October 2006, Week 4 -- No Peeking

   If those execs at Hewlett Packard had only paid $5 a month for self-destructing e-mails, they wouldn't be in the mess they're in now. And that goes double for Congressman Mark Foley.

   What's really amazing is the apparently widespread belief that once you send someone an e-mail it somehow disappears into the ether, never to be seen again. Believe us, the truth is out there, and it's recoverable. Since e-mail embarrassment seems to be a never-ending story, we decided to do a security column. This is it.

   The secure e-mail service that started this little chit-chat is from Echoworx.com. For $5 a month you get encrypted e-mail that no one but you and the recipient can read. When you want to send a secure e-mail, a box pops up asking you, the sender, to provide a question the recipient must answer. That answer is the code word to unlock the e-mail. It should be a question that the recipient can easily answer. (The recipient does not have to be signed up with Echoworx, by the way.)

   The argument behind a code word generated from a question is that both the sender and recipient of encoded e-mails are usually known to each other, or share some knowledge in common. The question could be about a shared interest in sports, or a company's products, but you get the idea. It would be a question the recipient could likely answer, but would send anyone else on a long guessing game. The recipient could acknowledge your message with an ordinary return e-mail, like "Got it" or "Thanks," and that return email is automatically encrypted too. An encrypted conversation can continue back and forth forever. Either you or they can click "verify" at any point to make sure who sent it. After 30 days the encrypted e-mail self-destructs. No, there's no accompanying theme music.

   Echoworx.com does not sell this service directly but through some phone companies, like AT&T, Verizon, USA-Net and a few others. You don't have to be a customer of one of those companies to get the Echoworx service, they will simply sell it to you. But you do need to use Microsoft Outlook or Outlook Express, with more e-mail services to be added later.

   There are other encryption programs and you can find several at Download.com; we wrote about some of them many years ago. But what's nice about Echoworx was that it's real easy. And $5 a month is pretty cheap for secure self-destructing e-mail.

The High Security Thumb

   We're planning to leave our laptop behind when we next go out of town; we'll take a secure flash drive instead. They're about the size of your thumb.

   Make that two thumbs, because we're going to use two flash drives. One will have our portable applications, like a word processor, Web browser, spyware removal tools, photo editing, file shredder and Anonymizer. The other will be a new one we just got called "ID Vault."

   The ID Vault is for signing on to Web sites. Every time you go to a site, a message pops up asking if you want this site to be protected. If you do, you enter your login name and your password. Those are stored in the thumb drive and only relate to that Web site. You can save up to 40 user names and passwords.

   Access to those Web sites is only possible by entering the proper PIN code you set up for the ID Vault itself. Even if you lose the little drive, no one else can use it without your PIN. Anyone who tries to hack this PIN code can only make three attempts before being locked out permanently by a "smart chip" that will permit no further access.

   One of the neat security features on this device is that user names and passwords are not entered through a keypad. A picture of a standard "Qwerty" keyboard appears on the screen and you select the letters by clicking them with the mouse. So if someone has placed "key logger" spyware on your or any other computer, there will be no keys to log.

   ID Vault costs $50 from IDvault.com, plus a $20 a year subscription; the first year is free. Of course this raises the question of why you would need any subscription, because the ID Vault would already have your passwords stored. The company says they have a database of thousands of brokerage and banking sites and test the ones you log into to make sure they are indeed the real sites and not copycats created by so-called "identity phishers." Many people are unaware that it is not difficult to create a Web page that looks exactly like a legitimate site, but collects the information you enter and sends it to someone trying to steal your identity.

The Invisible Web Browser

   "Anonymizer" has been around for a couple of years but recently created a subset that creates extra e-mail accounts. What the software does is create fake e-mail addresses. Web sites that collect e-mail addresses so they can later send out spam, will find they have collected a very disposable address.

   The new program is called "Anonymizer Nyms" and is purchased by subscription for $20 a year from Anonymizer.com. You can create up to one thousand disposable e-mail addresses. You can also create guest "Nyms" for friends and colleagues so they can try it out for free.

   The software can create the fake e-mail names for you, or you can amuse yourself by creating some of your own -- whogoesthere@nyms.net. All of the addresses will end with "nyms.net." Whatever fake address is created, it is linked to your real e-mail address. That's because sometimes you may want to hear offers or replies from a site. Should you find you're getting spam from that link instead of news you want, simply delete the fake address link and that will be the end of that.

You can e-mail Bob Schwabach at bobschwab@aol.com and Joy Schwabach at joydee@oncomp.com.