How Secure is Your Gmail, Hotmail, YahooMail?

I just finished an interview with Esquire magazine about the security of webmail applications like Gmail, Windows Live Hotmail and YahooMail. Rebecca Joy, who interviewed me on behalf of Esquire, wanted to know in the wake of the Rupert Murdoch phone-hacking scandal, how secure our photos and messages are when we choose to use free webmail programs.

The simple answer? Not very secure. Just ask Vanessa Hudgens (nude photos), Sarah Palin (complete takeover of her email account) and the scores of celebrities and power figures who have been victimized by email hacking.

Think of using webmail (or any web-based software, including Facebook, Twitter, Google Docs, etc.) as checking into a hotel room. Unlike a house, where you have tighter control over your possessions, the same is not true of a hotel. While you definitely own the items you bring into a hotel room (laptop, smartphone, wallet, passport, client files), you don’t have nearly as much control as to how they are accessed (maids, managers, social engineers who know how to gain access to your room). In short, by using webmail to communicate, you are exchanging convenience for control.

Here are the five most common ways you lose control:

  1. The password on your email account is easy to guess (less than 13 characters, fail to use alpha-numeric-symbol-upper-lower-case, don’t change it often) and someone easily hacks into your webmail account, giving them access to your mail, photos, contacts, etc.
  2. Someone inside of the webmail company is given a huge incentive to leak your private information (tabloids that want access to a celebrity’s photos and are willing to pay hundreds of thousands for it).
  3. You populate your password reminder questions (What high school did you go to?) with the correct answers instead of using an answer that is not easily found on your Facebook, LinkedIn or profile.
  4. You fail to log out of your webmail while on a public computer (hotel business center, school, library, acquaintances house), allowing them to log back in to your email account using the autosaved username and password (which by default tends to stay on a system for up to two weeks).
  5. You continue to deny the fact that when you store your information in places that you don’t own, you have very little actual control.

If you are sending sensitive information of any sort (text, photos, identity, videos or otherwise), don’t use webmail or social networking to send it. Use a mail program that resides on your own computer and encrypt the sensitive contents using a program like PGP. That gives you a much stronger form of protection than ignorantly exposing your information for all to see.

John Sileo is the award winning author of Privacy Means Profit and a professional speaker on data security, privacy, identity theft and social networking exposure.


Facebook Email: Putting Every Last Egg in One Basket

Facebook wants a piece of every social interaction you have, which is why they are poised to offer you a free email account, just like Gmail or Hotmail.

Facebook’s newest features (email and eventually a built-in search engine) are aimed at making their website your one-stop shop for all things internet. Rumor has it that at 10:30am PT, Facebook will offer their existing users email addresses. And millions of existing users will take them up on their offer because it will be cool to have a Facebook email account and because we are all in short supply of email accounts to check 24/7. Other sources are saying that Facebook will soon be offering a search engine as well.

As of December 2009, Gmail had over 1.8 million monthly users. Facebook currently has more than 500 million active users – even if a fraction of them use Facebook’s webmail in place of Gmail, it will significantly decrease Google’s hold on the industry. And Hotmails, and Yahoo’s. Why check 3 sources of information (mail, social networking, search) when you can simply check one?

For starters, you are putting all of your data eggs in one basket. Not only will Facebook control your profile (full of personally identifying information), your updates (that let them know what you are up to – if you think that this can’t be digitally scanned and analyzed, think again), your current location (thanks to Places), your photos, videos, friends and groups (I never knew you were a closet Democrat!), now they will be overseeing your email content (yes, they will reserve the right to scan your emails and advertise to you and those whom you email based on that content) and your search engine keywords (if they do add a search engine function and you type in depression medication, Facebook and all of their partners now know that you have a higher chance of being depressive).

All of which means that Facebook is increasingly becoming a One-Stop Shop for Marketing Data Miners, Identity Thieves, Stalkers, Vengeance Seekers, Cyber Bullies, and of course, friends.

Let me ask you a question? Would you put every last penny you have in one investment? Would you eliminate all of your friends except your very closest one? Would you share everything about yourself to only a single individual? Probably not. The wise among us know how critically important it is to diversify a portfolio, to surround ourselves with many good people, not just one, to compartmentalize information so that no one person, no single company knows everything about us.

But Facebook is doing exactly that – collecting every gram of our personal information, social and otherwise, so that it can be aggregated, analyzed and sold. And the fault is still partially ours, because we will take them up on their free email.

And you probably won’t even have to do anything to sign up, BECAUSE FACEBOOK WILL SIGN YOU UP BY DEFAULT, just like they do with everything else. Whether you want it or not, you will now have a Facebook email address that is automatically populated with the Facebook email addresses of all of your friends (because they know who your friends are and know their email addresses already). It will be like Google Buzz all over again, but we will overlook it, because we are so damned interested in what our high school girlfriend is doing these days that we forget to pay attention to something that counts.

It is being speculated that Facebook Email will offer such things as photo slideshows, a better conversation thread, integrated contact bios, and contact groups. Apparently other email moguls are worried as well. AOL introduced their new webmail interface this morning to try to combat Facebook’s big announcement. We won’t have to wait long!

While Facebook is making their announcement, John Sileo is delivering a speech on Social Networking Safety for the Department of Defense. To help your organization anticipate Facebook fallout and other forms of social networking over exposure, contact him directly on 800-258-8076.