Thursday, March 17, 2005

Email Privacy in Pakistan

The pakistani government has finally accepted the fact that it scans and stores all emails sent to and from pakistan for security reasons. The statement was made in the National Assembly this friday upon answering a question repeatedly put up by Muhammad Pervez Malik; a member of the National Assembly.

The CIA in the US is known to be doing the same to keep an eye on any upcomming security threats. After reading an article on SecurityFocus regarding email scanning, I now agree to the fact that the job carries a cosiderablly high price tag. I wouldnt disagree to know that the price is something near to a $100 million a month.

Well incase you are wondering how secure your email really is, its "zero" secure under normal conditions of our country.

The most vulnerable email addresses to date are the local POP3 addresses. Some of the following accounts are the easiest to trace for the government (infact anyone even working there) as they do not have a proper IS Security policy in place. Dont be surprised if you see one of your emails in the hands of a sweeper who happens to work there.

MOST Vulnerable (Local POP3s/SMTPs)


Many of us usually prefer to send the larger emails quickly by switching to our local ISPs SMTP, which normally doesnt ask for authorization if you are their custommer. But is it really secure enough? There is a 99% chance that it goes to the government too if you use the local SMTP.

However only a fraction of the internet users of this country use these POP3/SMTP accounts. They are mostly seen used at places where people dont have a permanent connection to the internet. So Rural and sub-urban places of the country have the most usage for these accounts. And atleast I wouldnt expect Osama Bin Laden to hide in the Karachi Marriot hotel! He would rather, goto a low profile area.

Most of the remaining crowd would stick to their hotmails, yahoos, gmail or any other web based email systems... Is it secure?

Yahoo Mail

Now thats a 50-50... When logging in, Yahoo Mail gives you an option to keep your entire session in SSL (Secure Socket Layer). SSL makes your connection extremely SLOW because of the heavy encryption going on, however if you use this option, there is not chance of anyone being able to read whats being sent and received from your Yahoo Mail. Only you, God and Yahoo would know whats in. (I havent seen anyone using this option to date but still its available).


I havent used hotmail that much, the last time I logged in was In 10th grade (6 years ago). I didnt have a hotmail account since then. But I registered this one to see if its supports SSL. The funny part about hotmail is that it does secure your login procedure (that means General Musharaf would not get to know your password). But he can read your emails. As Hotmail only secures the connection when u login, after ur in, hotmail invites Baba Musharaf to read your mail (Yes a copy is cached with baba Musharaf) as the communication after login is not secured.


The case of GMAIL is the same as Hotmail. It secures your login procedure using SSL (baba musharaf cant read ur password). But he gets what he needs, since gmail also doesnt encrypt your inbox/emails after ur logged in. So again a copy is most probably cached at the National Security Storage centre (Whatever that maybe).

It is not that GMAIL, Hotmail and Yahoo cant secure their connection. It simply descreases the loading speed by upto 10 times! Imagine If it takes you 3 seconds to login, it would take 30 seconds with an SSL connection. Security concious people always use the "Secure logon" option of Yahoo! Mail. Gmail and Hotmail should also provide similar options

My Choice for email security

1. GMAIL POP3/SMTP (Check this) using ports 995 and 465/587 for POP3 and SMTP respectively
2. Yahoo Mail with SSL login (Click Secure before login)

Yes, thats GMAIL POP3/SMTP on number one. The GMAIL's POP3/SMTP mail is the most secure email ive seen to date (unlike its web based counterpart). The GMAIL POP3/SMTP uses SSL even on POP3/SMTP connections and gives you the ease to manage your mail from Mozilla Thunderbird, Outlook, Incredimail or any other client...


Anonymous said...

What is Gmail pop3/smtp? How is it different from web-based Gmail?

Is it outlook-based email set up to receive web-based gmail?