cardsnax.blogg.se - Hosted secure email solutions for gmail

It all boils down to what the client is ready to install when asked by your friend.Īlthough I dont agree with Luxsci (an email encryption provider) TLS is all thats required for the level of encryption for HIPAA compliance. Newer Zip archivers (WinZip 9.0 and later, at least) use AES, which is much stronger. Older Zip implementations used a weak custom stream cipher (actually a good example of why homemade designs should be avoided). To some extent, PGP emails can be handled externally by transferring them with copy&paste (the normal format for PGP emails is "ASCII-armor" which is meant to be transferrable as plain text).įor one-shot communications, consider Zip archives with a password (password is exchanged over the phone). Note that most webmails are incompatible with either S/MIME or PGP: Outlook Web App can do S/MIME with a specific ActiveX control on the client system - Windows/IE only, of course - but most other webmail systems cannot. PGP usually requires add-ons, but tends to be simpler to use. The classic products are S/MIME and PGP the former is supported by mainstream email applications directly, but involves X.509 certificates, which can be a hassle to setup. To get better than gmail, you need end-to-end encryption. This implies, at least in a theoretical way, that data from your emails necessarily flows out of Gmail servers, towards advertisers. But, ultimately, someone you trust is someone who has the power to betray you.Īlso, Google is known to scan gmail users' emails, so that it can work out targeted ads to display to the users.

In the paragraph above, it means that Google does not voluntarily discloses the email contents, and also that they do a good job of protecting their servers (you trust them to be honest, and you trust them to be competent). So, as long as you trust Google, that's fine. all data transfers between a user's machine and gmail are over HTTPS, and if both sender and receiver use gmail, the email never leaves Google's machines. If both your friend and his clients use gmail, then security is not that bad.