Freddy's Ramblings

Email has been discussed a lot lately. Perhaps it's because we all rely on it more during this period of lockdown. Maybe it's due to Hey being released? Or are we all realising that email is an old technology and we need to move on?

To start we should figure out what email is. According to Wikipedia:

Electronic mail (email or e-mail) is a method of exchanging messages (“mail”) between people using electronic devices.

Now that the definition is out of the way, what problems are there? In his article, Kev Quirk suggests three main aspects to focus on:

Spam

Privacy

Workflow management

Spam

Spam is a problem that exists on every communication platform. The supposed issue is that the amount of spam is greater on email than on other platforms. As we have established, email is just an electronic version of mail. Just like mail, email is susceptible to spam, and even with filters some will always slip through.

However, there are ways to prevent this. Email cloaking services protect your personal email being given away when you sign up for something. You can use spamgourmet or a disposable email services when signing up for online accounts anywhere that you don’t trust. Similarly, you can use an email client like Thunderbird which has additional spam filters built in. As Kev mentioned, you can also train your spam filter to make it better at identifying what is and isn't spam.

Privacy

While some providers allow you to sign up anonymously on Tor, email will never be private. It will also never be as secure as platforms like Signal or Briar. You can improve the privacy of emails by encrypting their contents or using a provider that encrypts account data at rest. Email is not private and shouldn't be treated as such. Instant messaging is more secure and private than email, but email still has many benefits.

Workflow management

Everyone uses email differently. Your children might use email to submit their homework; while you might receive emails about your next meeting. Some may use an encrypted email provider; you may use Gmail. Some use email clients; some might use webmail. Some may prioritise ease of use over security; some might not. It doesn't matter. For this reason workflow management is a very subjective matter and hence its not for me to say whether email has got this right or wrong. Everyone has a different situation, so making generalised statements doesn't achieve anything.

Because of its decentralised nature, email allows for large amounts of flexibility. When it comes to workflow, you can customise email for your needs. If you developer wanting to use email with git you can use aerc. If you are concerned about privacy you can use a privacy respecting email provider. If simplicity is all you are after then Gmail or Outlook might be worth a look. If you want to shake things up a little then try Hey.

A few other points

Email is a very good way of getting important updates to people. Its relatively fast and efficient, and doesn't rely on people creating new accounts (like on a forum). It probably isn't the best discussion platform because it wasn't what email was intended for.

While NeoMutt is great for mailing lists, it isn't recommend it for most people. This brings us back to the customisation that email allows for, because everyone is viewing the message differently, you shouldn't optimise it for one client.

Conclusion

Email is the most widely used, decentralised online platform. There is no correct way to do email. That's a part of its beauty. It's also incredible that products created in the 1960's are still in active use today. It would be futile to try and replace email, and although it has its problems, it is certainly not broken.


I’m publishing this as part of 100 Days To Offload. You can join in yourself by visiting https://100daystooffload.com

#100DaysToOffload – Day 19/100

If you've been following the news recently then you've probably heard someone tout “the new normal”. It suggests that this new lifestyle is now normal and may continue to be normal even once the pandemic is over.

While we cannot forget the death count, many advancements have been made during this period of lockdown. Jobs that were previously thought impossible to do at home are being done. Venice's canals have never been cleaner, according to many reports. Countries might even meet their (unrealistic) lower carbon emission goals on time. The environment in general has had a break from our constant torment of pollution. A lot of good has come out of this crisis and could stay with us afterwards.

Regardless of this progression, there are also bad implications for our liberties. It allows for temporary measures put in place to fight the pandemic to stay in place well after because they are considered normal. Unfortunately, it's happening all over the world right now.

Prime Minister Benjamin Netanyahu of Israel recently authorised the Israel Security Agency to deploy surveillance technology normally reserved for battling terrorists to track coronavirus patients. When the relevant parliamentary subcommittee refused to authorise the measure, Netanyahu rammed it through with an “emergency decree”.

(Source: Yuval Noah Harari: the world after coronavirus)

Countries implementing contact tracing apps have received a backlash from the privacy community. Concerns about the usage of the data has lead some not to install the apps. Products such as OpenTrace, and open source contact tracing app, are what we need in this pandemic. It goes to show how we can combat the virus without invasive technologies. Laws can stay in place long after their use: for example, the right to drive sheep and cattle over London Bridge requires Freedom of the city. This ancient law is redundant, yet it is still implemented.

Historically, it has been proven that Governments tend to maintain surveillance methods in pandemics long after the crisis is over. When the Patriot act was passed after 9/11 it was set out to “deter and punish terrorist acts” as well as “enhancing law enforcement investigatory tools”. It had good intentions, but it is now used for many other, less noble, reasons.

PATRIOT gives sweeping search and surveillance to domestic law enforcement and foreign intelligence agencies and eliminates checks and balances that previously gave courts the opportunity to ensure that those powers were not abused.

(Source: EFF)

At the time, it seemed like a great idea. In his book Permanent Record, Edward Snowden says that the aftermath of 9/11 was the reason he joined the army.

We can all be mislead in times of crisis. Hindsight is only an option when the problem has already happened. This is why we must continue to watch our governments. We must keep a keen eye on what they do to help stop the spread of the virus. We must adapt to the constant changes, and ensure that steps in the right direction are kept.

Equally as important, we must make sure that the surveillance they are doing now is continued, much like how it has been before.


UPDATE: UK Police get access to NHS Test and Trace self-isolation data


This was published as a part of of 100 Days To Offload. Find out more by visiting https://100daystooffload.com

As the Covid-19 is forcing us to stay in our homes, there has never been a better time to improve our privacy. Here are 5 points to help get you started:

Browser

Given the alternatives, there is no excuse to use Goolge Chrome (or Safari, for that matter).

Maintained by Mozilla, an organisation that genuinely cares about privacy, Firefox can perform all the same tasks as the aforementioned browsers. It is also secure and open-source, and, with a few tweaks, a great privacy respecting browser.

Search Engine

Now that you've installed Firefox, you're going to need a search engine. PrivacyTools has a great list to chose from, as well as searchengine.party's great spreadsheet.

Email/Messenger

Email providers such as Outlook and GMail are notorious offenders when it comes to privacy. Switching to a more privacy respecting service like ProtonMail or Tutanota, or any other provider recommended by PrivacyTools, may be a little inconvenient, but will help you take back your privacy. This blog contains a dedicated article on email, if you are interested.

Most mainstream instant messengers are just as bad. Signal, in contrast, provides a very similar interface, on the surface, with the added benefits of end to end encryption. Both Dan Arel and Niek de Wilde have written good guides to help you consider other options.

Password Manager/2 Factor Authentication (2FA)

We've all used a weak password in the past, and it is possible that you are using a weak one now. Perhaps you share the same password for multiple accounts? Whatever the case may be, passwords are the single point of failure for your security, so any improvement is welcome. Password managers, like BitWarden, help generate strong passwords/passphrases that could take computers years to crack. As a bonus, they are all stored in one place, allowing for copy and pasteing at will, meaning you only have to remember one password. ThePrivacyGuide has a good article on password managers to help you choose the right one for you.

While 2FA isn't the most fun process, for just a little effort it adds a lot of privacy and also increases security. Even if you have 'bullet proof' passwords, adding an extra layer of protection is always sensible. ThinkPrivacy has a helpful list to chose the best option for you.

Do you really need... ?

We all probably have too many apps in general. Take a look at your apps and ask yourself why did you install this and do you still need it? If the answer is no, then delete it. The aim is to minimise your digital footprint as much as possible. If the answer is yes, then try to look for open source alternatives.

Being private online takes time and effort. Now that you've got that time why not try and go the extra mile when it comes to privacy. PrivacyTools.io and ThinkPrivacy are both great resources for people of any technical ability. (This blog is cool too!)


Most importantly stay safe. In these testing times it is important that we all try our best to stop the spread. Remember that we will get through this crisis, and that life will eventually resume normality.

People do not seem to care about online privacy. If they have “nothing to hide” then why should they? Yet this idea of hiding is fundamentally flawed.

Privacy is a human right, just like any other. Why on earth would you give that up? The famous (and somewhat obligatory) quote from Edward Snowden, the NSA whistle-blower:

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.

The question about privacy is not about hiding, it is about sharing. It is not that I have nothing to hide, I just do not have anything I want to share, especially unknowingly. This whole narrative that privacy is only for nefarious people is pushed by those who quite clearly care alot about privacy. Mark Zuckerberg spent tens of millions of dollars buying the houses that surrounded his home, for example. The irony is painful.

We all care about our privacy, though we might not know it. It is why we lock the door when we go to the toilet; or why we close the curtains to stop people looking into our homes.

In her essay for Aeon Magazine, Carissa Véliz argued that privacy is power. It is the power “to show you ads... and to predict your behaviour”. But it is also the power to influence. Increasingly, Big Tech, the likes of Facebook, Amazon and Microsoft, are sharing more and more information with governments. In turn, governments are starting to learn more and more about their citizens. Facebook allows governments to arrest people planning to participate in protests before they have even begun – and this is the tip of the iceberg.

Our privacy is eroding. As a society, we are beginning to accept this lack of privacy as normal – and this is extremely dangerous. Privacy provides a place for us to be ourselves, to express ourselves in new ways without fear of being watched by preying eyes. If we lose privacy then we lose this ability to experiment, and, more importantly, we lose our power.

The war is not lost, however. We paved the path for Big Tech, though we no longer have to follow it. If we change our actions then much can be achieved. In most instances, alternatives to mainstream products, such as Google, are available. Websites such as PrivacyTools.io, of which I am a team member, showcase tools and knowledge to protect your privacy. By changing our actions and switching to a few different services we can slowly reverse the damage that was done. Furthermore, both the General Data Protection Regulations and the California Consumer Privacy Act provide a means of obtaining and erasing data that companies have on you.

Privacy matters, regardless of who you are. We seriously need to start protecting it.

It was originally used by the Greeks to keep the secret of Greek fire, but now it is used by people all around the world for lots of different reasons.

It can be defined as:

The limiting of access to information to persons or other entities on a need-to-know basis to perform certain tasks.

Think of it as a floor of a house. You have different rooms for different purposes, and you don't mix things up. For example, you wouldn't sleep in the kitchen, nor would you cook in the bedroom. This is a good attitude to have when it comes to privacy.

This guide is going to cover very basic compartmentalistaion. The simplest way to do this is by having 3 compartments:

  • Professional
  • Personal
  • Other

Professional

This should contain everything you use for work, including your email, all of your files/documents (preferably on Libre Office), potentially your LinkedIn and so on...

The best browser for all your needs will probably be FireFox. Maintained by Mozilla, an organisation that genuinely cares about privacy, it is secure and open-source, and, with a few tweaks, can be a great for privacy. You will also be needing a pivacy respecting search engine, such as Qwant.

Personal

Next we want a browser for more personal matters such as communitcating with friends or using social media. Our browser of choice is Vivaldi, with Startpage as default search engine. It is also advisable to use the same set of add-ons as you professional browser.

Other

Finally we have other. This is for anything else that doesn't fit into one of the other categories. The best browser for this is Tor. Watching this video and reading this article will help you understand some things you should and should not do on Tor. As for search engine, use DuckDuckGo.

As for operating systems, it entirely depends on your threat model. Compartmentalision, regardless of the operating system, will almost always be an improvement privacy-wise, but if you want to take it further, then any of these will do.

You may be thinking that this all sounds rather complicated, but after a while, like everything, it gets easier. If you are stuck there are lots of great tutorials and sub-reddits on the matter, so don't feel you have to suffer in silence.

I have only touched on this subject very briefly. If you want to go the extra mile, Qubes was an operating system deisgned with compartmentalisation in mind. Snowden, the NSA whistleblower, used it and they even have a sub-reddit dedicated to helping you set it up. The operating systems you should run in your Qubes are up to you, but an example could be Debian for your professional, Ubuntu for personal and have Whonix for other. You can go even further by compartmentalising email accounts, using different adresses (and perhaps even different providers or an email cloaking service) for each service you use.