ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Hotmail exodus: to where?

e-mail privacy

   10 ways to avoid password headaches

   Message Boards:
   Online privacy
   How do you define a hacker?

   Sign up for the Computer Connection email service

   For more computing stories

By Robin Lloyd
CNN Interactive Senior Writer

September 1, 1999
Web posted at: 5:13 p.m. EDT (2113 GMT)

In this story:

Encrypted, 'shreddable' e-mail

This headline will self-destruct in 10 seconds

Pseudonyms and encryption


(CNN) -- Several computer security experts have said it more this week than ever: abandon Hotmail.

The question is for what?

Besides switching to an Internet Service Provider which could pry into your mailbox or also have a security hole like that which came to light this week with Microsoft's free Web-based service, there are a few options for those seeking e-mail security.

Shop carefully -- not every alternative is free, Web-based and therefore location independent. And some provide more security than the average user needs.

But to keep our words from making headlines or costing millions in litigation, we may have to change our concept of what an e-mail service should cost and offer.

Encrypted, 'shreddable' e-mail

A Silicon Valley start-up called provides Web-based e-mail that allows users to scramble and lock e-mail messages they send, have them unlocked by only their intended target at the other end via a shared password and effectively shredded after they are read.

ZipLip encrypts messages during transit and at the storage point, something not offered by the leaders in free Web-based e-mail -- Hotmail, Yahoo! and Netcenter.

"Even if a hacker were to enter our Web site, it wouldn't do him much good," said Kon Leong,'s president. "It would take probably a supercomputer from Cray many years to hack a single message." has been available for two months and currently is used by thousands of people daily in 30 countries, Leong said. Its profile is a bit higher in California due to radio spots airing there featuring Star Trek's James (Scotty) Doohan.

The service is basically encrypted Hotmail, said Steve Chan, a ZipLip developer. "This is the way it should be done," Chan said.

Encryption is the inevitable way to go for the current killer app on the Web, Leong said, yet industry leaders are dragging their feet.

Implementing encrypted e-mail for users isn't rocket science, he said, since the level of encryption required for business and personal use needn't match the high standards of the CIA or National Security Agency.

This headline will self-destruct in 10 seconds

Another e-mail encryption approach comes with London-based Global Market's 1on1 software which relies on 2,048-bit private and public key encryption to deliver e-mail messages and destroy them.

The program decrypts messages when opened and can "shred" or delete and overwrite them if you want after a set period of time so they cannot be undeleted.

The catch is that the sender and recipient must use the 1on1 software - a free version is available -- for the process to work, and it relies on users downloading software to their computers. So the product is not Web-based and therefore can only be used on computers where the software is installed.

That brings up the issue of trusting the author of that software and that is the issue that brought Hotmail down Monday -- a security hole left behind by CGI coders.

Pseudonyms and encryption

Another software solution will come in November with Zero-Knowledge Systems' encryption and server bouncing approach, also invulnerable to the security hole that brought Hotmail down Monday.

Zero-Knowledge's Freedom, which provides pseudonyms for secure Web-browsing and e-mail, is audited line-by-line by Bruce Schneier, author of Applied Cryptography, to ensure that there are no back doors left open.

The approach provides more security than but probably more than the general user needs.

These e-mails could be cracked -- with a supercomputer running for years, said Zero-Knowledge's President Austin Hill.

He argues against intimate Web-based communication in general.

"The Web was never built for privacy and security," Hill said. For instance, Microsoft's recent release of its Passport product, which gives Hotmail users a single login for all Microsoft services, is a bad idea, he said.

"Anyone who broke through their security system can assume my identity and do things like change my password, see my appointments and get a list of my friends," he said.

If free is what you want, Zero-Knowledge is a close approximation. It's modestly priced at $10 a pseudonym, starting with a 5-name option at $50. The software, which must be operating on every computer where you wish to use your pseudonyms, is free. Zero-Knowledge currently is releasing beta versions for free. is a free Web-based application that cloaks the identity of e-mail. It is not designed for massive e-mailing between friends and business partners, though.

But if you're looking for protection from nosy governments, and Zero-Knowledge's Freedom may be the ticket.

Insurgency on the Internet

Expert: Hotmail hole likely started in Sweden
August 31, 1999
Status of Hotmail privacy unclear
August 30, 1999
E-commerce encryption now vulnerable?
August 30, 1999
Total digital privacy may be on the horizon
August 18, 1999
Hackers, IT consultants embrace free security tool
August 13, 1999
Microsoft says "crack this!"
August 6, 1999
Officials warn of 'electronic sanctuary' for criminals
July 14, 1999

Zero-Knowledge Systems
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.