Pgp

All the traffic coming off your phone, if unencrypted, is clear for the telco to see. With the advent of sniffing using RF or IP based solutions it is becoming increasingly easy to intercept email traffic. Toss in the mobile, on-the-go world and we are stuck with soft targets. For corporate folks there are certificates, but that isn’t a solution generally trusted for home users. Root CA are easy to compromise with the “everything goes” Microsoft and Linux root updates. Enter PGP/GPG which allows you to take out the middle man (although you can still use a key server if you choose) and validate the keys yourself. The “what if” can still be an issue, but overall for personal communications I find it the most secure method. With Android being a more open platform there exists solutions for sending secure emails on-the-go. First lets get some software installed on your phone. All of these are found in the Google Android Market or from the links provided: ...

Rakkhi posted a great Lessons Learned on implementing email encryption: http://rakkhi.blogspot.com/2010/08/implementing-email-encryption-lessons.html The post got me thinking because I struggle dealing with subcontractors getting encryption. I refuse to send sensitive or even somewhat sensitive data over unencrypted links, but find that small (and even midsize companies) do not have the resources to implement. In a bind I have trained them on installing GnuPG and doing trusted exchanges, but the same pitfalls occur. ...