider’s server, you can be sure that the provider can read the data. Hence encrypting the content of E-mails is the equivalent of sealing the envelope before putting it in the mail box.

This is not to mention everyone else can also read the data while it is being sent. This is because E-mails are digitally transfered through the internet. Noone really knows who is on the internet at any particular moment. And it is not just reading it, bad actors can even pretend that they are you and send mails under your identity if the providers don’t implement security techniques that are up to today’s standard.

This is why organisation such as banks still have to send confidential documents through the post office to their clients. Or require their client come to collect the documents on site so a face would show up on their security camera at the moment of transfer. But this year is already 2022 and the solution for all this security has been around since the 1990s.

~*~

Future

OpenPGP is the technology that was based on the original PGP which was invented by Philip Zimmermann and published in 1991. This is the technology that every software engineers have to use in order to work over the internet securely.

To summarise, this technology verify the identity of the E-mail address’s owner by a pair of keys. A public key (which I will visualize as a pad lock), and a private key (which I will visualize as a male key). It allows users to encrypt any kind of digital data with a public key. Only individual who has the private key is the person who would be able to decrypt and read the data.

If we think of encrypted data as gold in a chest that was locked then only the person with the key would be able to open the pad lock and get the gold.

Because this is a digital technology, the number of time we can replicate the pad lock is infinite. The user would only have to keep his|her private key secured to decrypt the data. And again, because this is digital, the private key really is just a tiny text file that can be stored on any memory card or hard drive. Or even print out to physical paper.

Personally, I think this file is easier to store than a key to a vault or identification documents. Because only the person who hid this file would know what it looks like physically. Not to mention the owner of the key can change device at will - unlike a passport or a key made of stainless steel.

Back to the bussiness of E-mailing, if the receiver’s public key is not available, the sender can create a signature file so that the receiver can verify that the data had not been changed through out the process of delivery. So even if other people can read our mail, at least this tech can assure that our content will get to the destination in one piece regardless of the service provider.

Application of this tech doesn’t just end with E-mails either. Apart from encrypting files with sensitive infomation, we can use the same set of keys to lock the access to computers. This same math is also used to secure credit cards, every website that we browse daily,….

The way I see it, this technology is more convenient than registering for a passport since it doesn’t require me to provide any other data to a central authority; it has no finnancial cost; and I didn’t need to leave the house to do it. The best thing about this is that it allows me to encrypt data as many time as I want, compare to when I run out of money and can only put up my passport once before someone would lock me in jail.

~*~


Solution

~*~

updated: 2022-09-13

All in all, nothing is as secure as good conciousness.

I won’t guide you on how to make a set of keys here since there are many people & organisations who have posted articles to do this for each OS. I only advise that if you truly want your infomation to be secured in this digital age, then invest a couple of hours or so to learn and use this technology.

Software

This is a list of software from OpenPGP:

https://www.openpgp.org/software/

The site below is the public key vault of OpenPGP:

https://keys.openpgp.org/about

Apart from storing public keys for the whole plannet, this page also collects PGP software that are compatible with the service for each OS:

https://keys.openpgp.org/about/usage

Just like me, you don’t have to be a mathematitian to use encryption technologies. But if you are curious, below are some lectures that goes into a little more depth on how this technology works by people who are way smarter than I am.

~*~