He Who Panix Needs Encryption
A few weeks ago, someone hijacked the domain name of New York’s oldest ISP, Panix. During the resulting outage, Panix switched its customers to another domain (panix.net) and recommended they change Web site passwords, especially for accounts with an “e-mail me my password” feature. The security steps were necessary because any mail sent to an @panix.com address was diverted to the attackers.
Fortunately for Panix and its customers, they rectified the situation within a few days. But even so, I hope many of those customers are considering adopting encryption.
It’s true that the huge majority of people don’t bother with encrypting their e-mail, and I think that’s unfortunate. With the rise in un-/poorly-secured wireless networks, employers with questionable ethics, and shared computers, I think there are cases when encryption is worth the hassle. And really, when we’re talking about “the hassle”, we’re talking about just a few things: complicated setup, being forced to enter the passphrase to send/read mail, a lack of Webmail support, and an inability to search saved messages.
Most of these can be overcome. I use Enigmail+GnuPG with my Thunderbird installations, all of which are free and work like a charm on both my XP and Linux machines. As for Webmail, I’m keeping an eye on the Portable Thunderbird project, which makes it possible to carry an entire e-mail program on a USB key (bonus geek points: future plans include multi-platform support, so you can jump on a Mac, Linux, or Windows machine without a hitch.) Why bother with Squirrelmail when you can use a full client?
I don’t have any solutions for the search problem yet, though. But even so, crypto is getting easier, and I encourage people to give it a go. Feel free to use me as your guinea pig: here’s my public key, and y’all know the address.