I just finished an interview with Esquire magazine about the security of webmail applications like Gmail, Windows Live Hotmail and YahooMail. Rebecca Joy, who interviewed me on behalf of Esquire, wanted to know in the wake of the Rupert Murdoch phone-hacking scandal, how secure our photos and messages are when we choose to use free webmail programs.
The simple answer? Not very secure. Just ask Vanessa Hudgens (nude photos), Sarah Palin (complete takeover of her email account) and the scores of celebrities and power figures who have been victimized by email hacking.
Think of using webmail (or any web-based software, including Facebook, Twitter, Google Docs, etc.) as checking into a hotel room. Unlike a house, where you have tighter control over your possessions, the same is not true of a hotel. While you definitely own the items you bring into a hotel room (laptop, smartphone, wallet, passport, client files), you don’t have nearly as much control as to how they are accessed (maids, managers, social engineers who know how to gain access to your room). In short, by using webmail to communicate, you are exchanging convenience for control.
Here are the five most common ways you lose control:
- The password on your email account is easy to guess (less than 13 characters, fail to use alpha-numeric-symbol-upper-lower-case, don’t change it often) and someone easily hacks into your webmail account, giving them access to your mail, photos, contacts, etc.
- Someone inside of the webmail company is given a huge incentive to leak your private information (tabloids that want access to a celebrity’s photos and are willing to pay hundreds of thousands for it).
- You populate your password reminder questions (What high school did you go to?) with the correct answers instead of using an answer that is not easily found on your Facebook, LinkedIn or Classmates.com profile.
- You fail to log out of your webmail while on a public computer (hotel business center, school, library, acquaintances house), allowing them to log back in to your email account using the autosaved username and password (which by default tends to stay on a system for up to two weeks).
- You continue to deny the fact that when you store your information in places that you don’t own, you have very little actual control.
If you are sending sensitive information of any sort (text, photos, identity, videos or otherwise), don’t use webmail or social networking to send it. Use a mail program that resides on your own computer and encrypt the sensitive contents using a program like PGP. That gives you a much stronger form of protection than ignorantly exposing your information for all to see.
John Sileo is the award winning author of Privacy Means Profit and a professional speaker on data security, privacy, identity theft and social networking exposure.