For better security, maybe it's time to abandon e-mail?

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

For better security, maybe it's time to abandon e-mail?

<< < (6/10) > >>

Stoic Joker:
Depends on the jurisdiction I think. Here it only applies to "covered" communications. Many US corporations are now operating on a minimal retention policy. They only retain as much and as long as the law requires. With the exception of regulated securities-related communications; and tax documents and/or communications with government revenue services - which I have been told need to (or should be) be retained indefinitely.
-40hz (December 22, 2014, 01:21 PM)
--- End quote ---

BINGO!

Not to mention that legal issues are frequently exacerbated by excessive documentation. Like Sony who obviously could have massively benefited from a teensie bit more delete button action. Sure, it might piss a judge off a bit ...(if he knew about it)... But if there are no incriminating/scandalous records...then there's no reason to be talking to a judge.

You just need an established policy, that allows enough latitude, to let folks delete their junk mail ... Savvy?? ;)

app103:
Just for conversation's sake... what would that look like from the abstract? Maybe we can hash it out? Any thoughts?

My requirements for adoption are simple. Not real-time, and not brief form- though it would support almost real-time and brief form communications.
-wraith808 (December 22, 2014, 12:12 PM)
--- End quote ---

So far we have:

* not real-time - but timely
* not restricted to brief form
I'll add:

* fully decentralized - no persistent servers or trackers
* non-logging protocol
* encrypted end-to-end, with primary encryption done on the local machine -
(note: additional encryption layers may also be added further down the chain)
* some type of "trust" mechanism between peers to minimize risk of "man in the middle" attack vector
which ideally would also serve to identify "poison" peers
* mechanism to identify tampering attempts with messages
* integral tombstone/self-destruct mechanism available for all messages with "delete after reading" as the default. "Save this message?" must be specifically invoked (a simple push button, check box, or right-click will do) for each message in order for it to be retained.

* to preserve message store security, encryption is "always on." Messages are only in an unencrypted state when being displayed. Unopened messages are left encrypted. Saved messages are automatically re-encrypted on close. Deleted message are zero overwritten in background.

What else?

-40hz (December 22, 2014, 12:42 PM)
--- End quote ---

What else?-40hz (December 22, 2014, 12:42 PM)
--- End quote ---

How about an option to totally disable the receiver from saving the message?

"This message will self-destruct in 5 minutes" (or upon closing).
-Deozaan (December 22, 2014, 04:39 PM)
--- End quote ---

There goes most support desk software and the best monitoring & training mechanism for support desk personnel. Without being able to import requester messages into a system, pass those messages between agents, keep a permanent, searchable log of all incoming messages and their responses, tying those individual conversations to customer accounts, etc. a lot of what support desk agents do via things like Zendesk, will not be possible.

40hz:
There goes most support desk software and the best monitoring & training mechanism for support desk personnel. Without being able to import requester messages into a system, pass those messages between agents, keep a permanent, searchable log of all incoming messages and their responses, tying those individual conversations to customer accounts, etc. a lot of what support desk agents do via things like Zendesk, will not be possible.
-app103 (December 23, 2014, 05:01 AM)
--- End quote ---

Very good point! But I think this may be an example of a boundary situation that wouldn't affect most users.

However...

In this scenario, I don't think it would be unreasonable for a tech support agent to briefly explain why a message would need to be retained - and request that the sender turn off any blocks on message retention. That's no different than "your call may be monitored" when doing it by phone.

You could also employ tit-for-tat (after briefly explaining why message retention is so important) by saying that the ability to retain and use the message to provide better quality service, now, and in the future is a condition of receiving tech support via e-mail. (Whether or not that's a genuinely valid argument I'll leave for another time. There's an awful lot of ingrained "we need to save everything" habits we're up against here. Just look at the NSA!) Doing it this way clearly defines and negotiates the "what" and "why" in an interaction. Something that is too often assumed - or decided unilaterally.

Most people (from my experience) are quite reasonable when given good reasons. The key factor here is "good reasons" rather than the more common and rather obnoxious: "I'm sorry you feel that way, but that's OUR policy!" sort of response we receive far too often. (note: while "Because I said so!" may be an appropriate response to a petulant child, it's a demeaning and insulting thing to say to the average adult. One way to reduce childish behavior is to stop treating adults like they're children. And to also stop acting like children ourselves.)

This sort of courtesy and rapid negotiation leaves both sides in control of how they want to handle their interaction. No different than how we do things F2F dozens of times a day. Why should e-mail or texting be any different? (note: This may also help reduce some of those Jekyl/Hyde behaviors some people display when communicating electronically.)

Opt-in plus tit-for-tat. It's a wonderful thing. Add in courtesy and we're setting the stage for a new Golden Age of e-communication. ;D :Thmbsup:

40hz:
Opt-in combined with a non-confrontational and measured tit-for-tat game strategy! It's a very powerful and attractive concept once you start thinking along those lines. 8)
-40hz (December 22, 2014, 05:32 PM)
--- End quote ---

All very good points. I'm assuming also that since media connects to an unknown resource, it would be media unfriendly? And what about attachments and such?
-wraith808 (December 22, 2014, 09:33 PM)
--- End quote ---

Haven't a clue at this point. Anybody out there care to suggest something?

Innuendo:
Text messaging is just as insecure though, and ultimately no communications of that type is ever going to be secure because you can always compromise the device or compromise the server processing that information in order to see it anyway. -SeraphimLabs (December 22, 2014, 07:59 AM)
--- End quote ---

Just to clarify the point I was trying to make....Yes, text messaging is just as insecure, if not more so. The general public at large does not care about privacy or security on any large scale at all. I could detail a laundry list of thing that people do every single day without giving a second thought to the security and privacy they are giving up.

People don't care until something happens that personally affects them in an adverse way.

Navigation

[0] Message Index

[*] Previous page

Go to full version