You've probably heard the story of Hillary Clinton email account hacking. To be brief, Hillary, being the US Secretary of State, used a personal mailbox for business correspondence. This email was hacked by an unknown hacker, and the data appeared on the portal Wikileaks.
I will analyze this situation in detail in the chapter devoted to hacking mail, but here I want to draw your attention to the following point: in the mailbox there were about 30 thousand letters, some of which were stored for many years. The information in 65 letters was distributed under the “secret” stamp, at 22 were “especially secret”.
It seems the advice is unequivocal: it is necessary to delete mail, and not keep it for years. This is reasonable, but the problem is that it will work if you are hacked, and what to do if your interlocutor is hacked? The leak will occur even if you delete everything on your device.
Tip
Periodically delete messages that are stored in your email inbox and have lost their relevance.Imaginethe situation when you sent the very important documents to an imaginary Hillary Clinton, you deleted all the data at your space, and she has stored it for years and it will flow into the hands of hackers. There is, of course, the ability to encrypt mail, such as PGP, but this is only when communicating with prepared interlocutors; for all others, you need to use other solutions.
And there are such solutions; they are offered by the email services themselves. They have different functionality, but usually it all comes down to the following thing: the data is not sent to the addressee’s mailbox, only the link to access information comes to them.
The addressee follows the link and can view documents (they can often be protected with settings from being able to download), read the text. You can control access to the data via the link, for example, by setting a period during which materials will be available to the recipient.
Protonmail
We start sending the letter, in the lower part we press the button with the lock.
Specify the time during which the letter will be available. After this period, the recipient will not be able to get acquainted with the contents of the letter. If you are sending a message to a non-Protonmail user, be sure to think of a strong password.
The recipient will have to provide a password to access the content and will be able to immediately send a secure reply, regardless of whether they have an account with Protonmail or not.
Gmail
When sending a letter, select on / off confidential mode, that is a button in the form of a lock with a clock.
Specify the period of access to the data.
If you need to close the data access ahead of time, you can do it by going to the sent letter. The ability to close access if needed is another advantage of this option.
If we talk about the security of this tool, we must remember that Google has access to mail no matter how it is sent, and the Protonmail solution is safe with a strong password. Using Gmail does not protect you from access to the data sent by the owner of the service or third parties, this tool is designed to minimize the risk of leakage at the recipient level.
But you still think about the security of mail. Gmail was once convicted by Snowden in collaboration with the NSA, caught analyzing letters, and then showing targeted ads based on their content, and also noticed tracking users' purchases by letters, which we notified on our ITsec NEWS channel. Therefore, my colleagues and I recommend that you look at mail services that value the confidentiality of user correspondence more.
Protonmail is also far from ideal, but at least it does not have access to correspondence and provides the ability to manage stored data.
The advice of this chapter will be very simple (actually, the whole course is based on simple tips): when you send information, protect the letter, limit the period of access to it. This is especially true for sending documents and valuable data.
Tip
When you send an information or document, protect the letter, limit the period of access to it.This method, of course, is not a panacea, for example, the interlocutor can take screenshots of the transferred data and documents and save them, or hacking can occur at a time when access to the data is not yet limited; you cannot completely eliminate the risk, but you can minimize it.
Concluding the chapter, I cannot omit the independent tools used to protect documents from being copied and printed, for example, the pdf2go service. The task of the service is to prevent the copying of the pdf-document, leaving the user only the opportunity to get acquainted with it. Sellers of information products like these services, using them to protect their intellectual property.
However, I would not recommend loading particularly valuable documents onto such services.