๐Ÿ”’ Cybersecurity for lawyers

User Tools

Site Tools

Trace:
email_alternatives

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email_alternatives [2019/08/25 09:12] โ€“ neilemail_alternatives [2021/07/29 14:29] (current) โ€“ neil
Line 4: Line 4:
   * [[#Email is probably not the most secure choice, so consider alternatives|Email is probably not the most secure choice, so consider alternatives]]   * [[#Email is probably not the most secure choice, so consider alternatives|Email is probably not the most secure choice, so consider alternatives]]
   * [[#Consider a client portal|Consider a client portal]]   * [[#Consider a client portal|Consider a client portal]]
 +  * [[#End-to-end encryption may not protect you from a compromised device|End-to-end encryption may not protect you from a compromised device]]
   * [[#Instant message or SMS-like apps|Instant message or SMS-like apps]]   * [[#Instant message or SMS-like apps|Instant message or SMS-like apps]]
 +    * [[#Matrix / Element (used to be called Riot.im)|Matrix / Element (used to be called Riot.im)]]
     * [[#Signal|Signal]]     * [[#Signal|Signal]]
     * [[#WhatsApp|WhatsApp]]     * [[#WhatsApp|WhatsApp]]
Line 37: Line 39:
  
 As with any software, if you do make use of a practice management system and a client portal, make sure you, and your clients, [[cloud#ensure_you_cannot_be_locked_in|have a convenient way of getting your and their data out of the portal]] and onto some other system, in case you want to move away from it.  As with any software, if you do make use of a practice management system and a client portal, make sure you, and your clients, [[cloud#ensure_you_cannot_be_locked_in|have a convenient way of getting your and their data out of the portal]] and onto some other system, in case you want to move away from it. 
 +
 +====End-to-end encryption may not protect you from a compromised device====
 +
 +End-to-end encryption is a method of securing communications, designed to mean that other the sender and recipient of the communication are capable of seeing the content of what has been sent. Someone in control of a network element carrying the communication may still see the existence of the communication, and the parties to it (i.e. the sender and the recipients) but, because they do not have the ability to decrypt the communication, they cannot see the content of what is being exchanged.
 +
 +This can be contrasted with the [[email#secure_the_connection_between_your_mail_server_and_the_mail_server_of_your_recipient|server-to-server]] encryption you're encouraged to set up on your mail server. This should prevent someone spying on network traffic from seeing the communications between your server and the sender's, but it does not protect you if someone has lawful access to, or has compromised, the sender's mailserver or your own mailserver.
 +
 +While end-to-end encryption protects against some infrastructure access or compromises, it does not necessarily guarantee protection in all situations. In particular, if the device on which you receive and decrypt the encrypted communication (e.g. your phone, or your computer) is compromised, the attacker may have access to the plain text (decrypted) communications content, because they are attacking it once the encryption has been removed. 
 +
 +> The implant also has access to the user's keychain, which contains passwords, as well as the databases of various end-to-end encrypted messaging apps, such as Telegram, WhatsApp, and iMessage, Beer's post continues. ([[https://www.vice.com/en_us/article/bjwne5/malicious-websites-hacked-iphones-for-years|Vice report on iOS vulnerability]].)
 +
 +End-to-end encryption remains valuable, but you need to [[securing_your_computer|protect the device you are using]] for those communications. For example, [[securing_your_computer#turn_on_disk_encryption|encrypting your computer's disk]] [[securing_your_computer#don_t_use_an_administrator_account|not using an account with administrative rights for your day-to-day activities]], and [[securing_your_devices#only_install_software_apps_from_trusted_sources|only installing software from trusted sources]].
  
 ====Instant message or SMS-like apps ==== ====Instant message or SMS-like apps ====
Line 43: Line 57:
  
 Unlike email, none of these are interoperable, meaning that, if you want to use one of them, the people you want to talk with need to use that service too. Conversely, if the people you speak with each prefer a different service, you may have to sign up to multiple services, so you can chat with each of them. Unlike email, none of these are interoperable, meaning that, if you want to use one of them, the people you want to talk with need to use that service too. Conversely, if the people you speak with each prefer a different service, you may have to sign up to multiple services, so you can chat with each of them.
 +
 +====Matrix / Element (used to be called Riot.im) ====
 +
 +[[https://www.matrix.org|Matrix]] offers a [[https://element.io|web interface]], as well as [[https://element.io/get-started|native applications (e.g. for macOS, iOS, and Android)]].
 +
 +It offers text-based chats between individuals and groups, as well as file transfer, and voice and video calls.
 +
 +It offers end-to-end encryption across devices, mobile phones and web interface, allowing for easy synchronisation of the encryption keys through QR codes or emoji. 
 +
 +You can run your own server, if you wish (a bit like email), or else you can sign up to someone else's server, such as the project's own matrix.org server.
 +
 +You do not need a phone number to sign up.
 +
  
 ====Signal=== ====Signal===
email_alternatives.1566724327.txt.gz ยท Last modified: 2021/07/06 09:26 (external edit)