Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
How does an encrypted email svc work with an unencrypted one (gmail, etc)?
Old 10-14-2018, 07:25 PM   #1
Recycles dryer sheets
 
Join Date: Jun 2015
Posts: 209
How does an encrypted email svc work with an unencrypted one (gmail, etc)?

Can a E-R fan help me?

I am low tech.

I would like to leave gmail and get an email service that encrypts my emails.

What I don't understand -
Do my emails remain encrypted when I send them to someone using gmail, yahoo, or some other unencrypted / free service?

Or should I consider only those emails I send encrypted to others with their own encrypted email system as safe?

Thanks for your help!
__________________

gretah is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-14-2018, 09:42 PM   #2
Thinks s/he gets paid by the post
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 3,612
I'm not an expert, but I have done some encryption work.

In order for emails to be encrypted, the usual way is to use what is called public key cryptography. For the sake of your questions, what you need to understand is that everyone who wants to send or receive encrypted emails needs to obtain a public key and a private key.

To send an encrypted email to someone, your email program will encrypt it with their public key. They will decrypt it and read it using their private key. If they reply to you, their reply will encrypt it with your public key, and you will decrypt and read it with your private key.

From the above I conclude:

If you send an email to someone with a gmail or yahoo address, one of two things will happen: Either your message will be sent entirely unencrypted and the recipient can read it (more likely), or your message will be sent encrypted and the recipient will have no way to read it (less likely but still possible). The latter case is conceivable in encryption services like PGP that use multiple layers of encryption. I would guess that the way this will work would depend on which encrypted email program and service you choose.

As for your second question, I think you should understand that successful encryption generally relies on both the sender and the recipient agreeing on and using a common system. This is because decrypting a message to read it is essentially the inverse operation of encryption, so the two processes need to be symmetric. Think of tying and untying a knot - if you tie a knot one way and then try to untie it a different way it won't work. So you'll only be able to communicate in an encrypted way with people who are also using the same system. I believe PGP (pretty good privacy) has a standards-based framework so in principal you could use a PGP-based email service with an Android app on your phone and send it to someone using a different PGP-based email service on, say, a Windows desktop.

Also, as a general note, you're a lot safer using something like a PGP-based system, but whether or not you're completely safe depends on the implementation being correct, and using correct settings in the program (defaults are probably fine), and depending on how paranoid you are, whether someone at the NSA really wants to read what you wrote. But if you're just an ordinary citizen who wants to maintain your privacy and you're not a foreign spy, then it should be much safer than unencrypted email. This safety is a trade-off with the inconvenience of switching and trying to get your intended communication partners to switch.
__________________

__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is offline   Reply With Quote
Old 10-15-2018, 05:32 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 5,251
Quote:
Originally Posted by gretah View Post
Can a E-R fan help me?

I am low tech.

I would like to leave gmail and get an email service that encrypts my emails.

What I don't understand -
Do my emails remain encrypted when I send them to someone using gmail, yahoo, or some other unencrypted / free service?

Or should I consider only those emails I send encrypted to others with their own encrypted email system as safe?

Thanks for your help!
1) Do my emails remain encrypted when I send them to someone using gmail, yahoo, or some other unencrypted / free service?
If you use end-to-end encryption add-in (like PGP), then it is encrypted all the way to other end. But the receiver must have ability to untie your shoelaces (thanks secondcor).
2) Or should I consider only those emails I send encrypted to others with their own encrypted email system as safe?
You'd have to define "their own encrypted email system" better. For example, gmail is encrypted in transit, and when at rest on gmail servers. Obviously, if I use gmail with, say, Comcast, at some point my email must be decrypted (when handed over to Comcast email servers, where their encryption takes over).

Whatever your concern is, maybe specify a bit better. For example, I communicate with son all over world for > 10 years. We hardly use email because of the security concerns. Of course we can put into place email encryption, but not worth the time spent. We use WhatsApp, which uses end-to-end encryption (messaging, pix, attachments) between two accounts. You need a cell no., though. I use this on my PC also (need cell on local net nearby).
target2019 is offline   Reply With Quote
Old 10-15-2018, 05:48 AM   #4
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,437
If you want to do it right you must encrypt / decrypt it on your machine, that way no trust is required. It leaves / enters your machine as scramble, the provider has no way of knowing the contents. If you are want the provider to do the encrypting then you have to trust the provider. You can use Thunderbird with the enigmail plugin to automate the process using PGP. Your recipient should use the same.
jim584672 is offline   Reply With Quote
Old 10-15-2018, 07:22 AM   #5
Recycles dryer sheets
 
Join Date: Jul 2015
Posts: 185
Let's get a little more simplistic. If you are using Gmail, the encryption is between you and them. You can make no assumptions about what happens after the email leaves Google, or before Google receives it. In fact, most likely it will not be encrypted.
clobber is offline   Reply With Quote
Old 10-15-2018, 07:49 AM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,109
Why?
MRG is offline   Reply With Quote
Old 10-15-2018, 08:32 AM   #7
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 5,517
To send a password or a bank account number, you could create an entry in LastPass and share that with the other party. You can also attach a document and share the entry with the other LastPass user. This is what I do instead of trying to do encryption fo all emails.
sengsational is offline   Reply With Quote
Old 10-15-2018, 08:36 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 5,251
If you open an email in Gmail, and click the down arrow next to sender's name, it will tell you that the email has been protected in transit by TLS, end to end. What this means is that the email was protected by encryption when sent between servers.
target2019 is offline   Reply With Quote
Old 10-15-2018, 09:01 AM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,679
Do all your emails really need that much security?

Only you will know the answer.

If you only send emails that need to be very secure once in while, could send a password encrypted data. Then call the recipient with the password after the recipient downloads. Not 100% secure probably, but better than nothing.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 10-15-2018, 09:15 AM   #10
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,437
7zip has AES256 built in as an option.
GPG has been very well reviewed and is trusted by many.
jim584672 is offline   Reply With Quote
Old 10-15-2018, 12:06 PM   #11
Recycles dryer sheets
 
Join Date: Jun 2015
Posts: 209
Thank your for your posts! Very helpful!

I'll be traveling a lot starting next year and trying to think of ways to stay in touch with my accountant and a few others. Emails with documents attached would be better for me than phone calls due to time zone differences and my preference for reading.
gretah is offline   Reply With Quote
Old 10-15-2018, 12:20 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 5,251
Create a shared google drive folder with your accountant. Put sensitive documents there, and you're assured the data is secured at rest and in transit.
target2019 is offline   Reply With Quote
Old 10-15-2018, 12:34 PM   #13
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 2,524
Quote:
Originally Posted by target2019 View Post
If you open an email in Gmail, and click the down arrow next to sender's name, it will tell you that the email has been protected in transit by TLS, end to end. What this means is that the email was protected by encryption when sent between servers.
But it does not mean that the email was encrypted while on all the hard drives, "at rest", in the intermediate servers that it passed through - correct?

There would be no end to end encryption in this case if I understand this correctly. TLS only protects the email when it is transmitted from one machine to another - similar to the HTTPS we see in our web browsers for certain pages. Once the email comes out of the secure TLS pipeline between 2 machines it is decrypted.
gauss is offline   Reply With Quote
Old 10-15-2018, 12:41 PM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 5,251
Quote:
Originally Posted by gauss View Post
But it does not mean that the email was encrypted while on all the hard drives, "at rest", in the intermediate servers that it passed through - correct?

There would be no end to end encryption in this case if I understand this correctly. TLS only protects the email when it is transmitted from one machine to another - similar to the HTTPS we see in our web browsers for certain pages. Once the email comes out of the secure TLS pipeline between 2 machines it is decrypted.
Talking about a shared doc, not email.
target2019 is offline   Reply With Quote
Old 10-15-2018, 12:47 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,109
When one wants to improve security many people ask: What am I protecting from what?
MRG is offline   Reply With Quote
Old 10-15-2018, 12:57 PM   #16
Thinks s/he gets paid by the post
 
Join Date: Aug 2013
Location: North
Posts: 2,241
Quote:
Originally Posted by target2019 View Post
Create a shared google drive folder with your accountant. Put sensitive documents there, and you're assured the data is secured at rest and in transit.

+1 This is how I help others with investments. Keep in mind if the recipient is signed into Google though, and they are complacent with their devices, technically an accessible yet lost phone would compromise them.



Explained in simple real life scenario... My dad, whom I share a google folder with, signed into my mom's computer on google but never signed out. She was able to access the file because he failed to sign out on her device.



They got their panties in a bunch when they discovered this. Of course through their eyes it was my fault for sharing the file, not my dad's for not signing out of his accounts.
__________________
AA (Stock/Bond/Cash ): 96.5/0/3.5% MIX (Small/Mid/Large): 25/25/50% BLEND(US/Foreign): 100/0%, REIT (Real Estate Equity): ~50% of Assets

FIRE in 2031 @ 50yrs old (+/- 2yrs) w/ a hypothetical $2.5mil portfolio, 3 appreciated homes worth $1.0mil and rental income to fund my gap years until RMD. Assets will go to an inherited IRA where I plan on watching the investments grow until I die or the trust gets executed.
kgtest is offline   Reply With Quote
Old 10-15-2018, 01:01 PM   #17
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,437
Nothing in Google drive is secure. Google looks at the content of everything if they can. Same with other cloud services and email providers. You need to encrypt it BEFORE it gets uploaded. Preferably encrypted with the public key of the recipient and signed by you.
jim584672 is offline   Reply With Quote
Old 10-15-2018, 01:54 PM   #18
Recycles dryer sheets
 
Join Date: May 2014
Posts: 412
Quote:
Originally Posted by target2019 View Post
Create a shared google drive folder with your accountant. Put sensitive documents there, and you're assured the data is secured at rest and in transit.
WRONG! Read the Google privacy statement. They explicitly tell you that by using their service (Google Drive) you are granting them the right to read and use for their own purposes anything you put up there. In intellectual property terms, this is known as no-cost perpetual license you are giving Google to your property.

So, you need to encrypt it before uploading it, and you cannot create the doc in Google Docs since it has the same licensing terms.

But, you can create the docs in Microsoft Office (the Windows app, not the service) and use the built-in encryption capability. You can encrypt a Word doc (or Excel spread sheet) with a password before uploading it to Google Drive (or before emailing it), then Drive cannot snoop at it, at least not easily, and it probably won't bother with trying to decrypt it. Tell the recipient beforehand the password you will use for the docs he/she will receive from you.
TwoByFour is offline   Reply With Quote
Old 10-15-2018, 02:13 PM   #19
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,437
Quote:
Originally Posted by TwoByFour View Post
But, you can create the docs in Microsoft Office (the Windows app, not the service) and use the built-in encryption capability. You can encrypt a Word doc (or Excel spread sheet) with a password before uploading it to Google Drive (or before emailing it), then Drive cannot snoop at it, at least not easily, and it probably won't bother with trying to decrypt it. Tell the recipient beforehand the password you will use for the docs he/she will receive from you.
I would never trust Microsoft encryption for anything. Use a known trusted program like GPG. Public key crypto doesn't require a secret channel to transmit the keys which is a huge hole in just sharing a password. Also cryptographic signature verifies that the document came from you and hasn't been altered or replaced.
jim584672 is offline   Reply With Quote
Old 10-15-2018, 02:35 PM   #20
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 2,524
Quote:
Originally Posted by target2019 View Post
Talking about a shared doc, not email.
I was talking about email not shared documents. I thought you were describing email/gmail also.
__________________

gauss is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Company to Prevent Access to Gmail, AOL, Hotmail, etc. nico08 Other topics 29 01-31-2013 12:08 PM
Vanguard vs. Fidelity vs. Schwab vs. etc. etc. Mikedb Hi, I am... 2 10-08-2008 09:03 PM
help w/Schwab cust.svc. and wire fees? ladelfina FIRE and Money 20 07-10-2007 09:49 PM
Wow, thank you, etc, etc gray_jay Hi, I am... 1 07-12-2006 02:38 PM
Home Network Encrypted cube_rat Other topics 15 11-21-2005 02:57 PM

» Quick Links

 
All times are GMT -6. The time now is 10:10 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.