Please keep in mind that everything sent to the CamSAW email list is being publicly distributed, and that the list archives themselves are public and kept on an unsecured corporate server. A friend of mine just looked at the CamSAW site and was quite pleased to read things like:
and
In addition, activists should realize that all internet information transmissions are encoded in plain text and are inherently insecure - anyone with access to network infrastructure can capture your "private" email, sniff your passwords, see who you are chatting with, what websites you are viewing, the video you watched last week, etc. As past movements have found out, this sort of intelligence information is routinely used by various agencies to do all sorts of bad stuff, as you can see in this transcript of "liberated" FBI documents from the '60s. If you have a few minutes to spare, please take the time to educate yourself about some common-sense steps to minimize trouble (scroll to the bottom of the page for some ideas in this regard). An excellent overview of activist communications security, covering everything from web surfing to remote computer logins to email, can be found at security.tao.ca.
Once you've glance through at least part of that, check out a few software packages that can help with keeping your communications somewhat secure. Keep in mind that no system is hack-proof, and that if someone really wants to listen in on your internet life, there are always ways to do so. Never discuss anything electronically that you wouldn't want your mother to find out about.
An encrypted Jabber chat application can be downloaded from the Rhymbox web site. It's an instant messenger (IM) system similar to MSN Messenger, ICQ, AIM, etc. Happily, it has a few advantages over these other systems. First, the communications standard it uses is Free Software, meaning that it is both ideologically righteous and more secure than corporate, proprietary systems. Secondly, it features something called SSL encryption, the same kind of encryption used by banks, credit card companies, etc., to keep data transfers safe from prying eyes.
Follow the instructions on the download page to install the software; email the list if you have trouble and someone will help you out. You'll be asked to register an account by the software when it first fires up; pick a decent password, which means a long non-dictionary word with an unpredictable combination of upper and lower case letters, and some numbers thrown in as well. Don't use your sweetheart's name, or your birthday, or the name of your favourite poet.
Once you have the software installed, enable the SSL encryption features of the software by going to "Settings -- > Connections" and making sure the SSL button has a checkmark beside it. It would probably be a good practice, when you are chatting with people, to periodically check that the encryption features are, in fact, enabled, especially when joining a group chat - if five people in a group chat room are using encryption, and one person is not, all of the information sent by the five secure people can simply be captured by monitoring the data stream of the sixth, insecure, person. Once you enable the SSL feature, you may want to consider changing the password you used when you registered with the server, which could have been compromised as it was sent over the network in plain text.
In order to be able to chat with other people, you'll need to get their Jabber addresses - these look a lot like email addresses (i.e., hamster5@jabber.org or sammy@rhymbox.com), but they're not. Click "add user" and fill out a form to add a friend to your contact list. When you hit submit, your friend will receive a message asking if it's OK for you to add them to your contact list, see when they're online, etc. Although email may be fine for exchanging this info, a special technique called a phone call may in fact be the most efficient way of doing things.
Join group chats by clicking on the "Groups" button and selecting the group you'd like to join. You can create a new group or join one that already exists. I suspect that something like a "camsaw discuss" group, a "camsaw plan" group, etc., could be set up, and might take considerable traffic off the current CamSAW email lists, especially for the more compulsive among us.
Note: another installation guide explaining the use of Gnu Privacy Guard's proprietary email encryption equivalent, Pretty Good Privacy (PGP), can be found here. It's probably better than this page, and is worth a read as it is much more comprehensive.
There are a variety of programs that you can use to encrypt information with a passphrase, so that it becomes impossible for anyone who doesn't know that phrase to access your data - this can include files on your hard drive, or email that you send over the internet. The Free Software choice for your email encryption needs is Gnu Privacy Guard (GPG). As it conveniently states in the GPG manual,
GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate.
Basically, there's a lot of fancy math being done that allows you to send info to a friend securely. You have to get your friend's public key, and use your private key to encrypt the info so that only your friend's private key can unlock the message. This process can be easily handled by the various email programs listed below. Besides allowing you to encrypt your information, GPG also allows you to generate digital signatures so that it is possible to verify the identities of the sender and recipient of a document. Remember to always keep your private key secure - no one else should ever be given access to a copy of the private key file that you generate.
Don't be scared off by all of the above (or all of the below). It's actually just a matter of downloading some stuff,
Windows users can get GPG easily installed using the WinPT package. Click on one of the links to download the software (probably the mirror in Belgium is closest to Cambridge). Just double-click on the installer and follow the instructions. This package will take care of GPG installation, key generation, etc.
Pick a good password, and never tell it to anyone. This is theoretically the most important password on your entire computer, because it is supposed to be used as the lynchpin of a system that claims to uniquely identify you.
MS Outlook - many people are probably using MS Outlook as their mail client. This is a highly insecure program that is probably the number one cause of computer virus infections in the world. The WinPT software above will automatically take care of plug-in installation for Outlook.
Mozilla - if you have a computer system with some horsepower, Mozilla is a good Free Software web browser/mail client. There is a GPG plug-in available; you can get the latest stable release of Mozilla from here. Once you've got Mozilla installed, you can download the Enigmail plug-in to enable GPG in the email program (make sure that you installed WinPT first!). Go to this page using Mozilla, and click on the "install" button to install Enigmail's sweet encryption goodness. Mozilla mail is quite handy because a friend can simply email you his/her public key and Enigmail will grab it from the email automatically and let you use it.
Mulberry - a large part of the Cambridge university community is inexplicably tied to the Mulberry email client. There is a download of the Mulberry interface to Gnu Privacy Guard available. Again, you'll need to do the WinPT install first.
Other email programs - a list of other clients can be found here.GNU/Linux
There are Jabber IM and email encryption facilities for Linux - most free software, of course, is coded on Linux. The ever-popular Mozilla, once again, is the email encryption app of choice for those Linux users who don't spend 100% of their time maintaining their computer's X11 subsystems.
MacOS
Jabber IM is available, you can always use Mozilla, and there are also Mac GPG plug-ins for Apple Mail and Entourage. Good MacOS instructions for installing GPG can be found here.
Little can be done to secure webmail accounts. One of the major problems with these accounts is that, like other information, all passwords are sent in plain text - that is, despite the fact that your password is obscured when you type it into the box on the screen, it is sent unencrypted over the network. About the only thing that can be done if you must use webmail is to use a service that supports secure (https) connections using SSL, so that your password and the contents of your mail cannot be easily captured as they travel across the network. Hotmail, Yahoo!, etc., do not support this. One free account provider that does provide encrypted sessions, a nice webmail interface, and a decent (10mb) amount of email storage is Fastmail.
Please note that it's impossible to tell how secure your mail is on any webmail server, except ones like mutual aid, rise up!, or tao, where it's possible to state with some assurance that the server admins in question are decent and upstanding individuals despite the bad press they may receive when they get together in large groups. Any webmail system, and any email system where the server admin is an unknown person, is basically insecure, because unless it's stored in an encrypted format such as GPG, your email is sitting on the server as plain text.