- Riots break out after a fake email about coronavirus went viral Thursday 8:59 PM
- Bloomberg edits debate clip to make other Democratic candidates appear speechless Thursday 7:50 PM
- Dad claims YouTube refuses to remove video of daughter’s murder Thursday 6:36 PM
- Video of Kanye leaving Kim in elevator to carry all their bags has people cackling Thursday 6:19 PM
- Orlando Bloom’s tattoo misspelled son’s name because of Pinterest Thursday 5:35 PM
- The Ahi Challenge is the latest dance taking over TikTok Thursday 4:40 PM
- Show criticized for putting rape victim in blackface to protect her identity Thursday 3:42 PM
- Woman becomes viral sensation after iconic ‘Shallow’ subway video Thursday 2:48 PM
- Prettyboyfredo tried to gift a bullied teen some $30,000 Nikes at school—he got detained Thursday 2:13 PM
- ‘Vanderpump Rules’ recap: Wedding bells and blows Thursday 1:50 PM
- A 16-year-old made a ‘meme guide’ to help her dad understand online trends Thursday 1:46 PM
- UCLA drops plans to use facial recognition after student pushback Thursday 1:07 PM
- ‘Star Trek: Picard’ recap, episode 5: ‘Stardust City Rag’ Thursday 12:56 PM
- Roger Stone sentenced to 40 months in prison Thursday 12:45 PM
- New The 1975 music video is full of memes you’ll love Thursday 12:28 PM
Here’s the step-by-step guide to NSA-proofing your email
Drew Crawford’s post points out that perhaps the biggest flaw in online security today is how little users understand of it.
As inconvenient as it might be, staying off of Facebook or Skype is doable. But email, at this point, is all but necessary not only for one’s personal life but for their professional success. In 2012, for example, businesses sent almost 90 billion emails per day.
Unfortunately most of these emails are kept by Silicon Valley companies that participate in PRISM. In 2013, reported the research firm Litmus, all but 11 percent of email clients are owned by Apple, Microsoft and Google. This raises the question, if one can’t live without email, then is there anyway to maintain privacy in the age of PRISM?
According to software developer Drew Crawford, “NSA-proofing” one’s email can be accomplished in about two hours. “If you are still using GMail (or Yahoo, or arbitrary U.S.-based email company) in August,” Crawford wrote on a detailed blogpost of how to set up an encrypted email server, “your right to complain about the NSA spying on you is revoked.”
Crawford’s explanation—which goes into too much technical detail to explain here—essentially points to the fact that the major vulnerability of PRISM-tapped emails are that they are hosted by companies vulnerable to court orders.
To address the issue, Crawford fleshes out the step-by-step process users must go through to host their own emails on encrypted servers. For someone without much familiarity with coding, the task is a slog that requires them to detangle sentences like “you might want to lower the TTL on your MX records to the smallest possible setting.”
True, that technical language will probably prove too much of a barrier for many. But Crawford’s post serves to point out that the largest flaw in online security is perhaps a lack of programming literacy. If we don’t know what’s going on when we click “send” on an email, how can we have any reasonable assurance those transactions are private?
“Today we kill your excuses,” Crawford wrote. “Because I’m going to show you exactly how to do it, it’s going to take about two hours to set up, and it’s a ‘set it and forget it’ kind of setup. … Pick a weekend, get it done.”
In some sense, however, the push for individual education about how information is stored on the Internet may have come too late. No matter how secure the emails are on one server, the process is only truly secure if both emailing parties are using such precautions. If the Litmus survey is correct that at least 89 percent of email traffic happens on services participating in PRISM, it’s difficult to imagine a meaningful number of people will be taking the very technical—if brief—steps to ensure their privacy anytime soon.
As for Crawford, his entire blog gives an internal server error this morning, which has Reddit a little worried: “Looks like the NSA got him already,” deadcow5 speculated.
Illustration by Fernando Alfonso III
Joe Kloc is a former Daily Dot contributor who covered technology and policy. He's contributed to Newsweek and Mother Jones, discussed his reporting on air with WNYC, and written Weekly Reviews for Harper's Magazine.