Easier paths to security
So what’s the answer? You can still use email, but maybe not for everything. If you want to send a private document to someone, enclose it in a password-protected ZIP file and send that by email or, even better, share a link to it using a file-sharing service such as Dropbox and your email storage allowance will be impacted less. In both cases, you can share the password via some other means, such as text message.
Text messages (SMS) aren’t secure either, but if you send a password-protected file by email and a password by SMS, you have at least split the two. This limits your exposure to all but very dedicated surveillants. And you can make SMS secure if both you and your colleague use encryption software. If you both use smartphones, this is remarkably easy in comparison to encrypting email. Install an app such as Signal and, when you first send a message to a specific contact, click the Invite To Signal box that appears to insert a link to the software. When you both have it installed, you won’t even notice you’re using it.
SilentCircle’s privacy-championing smartphone, Blackphone
RIP IRC; long live IRC
If you want to collaborate easily, use a tool such as Slack or Ryver, both of which are good for sharing information about multiple projects between multiple people. Both sites are a modern, web-based take on Internet Relay Chat (IRC) but with added benefits. It’s easier to search for specific notes and events than with email, and the order of different people’s responses is usually very clear. Both services encrypt connections to the server with the Secure Sockets Layer (SSL) standard, so all messages will flow safely over the internet.
“Bear in mind that any web-based tool, whether using HTTPS and 2FA or not, could be hacked.”
If someone learns your username and password, however, your whole message archive will be exposed. Choose a service that supports two-factor authentication (2FA), even if it simply involves a verification code sent by SMS. Slack supports this and a number of authentication apps such as Google’s excellent Authenticator. Ryver does not appear to support two-factor authentication yet, which makes Slack more attractive from a security perspective.
Bear in mind that any web-based tool, whether using HTTPS and 2FA or not, could be hacked. Don’t share important passwords or other very sensitive data using collaboration tools that store data online. Sometimes nothing beats a meeting in real life for exchanging secrets (mackintoshs optional) but, if you can’t manage that, Signal also supports encrypted phone calls.
[Image: J Aaron Farr – Flickr]
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
