[AccessD] Was thinking about swithing back to Outooke vut these nsssages are scaring me off

James Button jamesbutton at blueyonder.co.uk
Wed Jan 5 14:34:27 CST 2022

Basic situation -

You have emails sent to you at a gmail address stored on the Gmail servers.
An email sent to a Microsoft address would be stored on their server.

When you login to any of those servers using their access app from within a browser they can (well have to) note your id and the device id, and the device connection (IP) address.
As you would be using a browser then there will be cookies to go on your device.
As you will connect to the server using their app under your account then they can aggregate your id and usage details. 

As the emails will be on their server, then they can (well will have to) take the data from the email header as it gets to them in order to segregate it from mail for all their other clients.
and similarly  use the id details on any email you send, as well as the source device details to determine if your ID is not blocked, and if not, then where the message is to go to. 

They will also have the chance to analyse the content - as will all the store and forward  transmission facilitating devices in the path from your device to the receiving person's device.

If you have the emails sent to a hosted website ( e.g. on a GoDaddy server) then  they will also be able to view the content as they identify the website  that the message is to go to, and then as you access the website, or it forwards the incoming messages.

So - unless the message is well encrypted it is accessible to those hosting the website, or the email server, and the many others associated with the message transfer.
And that will include any organisation providing storage  for the email server.

The popular media - films etc.   show/report  the use of drafts held on a server being accessed by many people using an/the authorised userid  of that email id  to avoid having the email transmitted as an entity with source and destination id's  - but to view the email  there has to be a logon (via a browser type facility) to access it on the server where it has been placed  - so system ID, IP and the associated location can be noted too - along with the message as it is passed to the browser app from the storage facility.

So - with 256 bit encryption now not strong enough to avoid swift decrypting using brute force - and so - probably the encryption keys for that user's data 
the sort of technique needed would be imbedding in something like an image -
take a high-res image  and pass it to the intended associates  by slow mail 
now both parties have a decoding/encoding facility - say a high-res TV image - 24 bits (3 bytes) of colour code per pixel, and 1920 x 4 x 1080x4 pixels 
have a facility that manipulates the message into individual bits  - and merge those bits with the  picture 
so the colour of some pixels is minutely different to the original
send that image to the associate  who’s device has an app to compare the images, and note the differences - 
then manipulate those differences to present a 'decoded ' message 
And did anyone say the message had to be in any of the text code sets a PC uses
Indeed does it have to be the complete message - could just be a physical part of the message - say 1 line of dots on a printed page with the others I other picture images.

So - how much effort are you willing to put into keeping your messages secret - or secured.

A major start is a set of VPN's and websites for receiving the messages - and then passing them on using another VPN  and that from a different country

And remembering that the X at the top corner of a window does not kill an app session, it just gets the app notified that the user wants it to end - and preferably without installing some key recording software  along with a facility to report on sites visited along with the system id, and passwords and app used. 

Also  remember that a VM as a sandbox is only as secure as the hosting OS  and the hardware and the generated VM environment.

Basically - just accept that your digital communications are likely to be recorded and analysed - if not in real-time  then with more concern as the viewing of the communicated message becomes more difficult.


> I think everyone is tracking everyone else. Don't think there's much
> difference with providers.
> Martin

More information about the AccessD mailing list