Search the Community

Just type this: https://gmail.google.com No peeky by brain-dead Gov. he he he http://lifehacker.com/software/gmail/secure-gmail-access-on-public-networks-228722.php Data Base, Bangkok Post Better to be safe than sorry when it comes to email security DON SAMBANDARAKSA Am I being paranoid, or is big brother finally waking up and keeping a watchful eye on our communications and how we use the Internet, especially email? I received an email the other day from one of my favourite sources who pointed out that his home ISP had suddenly taken the rather dubious step of blocking access to other, in this case overseas, port 25 SMTP servers. My friend did a bit of digging around and apparently this move was to stop spam. Many Thai ISPs (not that there are many left) now force the user to use only the authorised ISP email gateway for sending email. The problem is that many Thai ISP email servers are themselves blacklisted as spammers. "As a result, remote sites either reject mail or even worse, just swallow the messages without any notification at all," my friend wrote in conclusion. It was about a year and a half ago I noticed some odd changes in my own email usage. Every other day, I have to submit the photographs I take for publication. Now, it was about that time that it suddenly became harder and harder to send email. All too often the connection to the server would timeout and I would lose the connection and would have to try again. Now, it was by chance, being the paranoid geek that I am, that I noticed that my desktop PC (with just under a 1TB of hard drive attached to it and from which I do most of my picture emailing) had more problems sending email while my laptop, from which I send pictures only from time to time, was relatively unscathed. The only material difference I found after poking at the configuration was that my notebook was using port 465 SSL encrypted SMTP and the older desktop, set up in a time when I was more trusting of the world, was using unencrypted port 25 SMTP. I tried turning on SSL and changing it to port 465 and bingo, the problems when sending large files disappeared. My theory, and this is one of those loony conspiracy theories, mind you, was that my ISP, in this case TOT via Shin Satellite's IPStar, was at best messing up any unencrypted link with overloaded caches and proxies, or was trying to eavesdrop on my communication with a man in the middle attack which could not cope with the level of email that was going through it. Since then, I have turned to sending GnuPG encrypted email where I can and where I do send plain text email, I always make sure I send it using a foreign-based server using SSL encryption so that nobody here at least can tag my contacts on the way out. Just think about it. People are up in arms over social networking when it comes to the power they have from information about out social networks, who we know, who we communicate with. All that information, if not more, is also held with our ISPs and telcos. Remember, too, that today voice recognition technology is routinely used to monitor call centres. Some of my interviewees have told me that today a call centre agent can be automatically machine-rated by how well he sticks to the script and even if his voice print shows signs of anger or irritation, even in Thai. Now, just think about how much our telcos could know about us if they employed that same technology. Of course, being the moral, law abiding corporate citizens they are, they would not, but what if someone who managed to break into the telco's systems was able to do that? Furthermore, my ISP does not allow point-to-point tunnelling protocol (PPTP). In a typical set-up, this would be used by a roaming user to create a secure, encrypted tunnel over the Internet to the office so that the person working from home or in the field would be as secure as if he were physically connected to the LAN. PPTP can be used to create a VPN (virtual private network) link to a server in a different country just to avoid censorship. Most high-end consumer grade routers today have an SSL VPN server built in. If I had a friend in Singapore, I could conceivably log in to his router and then access the Web, post comments on web boards or do anything and all the Thai authorities would know would be that this IP came from Singapore, or wherever that router was located. One could argue that blocking VPNs was necessary to prevent people circumventing censorship and seeing undesirable videos. Then again, it could just be incompetence on the part of IPStar's configuration as, to the best of my knowledge, none of the ADSL providers block it, yet. Then there was the recent Cabinet announcement that agreed with a proposal tabled by the National Intelligence Agency to forbid any official work from using a foreign web-based free email account. While this makes so much sense from an image point of view, the fact that it was tabled by the NIA does raise some eyebrows. The reason given was so that foreign entities (such as Microsoft, Google or Yahoo!) could not gain access to confidential Thai government information. On a side note, one of my friends at a unit under the Ministry of the Interior phoned me up to tell me that he went to work one morning and suddenly Hotmail, Yahoo! mail and Gmail was blocked at the office firewall. A call to IT support was met with a reply that they did this to comply with the resolution. Now, as far as I recall, the resolution was to phase out use, not to ban it overnight. I wonder if the real reason is that the use of these services meant that the NIA could not eavesdrop on Thai civil servants and monitor them, Big Brother style. If one were to use Gmail and start with the session with https (rather than http), then that entire session is encrypted and none of the people in the middle, be they network administrator, telco or gateway could see what is being sent. Together, these bits of information point to a more sinister picture. Someone out there is making it harder for us to stay anonymous and easier for the state, be it the telcos or the secret police, to eavesdrop on us. Information theft is interesting in that on the one hand, nothing is actually missing. Furthermore, the stolen information can make it easier for people who have it to make better decisions, decisions that may affect someone who opposes the people in power one way, and effects those who support those in power differently. If you haven't done so already, use https for webmail; use port 465 for SMTP and 995 for POP3 with SSL encryption turned on (even most smartphones can do that). SSL IMAP for those who access Gmail on your Mobile uses port 993. Actually Google is nice in that it requires SSL encryption and does not allow unencrypted email client access at all. Conversely, using push mail and giving your email password to your telco is pure lunacy in my humble opinion. If you are a bit more paranoid, look up GNU Privacy Guard (GnuPG) and plug-ins like Enigmail for Thunderbird. I do hope I am wrong, and that all these problems are down to technical incompetence, but better safe than sorry. :idea: