I have been catching up on enjoyment reading recently. I recently read a few Cory Doctorow (I used the non-secure site as the link as it renders better) books and saw the line between reality and fiction blurring. I know that much of this interweaving is on purpose, but it got me thinking about a few things. The tipping point came a few days later though, when I got a call soliciting about refinancing the house.
The interesting thing was that the call came from a mobile/cellular telephone. This person called and indicated that they were with my bank and asked me if I was interested in refinancing. That immediately set off warning bells, so I said no thank you. I also called my bank and spoke to “my banker” and asked her about the call. She said that it is a legitimate program but agreed that someone should not be calling from their cell phone for such a thing. She asked if I was interested in refinancing and that she would have their local person get in touch since I was.
My banker knows that at times e-mail is easier for less pressing items, so she introduced the two of us via e-mail. Just contact information, nothing identifying. Yes, she is prudent with security. That e-mail got me thinking a little more. Not just the fact that she knew to not send private data, but more how could I know if the people I was e-mailing with are actually who they say they are.
I have been aware of Public-Key Cryptography for about two decades as I had used it for project transmittals in the 1990’s using PGP or Pretty Good Privacy. The idea is that it takes two keys to unlock a message, I create both. One that is private and one that is public. I distribute the public key to people I want to communicate securely with. People encrypt items to me using the public key, however I am the only one who can decrypt it. It also works in reverse, people can send me their public key and I can encrypt messages to them. The reason this can be powerful is that not only is the message encrypted, it also allows the users to verify the sender of the e-mail.
That is the important part for me, and the reason I am encouraging more people to encrypt their mail. It is not just for securing the contents, it is also for knowing that the sender truly is who they say they are. Think about how much that would cut down on phishing and other fraudulent e-mail scams. If I could verify that the sender was who they say their are. I know I would feel much safer if I received an e-mail from my banker that was signed with a Public Key.
I am using GPGTools as it integrates in my environment very easily as PGP has taken some interesting twists since I started using it. I simply installed the suite and voila it was functioning. I am also in the process of doing the same thing for files as well. The encryption on the files is as much to verify that it came from me, as it is to protect the files when I store them in the “cloud”. So if you get an e-mail from me, which you might after all the messenger options, don’t be surprised if it is signed. My public key identifier is C93A52C6. You can download my public key from https://www.bradfordbenn.com/BradfordBenn-C93A52C6.asc