Chitti Aayi Hai

Any technology needs some application that can change your life before it becomes wildly popular -- a "killer app", in the jargon. Before you dismiss this statement as hype, consider: the PC never really took off before spreadsheets came out (specifically, Lotus 1-2-3).

The internet has not one but TWO killer apps: e-mail and the World Wide Web. And notwithstanding the popularity of the web and the fact that it gives you the opportunity to see Pamela Anderson or Pooja Bhatt up close and personal, it is e-mail that is the real workhorse on the net.

Today, we shall look at a combination of the two: e-mail, e-mail using the web, and how to keep your mail as secure as possible...

here comes the mail again

With a regular email account, such as the one provided by VSNL, one would either access it through the shell, or using a mail client such as Eudora. The advice we provide should be equally applicable to both regular and web-based email accounts such as hotmail.

The difference between web-based email services and regular email is precisely the fact that you can access your ail using the web. That simple statement has deep implications. That means that you have all the advantages of the web - worldwide ubiquity, statelessness (your data is all on the server itself, so you can access your mail, at the point where you last left it, from a web terminal anywherer in the world) combined with all the convenience of email.

But just how private is your mail ? Not very. Not by default, at least. We'll look at some practises to maximise your privacy in this piece.

Did you know that your mail can theoretically be read by several people before it reaches you ? It's true. Due to the design of the internet itself, e-mail travels from the sender to the receiver by means of a series of "hops" - from server to server. And at each of those servers, anybody with root, or administrator level access can read all mail passing through that server.

Apart from this, people might crack your password, and not only read your mail, but impersonate you as well. This could have unpleasant consequences.

So what do you do about it ?

The basic precautions

  1. Your password is the key to your account. DO NOT LET ANYBODY HAVE IT. ALso, do not choose a password that is easy to guess. Use a mixture of upper and lower case letters, and numbers - something like WirfjT109 would be fine.
  2. Download and learn to use cryptographic programs like PGP, available at This has interfaces to various popular email programs such as Eudora, so that you can use it directly from within your mailer. Even if your mailer is not supported, you can still use PGP from the clipboard.
  3. If you are checking your mail using a web based mailer like hotmail, be sure to click the button that says "log out" when you are finished. This is even more important if you are checking from a public terminal such as from a cybercafe.
  4. Also, be sure to clear the browser's cache, or close the browser after you finish, to avoid the next person being able to read what you've written.
  5. This might sound silly - but I recommend you do not type in your password when somebody is looking over your shoulder. Wait until they leave, and then log in.

If you follow these precautions, your email experience should be a lot more secure. Happy conversations!

Sidebar: The Corporate User
The corporate user of e-mail has some unique characteristics, in addition to all the issues mentioned earlier. Firstly, the computer being used, and the e-mail account itself, are provided by the company. Thus, the company is in a position to demand, and enforce, some control over how the email is used. What implications does this have for your privacy ?

Let's start with internal email used within a company, such as cc:mail, Microsoft mail, etc. These programs, in addition to all the caveats mentioned earlier, can be configured to let a supervisor access your email to determine if it is appropriate. The bottom line here is, DO NOT USE YOUR CORPORATE ACCOUNT FOR PERSONAL E-MAIL. Do you really want your boss or your system administrator to know what your friends in Pasadena say to you ? Especially if its a hot new job opportunity ? If you do not have access to any other form of e-mail, then send/read it, and delete it. Which brings me to the next issue...

There's another problem at work in a corporate environment. Often, more than one person physically has access to the same computer. So, other people might be able to read your mail. You can get around this by deleting personal mail, and password protecting your mailbox; but did you know that "deleting" a piece of mail usually does not really remove the mail itself ? It might be sitting in the trashcan, or whatever is the equivalent in your mail program. Be sure to compact your mailboxes and empty the trashcan as you exit.

To remove stray traces of your deleted mail (or at least jumble them beyond recognition) try running a disk defragmenter every week after you exit the mail program.

Udhay Shankar N <> is a Random Networking Enthusiast who collects interesting people.