Category: Geeks r Us
Hi all, I found out that an internet service provider can keep track of everything you do online, but can they read your email and instant messages, and spread them to others? I'd like to know because email is private, and I don't want someone who I don't even know reading and spreading emails and other means of communication. I also wonder if an ISP can read the things I post and talk about on the zone and such. Any feedback would be greatly appreciated.
Thanks.
The short answer is yes. The long answer is yes and no. Yes, they can see what you're talking about on the zone and in an email, especially an email account by the ISP. However, in order to spread that information, they would need a court ordered supena, and spreading it would only be to the court, and not to anyone else. You want your email to be relatively secured? Get gmail, hushmail, something like that. Best of all, don't say anything anywhere that you don't want anyone to hear. There is no such thing as privacy anymore, especially on the computer.
Well, could an ISP send emails as me, and want information on the person I'm emailing? Also, could they give out my email address, or the address to where I sent the email?
what are you, paranoyic? the short answer is emails are insecure, so don't send sensitive shit, and no it's not isps that send emails pretending to be you, it's spoof emailerr [programmes that pretend emails are coming from your mailbox. hell, i you have private things to say, send a letter or get on the phone. email is basically like writing a message on a bit of paper, making a paper plane from it and throwing it to your neighbour. you can use secure email, but even then. the thing is, your email address is pretty much public knowledge.
I agree. Another thing, you don't seem to have understood my post. ISP's need a Supena to release info about you or to even access your email account.
Another thing: unless you're a terrorist or massive file sharer, then you've nothing to precipitate your concern. LOL.
Are the things you do online private? No, and they haven't been for quite some time.
Should they be? Topic for another board...
Well, I read your post Kenny, and I feel more at ease. Well, I just send emails and stuff. Its my personal life, and I don't want someone who I don't know from adam intruding in any way.
If you want to get the attention of the security types, start encrypting your email with something like GNUPG. This is public-key cryptography. Share your public keys with your friends (no putting them onto one of those keyservers, you never know who's looking). LOL. You keep your "secret" key to yourself. For instant messages, there's Bitwise. It uses encryption for all traffic.
Encryption can be broken. Nothing, I repeat nothing that is on the internet is secure.
wow. i don't use email that much except for school related stuff or to talk with friends sometimes, i mostly use my cell phone
Most encryption can be broken, sure, but provided (and it's not a short list of provisions) you take care of the private key (ie: never place it on a computer reachable on the Internet), have a suitably strong random number generator, use an algorithm not known to be broken and use a key length that is sufficiently long that guessing will never reach it, you are safe against any automated decryption.
What do I mean by safe? Well, adding one byte to a key length multiplies the number of possible keys by 256. Adding two bytes multiplies the number of keys by 65,536. Four bytes, you need to multiply by four billion. And so on. It's exponential growth. Computers double in performance every eighteen months (Moore's Law). Someone might be lucky and guess a key at the first try. Failing that, and provided Moore's Law holds up, it might take another 19,884,107 years, provided there aren't any flaws. Yes, 19,884,107 years later, someone can read your e-mail. And you are going to care about this... why?
You can improve security a bit by compressing the message first. Why? Because it makes it much harder for a computer to know when it has the right key. It might crack the message fine, look at the compressed output, decide it's not meaningful, and reject it. You can't always rely on this, as the encryption algorithm will make certain assumptions about what it is encrypting. If those assumptions are wrong, you could make breaking the encryption easier. Use with caution.
Breaking an algorithm... What does this mean? It means that someone has found a way to avoid trying every key. Maybe not all of the key is used, or there's a way of deducing the key from the message, or some way of figuring out some or all of the private key from the public key, etc. There's really no telling which of the major public key algorithms will fall next. Even the best experts disagree on that, or even on whether any of the top algorithms will have an exploitable flaw at all. There, you are wagering your gut feelings against cryptanalyst skills. Remember, you only have to "win" for as long as the message is important.
Now, at the beginning, I said "most encryption can be broken". Does that mean there's encryption that even twenty million - or twenty billion - years from now will never be broken? Yes, but I warn you that it's totally obnoxious to set up. The One Time Pad is the ONLY "perfect" encryption system. It can never be broken, even in theory. The only way for a third party to get the encryption key is to physically steal it.
What is a One Time Pad? It is a series of totally random numbers at least as long as the message. It must be used once and only once. Ever. Not even to resend the same message. The numbers must not be generated mathematically, but must be pure randomness. The key must then be copied onto something physical (such as a CD or USB keychain) and physically handed to the person who intends to use the key.
I told you it was a headache. However, every encrypted message that is sent will decrypt to EVERY possible message of that length or less. Equally. There is simply no way for anyone to know which one is the real message. As far as anyone else is concerned, the real message is unknowable.
In practice, true One Time Pads are almost never used. They sometimes are for super top-secret messages by Governments, but that's about it. If you are going to send mostly "routine" e-mails and maybe once a year a super-confidential e-mail, then a One Time Pad is worthy of consideration.
Thanks a lot alpher.
in short, what is it you have to hide. Because really your ISP isn't interested in whether you got laid last night or whethr you had a shower last month.
I've always figured my life was dull and boring enough that nobody would waste time looking at my Emails even if they could. I don't consider anything I put out there on the Net, either in Email or my Livejournal or anywhere else, as absolutely safe from anyone. But I can't be paranoid, either. As I said, my life is boring and humdrum, and I don't think my ISP would care about the little nuances of it.
Well, I have the many conversations that are just between me and my friends. I especially don't want those friends to know that there emails are being read by someone.
Well, newsflash. Their emails are being read by someone. Not only that, but there is always the NSA. I am sure that if they have encryption, the NSA has ways of breaking it
This isn't even worth worrying about. Unless you're plotting to blow up the White House or to burn down your city, nobody really cares.
I'm not a massive file sharer, or any of those things. Someone reading emails is an invasion of privacy.
If you only encrypt credit card numbers and banking data, any half-decent thief only has to look for encrypted data to know where the valuable stuff is. Short messages with a known format are potentially easier to break.
On the other hand, most published incidents involve thieves cracking badly-protected online stores and obtaining millions of credit card numbers in a single go. It is safe to assume the incidents kept quiet will be far worse. In which case, nobody is going to bother with your personal data.
you seriously need to get a grip. Your conversations really won't be that interesting that your ISP wants to read them, and if you're stupid enough to put your credit card number in emails then you deserve to be ripped off.
Oh, and you keep eluding t the fact that emails are confidential. It's going through a wire. It's as confidential as your phone calls.
I know that now, but you never know if whomever's reading and monitoring internet access is nosey.
unless if we're a criminal or something like that, why do they moniter us? and, my suggestion is to keep important stuff like credit card numbers and the bank passbook numbers such things shouldn't be shown here at any cost.
There is nothing magical about e-mail. It is plain ASCII text, with some introductory info the computer uses for reference. The same is true for web pages. These are all plain text formats and are insecure unless encrypted. To feel safe about one and unsafe about the other is absurd.
Why monitor? Oh, very easy to answer that one. Social engineering. Say someone wants to steal an identity. They'll sniff e-mail and poke around in trash. Kevin Mitnick could steal identities in almost no time flat, and remember -- he was careless enough to be caught. The vast majority of identity thieves never are.
It's not that they care what you say, per-se, it's that you say it.
Thanks everyone.
For what?
for the posts and advice.
Are you going to take the advice?
Yes. Now I know that email isn't secure, and I will never put my bank or sensative information in an email.
Good, so I can teach you something.
Yes.
I wonder if your ISP can access files on your computer. I know an ISP will need a court supina to spread information, but could they get away with spreading information to friends and relatives and stuff? How will the court or government find out if confidential information was spread to peple outside work.
In responce to the files question:
newbe answer no, more techy answer maybe.
Depends if your behind a router.
Even then, you can get viruses that reverse connect which is a work around for this problem.
Depends if you have anything shared.
Even if you don't, if you've been tweaking your os, you could have enabled hidden shares for all of your harddrives, and if you don't have an administrator password (Different to your account hopefully as you should never work under the admin account) than anyone could do it with a good trojan.
Basicly, if your computers secure then kno. My understanding though is that if they got a caught order to do it then they could just walk in and yoink it away from you - get it? yoink? oink?
I kno I didn't go into this in much detail, this is only because I don't think that you should worry about this to much. Unless ybeeing really dumb about security then you should be fine.
Good idea. Just curious though. While on the zone, could admins or CL's be able to read private quicknotes or private messages? If so, could they pass them along to others?
I doubt it.