An update on Private Post December 7, 2005
Posted by Perry in Personal, Technology.add a comment
After some experimentation, Paul and I have been able to exchange encrypted messages using Private Post that I mentioned earlier this morning. While installing it here on my computer, I read the EULA and discovered in it that the software is a 60-day trial version and that after that time there is a license fee for the Pro version but that there is a Lite version that will remain free. Interestingly, I didn’t see that anywhere on their website. Because of that I tried to send an email to their support group and got the message from my mail program that the message was not sent because the “destination was not valid in DNS.” That doesn’t inspire a lot of confidence, I must say. It will be interesting to see what, if anything, Bruce Schneier has to say about it, once he has had a chance to review it. When I see that response, I’ll note it here.
A further update: I was mistaken that my email to the support group did not go out. In fact it did, and I have just received a reply from Philippa Beadle that said, “With regard to pricing you are correct in that there is nothing currently on our website. I can tell you that the price will be 34.99 Euro. Our website is being redesigned to add some more substance and the pricing will appear there in the near future.”
He (or she, I’m not sure which) also added, “You will still be able to use Private Post to send and receive encrypted email when the 60 days is up though some of the options will be ‘greyed out.’”
A new encryption service December 7, 2005
Posted by Perry in Personal, Technology.3 comments
This morning I awoke to find an email from my friend Paul Moor alerting me to a new encryption technology service called Identum. The company makes it’s product, called Private Post, available for free. The encryption technology used for this product is the so-called Sakai-Kasahara Identity-Based Encryption (SK-IBE). A highly-technical document called the “Security Proof of Sakai-Kasahara’s Identity-Based Encryption Scheme” can be downloaded in this PDF.
This question from the FAQ for Private Post is important …
Q. Which email programs are compatible with Private Post?
A. Private Post integrates seamlessly with Microsoft Outlook 2000, XP and 2003 through plug-in toolbars which enable you to make and read Private Post. To read your Private Post in other email programs simply open the attached .ibemsg file. To make a new message private, write your message as normal, click on the Private Post icon in your system tray and select Make Private.
Because I don’t use either Outlook or Outlook Express, I’ve asked Paul to download their product and send me an encrypted message to test whether I’ll be able to decrypt it when I receive it. If I can (per the instructions quoted above from their FAQ), then this could be a significant step forward in encouraging the use of encryption in email, which I happen to believe is a good idea for the reasons given in this explanation from the Private Post FAQ.
Q. Why should I install Private Post?
A. Email is about as private as a postcard. Your email becomes public the moment you hit the send button. It is sent in a readable format across the internet via your own and other peoples public networks and can be easily intercepted, read and even changed. Securing your data at point A and point B is both necessary and desirable but its not the whole story. Any security measures you take become worthless unless your data can also be kept private in transit between A and B. Private Post ensures that only the intended recipient can read your email PLUS any attachments you send.
Encrypting email has always seemed to me a good idea, and I have spent a lot of time experimenting with PGP and the S/MIME technology used by Thawte. A major drawback to most encryption schemes is that they often require a level of sophistication that makes them unapproachable by any but the most determined, and frequently one has to teach his correspondents how to use the tools. For most people, this learning curve is a hurdle they simply can’t (or won’t) leap.
I have sent an email to Bruce Schneier, who is one of the world’s most highly-respected commentators on security issues, in the hope that he’ll review Private Post and give his assessment of its merits at his blog or in his monthly newsletter, Crypto-Gram. In the meantime, I expect to run some tests with Paul to see about Private Post’s ease of use and its interoperability between diverse email programs. If/when I have anything significant to report, I’ll comment further.
