YOUR ALL-IMPORTANT EMAIL PRIVACY
SELF-DISTRUCTING EMAILS AND ENCRYPTION
By Ralph D. Thomas



The last time you were on vacation, you might have picked out and purchased one of those attractive picture post cards of the wonderful attractions you had just had the opportunity to see and wrote out a little message about how much fun you are having to the folks back home. Millions of people do that every day. You know the typical message like, “Having a great time and wishing you where with us.” You don’t really wish the folks that are watching your kids or your dogs to be with you because if they were, you wouldn’t be where you are. But it’s a polite thing to say. The problem with post cards like that is that once you drop them off at the post office, they get handled maybe several dozen times. Every time another person picks the post card up with their hands to get it from point A to point B, the handler can read your message about you wishing the folks back home where with you. Email works in the same manner. It might pass through a number of assorted servers to get to the email address that you sent it to but it always gets to the party you have intended. The problem is, anywhere along the line anyone can read the message including the friendly mail carrier that delivers it to its final address.

I hate to be the messenger of really bad news but those hundreds of emails you have sent out in the last couple of months work the same way. You are sending a kind of digital post card that is not in a sealed envelop which anyone along the path to the address of your sender can read. That is the bad news. The good news is that you can easily use encryption. It has become vital for you to use encryption in your private email messages to avoid this security problem. It’s also important for you to know and understand what is it, what it does and how it works. Here is a brief overview:

Encryption of email messages simply uses a garbling mix based on a mathematical process. Here is a message I wrote before encryption:

 

Subject: An Encrypted Message
Message:
This is an encrypted message. It will self-destruct in 30 seconds.
Ralph Thomas



When encrypted, the message looks something like this.

 

*%*4187bb30e92d321cfaa26d427421b1755add6af6c78d650cdb0772e0b44e574b8746589fe
7ee85247daf337bdab54290f7bf55f95c8241607783b0e54bacbe561e816e427064a759907ed0f
0b3ca4b5892ddca3c7f9ebecb9ee22fb9a5815e042087ee3fe6bf8a5ca06fdf68b77d317399e61b7
cab8220e2385495d6287c0972ac6edbe2af582e2795ac6379a139b1cdab25



For the last hundred or so years, encryption has been used by governmental agencies in written documents to keep secret diplomatic and military secrets. However, in today’s world it is increasingly being used in connection with email.

The person on the other end must have a key code that unlocks the message. Up until a few years ago, there was software that one could purchase such as a program called Pretty Good Privacy that would do this. However, these software programs, although not what one would call that difficult to learn to us, had some learning curve. That has all changed because you can now do all this online. Perhaps one of the best known of these services is called HushMail.

To find out about HushMail just go to:
http://www.hushmail.com

Here is a basic description of Hushmail from it’s web site:

The Need for Hushmail
As more people start using the Internet to conduct their daily business, nearly everyone now needs to consider the issue of online privacy and whether to use an encryption solution to secure their electronic communications. Sending an unencrypted e-mail is like posting a letter without an envelope. The information you receive and transmit can be routinely monitored, logged, analyzed and stored by third parties. In addition to the basic human right to privacy, email users must consider the importance of keeping business communications secure from rival organizations and should only send data in an encrypted format. The same concerns apply to the transmission of medical records, sensitive legal, military or personal information. Every time you send email, you trust your messages and privacy to nameless and faceless individuals or organizations that frequently have no guidelines and no concerns for your privacy or security.

By contrast, Hushmail keeps your online communications private and secure. Not even a Hushmail employee with access to our servers can read your encrypted email, since each message is uniquely encoded before it leaves your computer. A Hushmail account lets you communicate in total security with any other Hush member anywhere in the world.

Who uses Hushmail?
Here we've listed just a few examples of organizations and industries that are typical users of secure online communications:

• Financial institutions
• Banks
• Stockbrokers
• Insurers
• Law firms
• Employment agencies and headhunters
• Healthcare providers
• Research and development
• Universities
• Manufacturers
• Importers and exporters
• E-commerce companies
• Service industries
• Affinity groups
• Online catalogues
• Portals
• Government and military agencies
• Security-sensitive businesses
• Informative and interactive sites
• Web design firms



How Hushmail Works
Hush uses industry standard algorithms as specified by the OpenPGP standard (RFC 2240) to ensure the security, privacy and authenticity of your email. With Hushmail, users need only create and remember their own passphrases, and the secure Hushmail server does the rest. Encryption and decryption are transparent to the user, making Hushmail the most user-friendly secure mail solution available. Through the Hush Encryption Engine™, the Hush key servers take care of Public/Private key exchange in a completely seamless fashion. When a user wishes to encrypt/decrypt data or verify/sign a signature, a connection is automatically made to a Hush Key Server to retrieve the necessary Public/Private Key. It's that simple! Only Hush's solution provides such a high level of security combined with total ease of use. The descriptions below will give you an overview of how the Hush system secures email.

Figure 1
2,048 bits of random numbers are converted into a pair of keys -- one private key and one public key. (What the public key locks, the private key unlocks, and vice-versa.) Every Hush user will have his or her unique pair of encryption keys. The user's passphrase encrypts and decrypts the user's private key so that no one but the user ever has access to it. Not even Team Hush.

Figure 2
The passphrase, combined with the AES algorithm, symmetrically encrypts the private key. A one-time message key, unique to each email that is sent, is used to encrypt and decrypt the email message itself.

WARNING! WARNING!
Encryption Does Not Solve The Only Problem!

Say what does Oliver North, Bill Gates and Monica Lewinsky have in common? They, like millions of others, have been embarrassed by emails from the past. With almost ten billion email messages sent worldwide in any given day, the volume of email is massive. But the fact is, emails does not disappear. They linger around sometimes month after month and year after year. If you think a private email that you sent to someone last week, last month or last year could never become a public problem, all you have to do is ask the three people mentioned in the first sentence of this article about that. I mean, the way email is done, that email you sent just five minutes ago could outlive you by many years. You should instantly understand the danger. You send a private email for the “eyes only” of the party to who you sent it to. They read it but then don’t keep it very private. The next thing you know, your private message to one person has been posted to eighty list serves and so it can be reviewed by thousands of people Your last name doesn’t have to be Gates, North or Lewinsky for one of those “private” emails to –ah--well maybe show up, with the help of some evil doers, on stuff like America’s bleeding heart liberal’s printed voice of America, The New York Times or on an assorted number of liberal based phony-baloney television talk shows. I mean, you could encrypt your email so only the person you sent it to can read it but you should now understand. There is still danger lurking around. The mere fact that someone can save an email you sent that could out live you should send enough red flags up a flag poll in your head if you care anything about the people you might leave behind after you have gone on to the great white clouds in the sky. I mean once an email is decrypted and the good friend opens it, there isn’t much you can do to prevent anyone from publishing your private message to them to the world. If you don’t care about yourself, for God’s sake do some brain thinking for those you leave behind when you die in case those old emails that might live until the second coming of Christ might someday surface to cause some problems to those who remain in this world that you might love. I mean let's face it, if Al Gore practically invented the Internet like he said he did, he certainly forgot to consider these kinds of problems just like he forgot to consider the ramifications of a lot of other things including Bill Clinton. ( I just had to get that in)

Enter the World of Self-Destructing Email came along.

One of the most amazing services you will find very useful is called:

Self Destructing Email
http://www.self-destructing-email.com/


Besides the ability to make email self-destruct after it has been looked over by the receiver, there are a number of other very helpful features that deal with tracking the email, as well as notification that the email has been opened. Not only that, this service gives you the ability to make it somewhat impossible to forward, copy, save or even edit the email. With it, it’s like a modern day Mission Impossible audio tape has been invented for the email digital word. I promise you however, that this article is not going to self destruct after you read it even though email from this author might.

 

A Screen Shot Of The front page of SelfDestructingemail.com



Above is a screen shot of the front page of selfdestructingemail.com Here is a description of the Self Destructing Email service from their web site:

Self-Destructing-Email provides these easy-to-use additions to your email:

Full Tracking, so you can reliably find out when your email gets opened, how long it gets read for, whether or not it gets forwarded to someone else or published on the internet, where the reader is located, and much more.

Certified Proof of posting, delivery, and opening. Self-Destructing-Email is the first and only place you can get irrefutable digitally signed certificates to prove exactly when you posted an email, exactly when it got delivered, and exactly when it was opened and read.

Security. Aside from the peace-of-mind you get from our digital certified certificates, you can also send self-destructing emails or use ensured-delivery messages, both of which guarantee that you will always get a notification when your email gets read, and both of which will allow you to retract your email after you have sent it. Yes - you can delete your email before, and even after, it has been received by your recipient, any time you like.

Ready-to-Use. No downloads or plugins are necessary. Self-Destructing-Email already works with all popular email packages including all web-based services, on PC, Mac, Unix, and most other computing platforms. Self-Destructing-Email can also track your Microsoft Office documents:

Full Tracking, reliably find out where and when your Word, Excel, Powerpoint or other Microsoft OLE documents are opened. Track their movements and find out if they get given to other people !

Easy-to-use:
You just compose your email the same way to already do using your existing email program or web page, then before you click send, merely add ".self-destructing-email.com" onto the end of the recipient email address to track your message or activate any other Self-Destructing-Email features. eg: to track an email to drakecn@yahoo.com, send your email to drakecn@yahoo.com.self-destructing-email.com

Coming soon - we have an optional email program plug-in to help you access your tracking and other Self-Destructing-Email features. It is an extra button on your normal email toolbar which, when pressed, automatically activates tracking etc for your email.


Easy to understand:
Our read-notifications are delivered in plain English (or coming soon - your other selected language) and describe the full tracking history of your email.

The read-notifications are fully RFC compliant and compatible with your existing built-in email tracking, threading, and flagging features. You can now for the first time rely on the exact delivery status of your sent emails being correctly and reliably reflected right from inside your favorite email program! Feature Packed:

Read-Notifications can be delivered to you by email, by SMS message to your mobile phone, by ICQ instant message, by pager, and on your own personal email-tracking-history web page on this web site.

Self-Destructing emails can be sent right from within your normal email program, letting you specify whether or not your recipient is allowed to print, mark/copy/paste, forward, or save your email, and how long they are allowed to read it, before it permanently erases itself.

Ensured-Delivery allows us to guarantee that you will be notified when your email gets opened. If you don't get notified, you know for certain that your email was not opened, and when you do get notified, you know for certain that it was!

Message Retraction is possible when you are using Ensured-Delivery and Self-Destructing emails, which lets you delete the email you have sent, either before or after it gets opened.

Proof-of-posting certificates provide you with irrefutable evidence stating the exact date and time that your email was posted. They are digitally signed to prevent forgery and to irrevocably link the contents and headers of your email to the date and time of posting, and the digital signatures are detached and published which creates and indelible "digital paper trail of trust" making it impossible to change or forge the date and time. This extreme level of trust, accuracy, and reliability far exceeds anything previously available, especially any existing paper-based receipts.

Proof-of-delivery certificates, like our proof of posting one, provide you with irrefutable evidence of when your email was delivered to the mail server of your recipient.

Proof-of-opening certificates are completely unique to Self-Destructing-Email, and like our proof of posting ones, they provide irrefutable evidence stating the exact date and time that your email was opened, together with additional information about who opened it, where they are, and how long they read it for. Nowhere else in the world can you get this facility, except for here at Self-Destructing-Email.com

Click-Through tracking is an option you can choose if you want to know whether or not your recipient clicked on a web page URL link that you sent to them in an email. If you email them a URL, and they click on it, your read-notification will tell you exactly when they did.

Tracking banners are optional, so you can decide whether or not to automatically tell your recipient that you are tracking your email to them, and if you do choose to tell them, you can decide what to say.

Support for traditional "Delivery Service Notifications" DSNs, "Message Disposition Notifications" MDNs, and "return receipts" is included. Although existing "return receipts" aka MDNs are notoriously unreliable and hardly ever work, with Self-Destructing-Email.com you can enable these at any time, if you wish. This can be useful if you use webmail or have an email provider or software package without this already built-in, and want to use it.

Private - Self-Destructing-Email has a strict privacy and anti-spam policy and never reads or monitors the contents of any tracked email. We forbid the use of our service for junk emailing or spam of any kind. Details such as names and email addresses are never made available to anyone outside of the Self-Destructing-Email service, and users can view, add, edit, and delete their own customer records and tracking history details at any time.

Personal - Self-Destructing-Email knows how to correctly translate dates and times to your chosen local time-zone (including daylight savings times) when appropriate. You always have full access to your Self-Destructing-Email account and sent-email tracking information, and may change or erase it any time you wish. All changes and deletions you make are instant and permanent.

Reliable - All Self-Destructing-Email emails include up-to 36 different tracking techniques which makes Self-Destructing-Email many, many times more reliable than any competing product or service, and several orders of magnitude more reliable than existing "return receipts". Self-Destructing-Email is the best email tracking available on the internet, with the most available features, and provides more tracking information, more reliably, than anything else available. Full tracking history - with Self-Destructing Email you can usually find out all this:

Exactly when your email was opened
How long it was read for
Approximately where your reader is located (nearest town or city)
How many times your email was re-opened and re-read, as well as when and where etc.
What kind of email software your reader is using
What kind of computer and operating system your reader uses
What languages your reader can accept or understand
What kinds of email attachments your reader can view (eg: Microsoft documents, or Adobe files, etc)
Whether or not your email was forwarded to someone else
If it was forwarded, where is was forwarded to, sometimes including who subsequently reads it.




If your email gets published online, you can find this out too, as well as where (the URL) usually.Self-Destructing-Email is not only easy to use, it’s also cheap! In fact, you can obtain a fully functional trial version of it for free for up to 25 emails. Then, if you like it, it’s only twenty or thirty dollars per year for up to 2,000 emails. All this might seem an amazing service and it certainly is. I have been amazed by it’s advanced features and easy of use. There is also another new web based service called Slealthmessage.com that lets you do both encryption and email distruction both at the same time and all in one service. More than that, as of this writing the basic service is completely free.

This new service is:

 

A Screen Shot Of Stealthmessage.com controls


Stealthmessage
http://www.stealthmessage.com/

Here is the low-down on Stealthmessage from it’s web site:
Stealthmessage gives you the ablity to use the service for easy encryption annd decryption of email messages and to set emails to self destruct. There is no software to download. Here is how Stealthmessage works.


Stealth Message is a secure messaging system designed for communicating sensitive and confidential information. It protects your privacy, allowing you to communicate in complete confidence with friends and colleagues.

Stealth Message does all of the following:
encrypts your private messages
stores encrypted messsages anonymously
allows you to set security options including self-destruct
automatically sends a message notification to recipients
prevents forwarding of messages
helps to prevent unwanted copying of messages
Stealth Message requires only that you and the receiver have access to e-mail and a browser.


All you need to do is make sure that you have agreed on a shared code to access messages sent through this system. Contact your friend or colleague prior to sending the message and agree on a secret code that only the two of you will share. You may always change it later. It is recommended you do this by telephone, in person, or through an alias e-mail address.

The system works in a 3-step process.
1. You create your message, encrypt and store it.
2. Recipients are notified by e-mail that there is a confidential message for them.
3. Recipients click a link back to the Stealth Message site, enter a private code, and access the message.




Messages are untraceable, and there are multiple back-up security systems in place to ensure that the content of your messages can not be accessed except by legitimate recipients. Special options help prevent recipients from accidentally making copies, forwarding your messages, or allowing them to be seen by prying eyes.

Note: the technology is optimized for IE and Netscape browsers. Some Opera browsers experience a Javascript handling error that corrupts the encryption code. Some Mac operating systems may also experience problems.

Woow! Messages that Self-Destruct!

Stealth Message allows the sender to place a self-destruct timer on messages. When users open a message with the self-destruct feature activated, they will have a limited amount of time to read the message before it is permanently destroyed. Time can be set in minutes or seconds.

The self-destruct timer set by the sender is only activated once the message is opened. Recipients are warned in advance in case they may need to wait until a more opportune moment to open their message, e.g., when they will not be disturbed.

By default, all secret messages, whether they are opened or not, self-destruct in 30 days.
When should I use the self-destruct timer?
If there is very sensitive information in the message.
If you are concerned that the recipient might accidentally make a copy of the message.
If you are concerned that the recipient might accidentally leave the message screen open.
How much time should I put on the timer?
Once the timer is activated, it can not be stopped. So, you must give adequate time for the message to be read thoroughly. You might want to consider how long it would take under normal circumstances, then add on additional time just in case.

We recommend you test the self-destruct feature by sending a test message to yourself.
Please note: due to differences between different browsers running on different platforms, we can't guarantee that the self-destruct option will work in every case. It's always better to test beforehand.

Anti-Copying Features
Stealth Message protects your message from being accidentally or carelessly copied or printed by the recipient. There are a number of ways in which this is accomplished and the level of security varies depending on which options you select. With all options, it is difficult for recipients to cut-and-paste any part of your message, but not impossible. Also, there is no foolproof way to deter a recipient from creating a screenshot containing at least some part of the message by using the PrintScreen key alone, or in combination with other keys.

By using the highest level of anti-copying security along with just enough time on the self-destruct timer for the message to be read, you can prevent even the most mischievous recipient from copying your message in full. At best, they may be able to capture a bitmap image containing part of the message, but they will not be able to copy it as text into another message. In any event, all messages are untraceable, encrypted and anonymous.

In truth, any message can be copied by a recipient, even if only by hand. Even the CIA has to contend with this fact of life. The point of Stealth Message is to keep prying eyes away from messages that are intended to be confidential between two individuals. This assumes a basic level of trust between the sender and recipient, and so the anti-copying measures taken in Stealth Message are meant to prevent the following:

accidental copies being made
copying of entire messages by mischievous recipients
entire messages being captured and recorded by local or remote
computer monitoring software
If you are really concerned about copying...



Select the highest anti-copying security -- this will place the message in a very small window to prevent copying of the entire message at once.

Put just enough time on the self-destruct timer to read the message. Even using PrintScreen takes a considerable amount of time since recipients would need to take a screen shot of every portion of text, and save each file before the timer runs out. For example, a 20 line message could require 10 screen shots, but with only 20 seconds for reading it is doubtful that a mischievous copier would save more than two screen shots of two or three lines each.

Double-space the text in your messages so that even less of the actual text fits in the viewing window at any given time.
Use an alias and avoid real names when possible in messages -- don't include a signature.
If a recipient complains that they don't have enough time to read messages for which you've given ample time, be suspicious that they may be attempting to copy the message instead of reading it.

We recommend you test the anti-copying feature by sending a test message to yourself.


Stealthmessage is great! There are a few other products you might want to review. Here is a list of them with their web sites:

SafeMessage
http://www.safemessage.com/


Disappearing Email
http://www.omniva.com/

This is a new software program just coming out that will, instead of just going to a web based service to do all this, let you use your outlook express to make email messages disappear.

ZipLip
http://www.ziplip.com/

Check her out-she's worth a look!

 

My Best,

Ralph Thomas
In God I trust, everyone else is veriifed, encrypted and sent emails that self destruct!