Email privacy issue - can deleted emails be recovered?

[habilis]

For privacy reasons I would like to make sure that my deleted emails are never able to be recovered. I use Entourage 2004 for my personal email and Apple Mail for my business. I have highly sensitive info going back and forth in emails and I want to make absolutely sure that it's unrecoverable, even by advanced government data recovery specialists.

This is a question for the data forensics people if you are out there, give me a hand.

[Andrew Adamson]

I am somewhat afraid of /why/ you are asking about this, but the simple answer is, if you want to keep your existing email unrecoverable, consider pounding your hard drive into a fine powder and slowly spreading its remains into the deepest ocean. Most email programs are not designed to be secure and so multiple copies of your inbox are probably saved in various states and conditions in multiple parts of your hard drive. I'm not sure about Mac, but the PGP desktop system allows you to wipe your hard drive, but I am not wholy confident that it is truly 'unrecoverable' to a determined authority. You should presume it isn't.

If you are worrying about email you have /already/ sent, you are SOL. Email is passed along the network in plain text and anyone who has physical access to the hardware that carries your message has the ability to read your email. As well, if you have sent your email over international or state boundaries, your messages are subject to their tapping laws. The simple fact is that email was never intended for communicating confidential matters so not a single line of code has been included to protect your privacy during its transmission.

Given one of your earlier posts about bulletin board postings, I think that encryption tools wouldn't help you, so I won't mention any. Free speech is one of the most important principles of any democratic political system, but in the US, anonymity is not a constitutional right and, as much as it pains me to say it, the First Amendment does nothing to save you from the legal ramifications of your own free speech.

Good luck with whatever it is you are doing.

[perfessor101]

Quote:

Originally Posted by habilis

For privacy reasons I would like to make sure that my deleted emails are never able to be recovered. I use Entourage 2004 for my personal email and Apple Mail for my business. I have highly sensitive info going back and forth in emails and I want to make absolutely sure that it's unrecoverable, even by advanced government data recovery specialists.

If you really want that level of security, at the end of each day, physically remove the hard drive from your machine, crack open the HD case and pull the platters out, then run the platters through a grinder. Then put in a new drive for the next days work

Quote:

Originally Posted by habilis

This is a question for the data forensics people if you are out there, give me a hand.

I am not a forensics expert, but I have worked on highly classified government projects and this was the only level of security the DoD considered adequate.

Quote:

Originally Posted by habilis

And while we're at it, if a non-US person located in a third-world country had a yahoo email account and used a fake name, etc, trying to stay anonymous, could the CIA or FBI secretly subpeona and tap the emails passing back and forth? And does anyone know that even if you delete emails from a yahoo account, are they still stored in a backup somewhere?

Yes and Yes

Quote:

Originally Posted by habilis

I know about hushmail and mutemail but yahoo seems like an organization that could easily get pushed around by federal agencies...

They don't really want to go out of business or have their executives spend all their waking hours in court so they will cave.

Quote:

Originally Posted by habilis

I'm not a terrorist or anything but I do communicate with others around the world in my Buddha statue import business.

If encryption programs like PGP are good enough for the central American drug cartels, surely they are good enough for you

[Andrew Adamson]

Quote:

Originally Posted by perfessor101

If encryption programs like PGP are good enough for the central American drug cartels, surely they are good enough for you

This is actually one of the things that worries me. Encryption should be part of every person's email routine. For regular, old mail, I like to use envelopes for the simple reason that I don't want [insert name]'s mail carrier to know about my [insert embarrassing detail]. But at the moment, I can't use encryption for my email because no one I know uses it! Either people don't know about it, or they don't realize how transparent TCP/IP is, or they don't care. For example, I recently had a business acquaintance send me my personal bank account number for /confirmation/ in an email after I specifically instructed him to contact me by phone if he needed to exchange this information.

I personally have no problem with legal authorities having access to my data. If I am legally obliged to hand over decrypted email (by a judge's order, for example), I will do so just as quickly as I would my banking statements or written correspondences. I don't even mind having key escrow (where the government gets a key to open my encrypted email without my knowledge or permission), if it means that Joe Cracker or the Mob can't get hold of my personal info. I actually trust the government won't screw me if I remain on the up-and-up.

But right now, encryption programs are the stuff of professional criminals and unless that changes /quickly/ you can imagine it becoming illegal in many countries. Then it will be too late. And I'll have to use the phone to discuss my hemorrhoids.

Oh, crap. Did I just say that?

[habilis]

I just want to keep my financial information and Asian contacts confidential. I'm in no fear of getting raided or anything, I do nothing illegal.

[Satcomer]

I personnally would use an Encrypted Disk Partition. PGP is good, but it is breakable, that is why it allowed to sell. Now, I will klist the steps you need to be truly paranoid.

1. First read this.

2. Then read this.

3. Disable Root!

4. Never run as Administrator full time.

5. Run not one, but at LEAST two hardware firewalls!

6. Your password should at least be eight characters, with at least one capital letter, one number, one symbol, not a common name or word or birthday or social security number. This password should be change every two weeks and never written down. Also, disable automatic login.

7. Take out any wireless card or bluetooth device. These are EASLY hacked/cracked by some serious people.

8. Have at least three email accounts, never using your personal one with anyone but those you truly trust (i.e. family).

9. Never settle for anything less than 256 encryption.

10. The less mainstream the encryption, the better. Also, public key encryption is regularly read by those who mean business (ie -higher than independent hackers).

11. Never ever give out your encryption password over any public media. discuss it only face to face!!!!

12. As a Mac user, download Little Snitch. You will be surprised by the number of phone home applications!

13. Consider a biometric login device, but don't just rely on the bio login, do it with a password,

These are just what I could think of the top of my head. I will post some more later when I wake up fully.

[Andrew Adamson]

Quote:

Originally Posted by Satcomer

10. The less mainstream the encryption, the better. Also, public key encryption is regularly read by those who mean business (ie -higher than independent hackers).

I'm not sure I agree with this. Using an obscure encryption system probably leaves you far more open to cracking due to poor program design or outright bugs. As well, public-key encryption adds an additional layer of security, because in order to decode your message, an attacker has to have both your public key and the recipient's private key or he'd have to brute-force crack the message's key, which at present is not feasible. As counter-intuitive as it seems, not even the author of a message is able to decrypt a public-key-encrypted message, so having access to the computer that generated the message leaves an attacker no further ahead.

Good background on encryption and cracking can be found at this page. It is specifically about the piercing of the SHA-1 algorithm, but it has worthwhile (and fairly easy to understand) info about how you go about cracking things.

As well, I would recommend everyone abandon passwords and adopt pass-phrases instead. If you don't mind typing out 20 keys (for example, "my boss is an idiot" or "i eat too many cookies") and throw in a misspelling or two, you will defeat precomputation attacks (in which all possible keys are worked out ahead of time). They are easy to remember too.

[texanpenguin]

Adam is right, mainstream encryption is very much the most reliable method, as is public-key systems. Factorising 256-bit integers is too much of a struggle for any computer today (or super computer).

To the thread starter: get a secure certificate from thawte.com, and make everyone you know use one as well (or don't talk to them at all). You'll need one for every account you have. Then encrypt all messages and noone can access them, even Yahoo, even with logs.

Then turn on file-vault, disable root, get a secure password, and never, EVER turn your computer on.

EVER.

But yeah, it's possible .