From TNPC issue #4.15...

Further Snooping Around on the Internet

by Dan Butler
July 26, 2001

The first two installments of this series (TNPC #4.12 & #4.13) covered the information your Web browser identifies about you and how Internet advertising agencies use "cookies" to track your online activities. In this installment we'll discuss email messages.

Many people worry about entering their credit card information on a Web site but don't think a thing about sending personal details in an email to another person. If you have a need to send email with sensitive or personal data I recommend you encrypt that email before you send it.

Sending an email is the physical equivalent of sending a postcard. Your message goes from you to the recipient, but anyone handling the postcard can easily read the message you are sending. Just as you wouldn't think of sending sensitive personal information via a postcard, you should consider encrypting personal information before sending it via email.

The current Sircam virus points out just how your email or other documents could end up in the wrong hands when you least expect it. As an aside I refuse to use Microsoft products for my email and once again have not worried to any great degree about problems from the ongoing viruses. More on that in a future article.

How then, do you encrypt your email from prying eyes? I personally use and recommend PGP (Pretty Good Privacy) from Network Associates. Good luck finding understandable info on the product from their Web site! Best to just get the product from Amazon. There is also a free version for personal use only available from MIT.

PGP Home page:
http://www.TheNakedPC.com/t/415/tr.cgi?dan1

MIT PGP Page (free for personal use only):
http://www.TheNakedPC.com/t/415/tr.cgi?dan2

PGP from Amazon.com:
http://www.TheNakedPC.com/t/415/tr.cgi?dan3

Most of the links at the MIT site are old or broken. The program you download from that site, however, is current. After you install the program read through the "Intro to Cryptography" guide that should be installed as part of the program. You'll find it quite helpful.

PGP uses Public Key Encryption. There isn't enough space in this article to fully describe Public Key Encryption. In a nutshell you generate two keys: one public, one private. You pass your public key to other people and they use it to generate encrypted email or other data to send to you. Your private key decrypts any data encrypted with your public key. Without your private key and its passphrase you won't be able to decrypt the message. Make sure you keep a good backup of your private key and remember the passphrase!

If you own a copy of "The Book That Should Have Come With Your Computer" you'll find screenshots and more discussion of PGP messages in Chapter 13.

PGP can encrypt more than just email messages. In fact you can encrypt any file on your system. Handy for keeping prying eyes out of your data files. Another handy option lets you make a self-decrypting file. Use this to send sensitive data to someone who doesn't have PGP installed. Simply give them the password over the phone.

A quick note: one of the install options is the PGP VPN Tunnel. I recommend you do *not* install this unless you know what it is, what it does (and the implications thereof), and are sure you will use it. Stick to the plain PGP installation options.

You can reach Dan Butler at:
mailto:danbutler@TheNakedPC.com

Return to Top

TNPC Hot Tips:

• Email out of control? Spam filling your inbox? People trying to steal your identity? Same here - until I applied these tips. You can too in a new multimedia e-book. Tame Your Email.

• DO YOU MAKE THESE MONEY MISTAKES? Do you know that trying to pay off your high interest rate debts first and/or paying extra on more than one debt is the SLOWEST way to get out of debt? Don't make these same mistakes. Learn more at by clicking here...