King Tiger

I need privacy!

89 posts in this topic

How do you anonymize emails on a student account? (student@college.edu_

Edited by King Tiger
0

Share this post


Link to post
Share on other sites

Gnu Privacy Guard (GPG) or Pretty Good Privacy (PGP)

what is your mail client you might be able to get a front end plugin to automate it...

Edited by n3xg3n
0

Share this post


Link to post
Share on other sites

You're using their service, their assets, their network, they are free to do whatever they want with your data even if that means reading it. You can't do anything about it, it's due diligence on their behalf.

0

Share this post


Link to post
Share on other sites

Yes if you use their services they own your communications, however if your communications are encrypted all they would see would be nonsense.

If you can't enable encryption why don't you use something like a web-based email, like gmail. Just make sure you access it with https://mail.google.com so its ssl.

0

Share this post


Link to post
Share on other sites
You're using their service, their assets, their network, they are free to do whatever they want with your data even if that means reading it. You can't do anything about it, it's due diligence on their behalf.

They own the service and are free to legally read the communications, that does not make it right...

"What is legally right isn't always what is morally right"

0

Share this post


Link to post
Share on other sites
You're using their service, their assets, their network, they are free to do whatever they want with your data even if that means reading it. You can't do anything about it, it's due diligence on their behalf.

They own the service and are free to legally read the communications, that does not make it right...

"What is legally right isn't always what is morally right"

This is quite true and depending on your ethical stance, you'll either agree with them or not. However, legally, it's their due diligence to do things like this. What if they never did it and they were harbouring a fanatical cult in their school that was freely using the school's email system to concoct a plot to blow up a building? If there is no email sampling, this would go unnoticed until the event happened. But with email sampling, an event such as this can be stopped and the offendors can be legally dealt with and by law, lack of due diligence is a serious offense.

0

Share this post


Link to post
Share on other sites
The college I attend supplies me with a username@domain.edu address for email. However I found out recently that they randomly read studenst emails. I really don't like that idea and don't remember allowing them that power. Is there something I can use to encrypt my email? There are certificates, what exactally do there do? Any ideas on how they read my emails? Any ideas on how to screw with them?

-King "privacy freak" Tiger

Encryption only works if both sides are employing it. If you use it, but the people you're sending the emails to don't have the proper software infrastructure, then they won't be able to read your emails. Kind of defeats the purpose.

The best solution is to not use the system altogether, and instead use third party alternatives such as Gmail, Yahoo, or Hotmail. I imagine that they're grabbing the emails from their POP3 servers.

0

Share this post


Link to post
Share on other sites
This is quite true and depending on your ethical stance, you'll either agree with them or not. However, legally, it's their due diligence to do things like this. What if they never did it and they were harbouring a fanatical cult in their school that was freely using the school's email system to concoct a plot to blow up a building? If there is no email sampling, this would go unnoticed until the event happened. But with email sampling, an event such as this can be stopped and the offendors can be legally dealt with and by law, lack of due diligence is a serious offense.

I hope you're being facetious.

I don't see how this is different than tapping phones, and reading your snail mail, apart from legal symantics.

0

Share this post


Link to post
Share on other sites

it is different, in that while maybe it isn't the most ethical thing in the world ... sniffing people emails even on your own network is not really cut and dry... people can always use third party, tunneling and other methods, and it gives plausible deniablility to the admins, and it isn't a backbone level trap like those infamous phone traps. A win win really, for the technically adept. Which in 2007, it is a sin to raise you children to be otherwise.

If your parents weren't paying attention, and if they weren't you didn't take it upon yourself to leran the ways to be all that you can be in the modern world, whose fault is that. Admins have legal liabilty in a litigious society, you know that Seal. Due diligence is the buzzword of the year in IT.

0

Share this post


Link to post
Share on other sites

Let's hope ol' W doesn't think of it like this..

So with the logic that it is their system they can read anything you place on there then it's a short jump to say the goverment paid for your elementary school education and now has the right to see what you do with your reading and writing skills?

my point... limits need to be set before the powers that be get more tyrannical.

encrypt your traffic... they only have the right to see what you are putting on the server... reading is a privilege. if they bitch.. it'd be no different then using some obscure language of the past that few people can read. Tell them then need to get educated if they are going to exist in this world.. (funny there... telling a school that...) Then get ready to be kicked out.

0

Share this post


Link to post
Share on other sites

It's actually a pretty fucking far jump from "logging traffic on YOUR network", to the government monitoring all activity for anyone that ever took a public school class. "Powers" being set on a network that you own, as your private property should be exactly what you fight against hombre. Capitalism works itself out. As long as no stupid law is passed infringing my right to do whatever I want with my property and you being able to take your business wherever you please.

That said, "Ole W" is already tapping the backbone. George Bush hates black free people.

0

Share this post


Link to post
Share on other sites

At the Uni I go to they have a disclaimer that stays up for a split second that basically says. "At any time we withhold the right to monitor where you surf, who you talk to, and what you are sending. It is our network after all"

0

Share this post


Link to post
Share on other sites

Give hushmail.com a try. They supposedly have a Java client that not only communicates via SSL, but allows you to do GPG without installing any software. I dare them to try to read your mail now (without a keylogger).

Then again, I've never tried it, only heard about it.

0

Share this post


Link to post
Share on other sites
Give hushmail.com a try. They supposedly have a Java client that not only communicates via SSL, but allows you to do GPG without installing any software. I dare them to try to read your mail now (without a keylogger).

If you want to get really paranoid, while using hushmail (which is nice) use an on screen keyboard.

0

Share this post


Link to post
Share on other sites

If I "sign my emails" and the other party dosn't have a certificate, they can't read it? I use outlook as a mail client.

I do have methods of secure communication (PuTTY) but how can I have secure communication with, say, someone I don't know well?

Edited by King Tiger
0

Share this post


Link to post
Share on other sites
If I "sign my emails" and the other party dosn't have a certificate, they can't read it? I use outlook as a mail client.

Here's how AMERICA works. You are supposed to have privacy for your everyday life. The government cannot monitor people "in case" they might do something. (supposedly) Private orginizations ignore this and moniter whoever they feel like, because legally, they are allowed do it. Ethically, I think that this sucks, but nobody cares what I think. The fifth amendment of the constutition has something to say about this. I believe I have a right to privacy, even though I have nothing to hide. This is basic "life in America" expectations.

I do have methods of secure communication (PuTTY) but how can I have secure communication with, say, a girl I just met on campus?

Signing your emails is a means to verify that the email is actually sent by you, and not someone pretending to be you. It uses the same cryptographic foundation as encrypting the emails in the first place.

If you want privacy, forget about using your school's email system. It's just much more feasibly to use any third party mailing system, because they won't be sniffing the contents of your general web traffic. It doesn't even have to be Hushmail, so much as something that doesn't get your email from the school's own POP3 servers.

0

Share this post


Link to post
Share on other sites

What about using a linux live cd, that would by pass any software keyloggers, once your up you can TOR or SSH to something else, that will bypass there email system. The only point of failure is a hardware keylogger... but come on, a school isn't going to install a hidden (because if its visible remove it) keylogger in every machine.

0

Share this post


Link to post
Share on other sites
What about using a linux live cd, that would by pass any software keyloggers, once your up you can TOR or SSH to something else, that will bypass there email system. The only point of failure is a hardware keylogger... but come on, a school isn't going to install a hidden (because if its visible remove it) keylogger in every machine.

Well, the internal PCI ones are not so visible. Still, they are fat too expensive for a school to justify.

Edited by Irongeek
0

Share this post


Link to post
Share on other sites

Hey IG, how's the keylogger review coming along? I am looking forward to it.

Are you dropping boocoo dollars on a variety of hardware keyloggers, or what?

0

Share this post


Link to post
Share on other sites
Are you dropping boocoo dollars on a variety of hardware keyloggers, or what?

Irongeek is a po' pimp'n cash_money millionaire who makes the bigg tym'n dolla dolla billz...

You didn't know that?

0

Share this post


Link to post
Share on other sites

Tiny bit off topic but; If you want privacy while using MSN use Simplite it offers encryption like AES...

0

Share this post


Link to post
Share on other sites
Are you dropping boocoo dollars on a variety of hardware keyloggers, or what?

Irongeek is a po' pimp'n cash_money millionaire who makes the bigg tym'n dolla dolla billz...

You didn't know that?

I've had my suspicions.

0

Share this post


Link to post
Share on other sites
If I "sign my emails" and the other party doesn't have a certificate, they can't read it? I use outlook as a mail client.

Here's how AMERICA works. You are supposed to have privacy for your everyday life. The government cannot monitor people "in case" they might do something. (supposedly) Private orginizations organizations ignore this and moniter monitor whomever they feel like, because legally, they are allowed do it to. Ethically, I think that this sucks, but nobody cares what I think. The fifth amendment of the constutition constitution {the right to due-process and protection against self incrimination and interrogation? are you sure you don't mean the 4th?} has something to say about this. I believe I have a right to privacy, even though I have nothing to hide. This is basic "life in America" expectations.

but how can I have secure communication with, say, a girl I just met on campus?

a - you signed away any expectations of rights when you enrolled, read all your system access clauses; I'm betting your university could sell your search history to a third party if they wanted to. :P

b - you can only use email/messenger programs with encryption if either the encryption is built-in or the other party is using the additional steps you are (like pgp-desktop, an msn-plugin, certificates etc). You would have to setup the encryption for her, instruct her how to set it up, use a third-party method that has the encryption built in, or live with the system you have in place and the monitoring therein. The third party must be a member of the certificate group in order to use the certificate, and certificate exchange on a network you don't trust is the next issue.. who's signing the certs (self-signed? even more insecure.. woot).

c - what sort of 'allah-akbar-jihad sleeper-cell underpants-gnome toad-licking satanic-cult' communications do you have going on over a campus network that you are so paranoid?

btw /me steals irongeeks pimpin bag-o-cash (the one with the dollar sign on it) and hides it in ohms account.. nobody will ever think to look there.

0

Share this post


Link to post
Share on other sites
btw /me steals irongeeks pimpin bag-o-cash (the one with the dollar sign on it) and hides it in ohms account.. nobody will ever think to look there.

rofl

0

Share this post


Link to post
Share on other sites
Tiny bit off topic but; If you want privacy while using MSN use Simplite it offers encryption like AES...

Simplite, like all other encryption, is only useful when the other party has it as well. Otherwise, it's all plaintext (I used SimpPro for two years and all my data was in plaintext because no one else used it).

@SeaL: No, I'm 100% serious. After all, it's the University's network and their assets at stake, they are free to do with it whatever they please and legally, they're given the power to do so. After working at a University for nearly three years, you get to learn little tidbits like that.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now