Sending sensitive information via regular email is not secure. This is because email messages, by default, are not encrypted. Threat actors can get hold of your confidential data if they are able to intercept your emails. But with Mozilla Thunderbird, you can send encrypted messages without any worry about the threat of eavesdropping.

What is Thunderbird, how does Thunderbird email encryption work, and how can you enable it?

Mozilla Thunderbird is a free email client that allows you to customize your email experience easily. It is one of the best free email clients for desktop PCs and comes with many useful features, such as Smart Folders, Quick Filter Toolbar, Attachment Reminder, Phishing Protection, and Robust Privacy.

You can easily set up any email account on Mozilla Thunderbird. And with a rich library of add-ons, you can add extra features and styles.

Most importantly, the Thunderbird email client is open source. This means thousands of developers worldwide contribute ideas, designs, code, and much more to make it an excellent product.

The latest Thunderbird uses built-in OpenPGP encryption technology for encrypting messages.

The encryption technology is based on public key cryptography that requires you and the intended recipient to generate two mathematically related keys: a public key and a private key. To encrypt the email, you will need the intended recipient's public key. And the recipient will use their private key or secret key to decrypt the message.

Once you have downloaded the latest version of Thunderbird, set up your email account on Thunderbird.

Click on the cog icon on the bottom of the left sidebar to open the Settings menu of Thunderbird. Then, click on the Account Settings menu.

Click on the End-To-End Encryption tab from the left side menu to add your personal key. Then, click on the Add Key button.

You will be presented with two options: Create a new OpenPGP key and Import the existing OpenPGP key. If you have earlier created a personal key for this email account, import your existing OpenPGP key. And if you don't have OpenPGP key, select the Create a new OpenPGP key option and click on the Continue button. A new window will open that will allow you to choose key expiry duration and change advanced settings.

If you don't want your personal OpenPGP key to expire, select the Key does not expire radio button. You can change the key type and key size in the advanced section. By default, Thunderbird will select key type RSA and key size-3072, which is usually fine. However, ECC(Elliptic Curve) is more secure.

Click on the Generate key button to create OpenPGP key.

Once you have created your personal OpenPGP key, you are set to send an encrypted email to your intended recipient, provided that you have their public encryption key. Open the email compose window, and write down the recipient email id. If you don't have the intended recipient's public key, you will see a prompt in yellow color at the bottom of the compose window to resolve.

Click on the Resolve option to open the OpenPGP Key Assistant Window. If you have downloaded the recipient's public key on your computer, select the Import Public Keys From File option. Locate the downloaded public key file and click on the OK button. Choose the Accepted (unverified) option in the subsequent window and click on Import.

The public key of your recipient will be imported to Thunderbird, and you will have a pop-up announcing the successful import.

To make sure that it is the genuine key of the intended recipient, check if the public key has the correct fingerprint.

Call the intended recipient and confirm the fingerprint to ensure that you have verified the recipient's public key.

Once you have verified that you have the right key, click on View Details and manage key acceptance in the pop-up window. And select the Yes, I've verified in person this key has the correct fingerprint radio button. Click the OK button.

Now you have a verified public key of your intended recipient; you can send an encrypted email.

In the recipient inbox, the linked private key of the recipient will decrypt the message.

The same process will be repeated if you want to receive encrypted emails. The senders will require your public key to encrypt messages, and your linked private key will decrypt messages in your inbox.

Once recipients' public keys are saved in OpenPGP Key Manager on Thunderbird, the entire process of encrypting messages will be smooth and won't take much time.

Here are key reasons why you should use an encrypted email service:

Sending encrypted emails in Thunderbird ensures privacy and security. By encrypting your email messages, you ensure that only intended recipients can read your email. And hackers won't know the content of messages even if they are able to intercept your email. So start using the encrypted email feature in Thunderbird to protect your confidential emails from prying eyes.

View post:
How to Encrypt Email in Thunderbird - MUO - MakeUseOf

FOUNTAIN VALLEY, Calif. & SAN FRANCISCO, April 24, 2023--(BUSINESS WIRE)--Kingston Digital, Inc., the Flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, announced today it will showcase its line of award-winning Kingston IronKey hardware-encrypted products at RSA Conference 2023 (North Expo Booth #5426), one of the worlds leading information security conferences and exposition.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230424005058/en/

Kingston Technology to highlight its hardware-encrypted IronKey solutions for mobile data at RSA Conference 2023, including upcoming Kingston IronKey D500S encrypted USB Flash drive. (Photo: Business Wire)

Kingston continues to educate on the necessity and benefits of securing mobile data and how Kingston IronKey can give that data the defense it deserves. With FIPS 140-3 Level 3 (pending) Keypad 200 and upcoming D500S drives, along with FIPS 140-2 Level 3 certified S1000 and D300, FIPS 197 certified Vault Privacy 50 and Vault Privacy 80 External SSD XTS-AES 256-bit hardware encryption capable devices, the comprehensive portfolio provides security solutions for consumer to enterprise to military-grade needs. As work-from-home and the need to take data on-the-go grows, so have data losses and breaches. Kingston IronKey mitigates these risks with expanded security features like multi-password options, complex or passphrase modes, and protections against malware or Brute Force and BadUSB attacks.

"Were looking forward to getting back to RSA Conference to speak more about the importance of data loss prevention and best practices," said Richard Kanadjian, encrypted USB manager, Kingston. "Kingston IronKey hardware-encrypted drives are necessary tools for anyone who handles sensitive data to ensure not just security, but compliance with a growing list of regulations and laws, such as GDPR, CCPA, HIPAA, and SOX."

Story continues

Dont let your data be a soft target. To learn more Kingston IronKey, visit Kingston at RSA Conference 2023 booth #5426 (North Expo).

For more information, visit kingston.com.

Kingston can be found on:

About Kingston Technology, Inc.

From big data, to laptops and PCs, to IoT-based devices like smart and wearable technology, to design-in and contract manufacturing, Kingston helps deliver the solutions used to live, work and play. The worlds largest PC makers and cloud-hosting companies depend on Kingston for their manufacturing needs, and our passion fuels the technology the world uses every day. We strive beyond our products to see the bigger picture, to meet the needs of our customers and offer solutions that make a difference. To learn more about how Kingston Is With You, visit Kingston.com.

Editors Note: For additional information, evaluation units or executive interviews, please contact PR Team, Kingston Technology Company, Inc. 17600 Newhope Street, Fountain Valley, CA USA 92708, 714-435-2600 (Voice). Press images can be found in Kingstons press room kingston.com/company/press/

Kingston and the Kingston logo are registered trademarks of Kingston Technology Corporation. IronKey is a registered trademark of Kingston Digital, Inc. Kingston FURY and the Kingston FURY logo are trademarks of Kingston Technology Corporation. All rights reserved. All trademarks are the property of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230424005058/en/

Contacts

Shealyn TorunoKingston Digital, Inc.714-435-2600PR@kingston.com

Read the original:
RSA Conference 2023: Benefits of Kingston IronKey Encrypted Solutions - Yahoo Finance

Google finally made good on its promise to make all RCS group conversations end-to-end encrypted last December when it rolled out the security feature, but it was limited only to beta testers. That changes now with the wider release of encrypted RCS group chats.

The app already encrypts chats between two Android users. But now the encryption is making its way into group chats on the stable channel, catching up with many of the top messaging services such as Signal and WhatsApp.

The folks over at Android Police (opens in new tab) have seen E2EE enabled for an RCS-enabled conversation, although the outlet notes that you may have to update the app to the latest version in order to get access to it. The feature is available at least on version 20230329_00_RC01.phone_dynamic of Messages.

While the rollout appears to be widespread, Google has yet to publicly announce the latest development. Nonetheless, this is a significant step in Google's effort to give users confidence that their conversations are safe from third-party eavesdropping.

Googles messaging app has supported encryption for one-on-one conversations since 2021. It is unclear why it took the search giant so long to release E2EE to RCS group chats. As more security flaws emerge in the mobile world, its more critical than ever for companies to encrypt your data, not the least of which is your conversations.

However, since the technology relies on RCS for encryption, it is not compatible with iOS users. Apple's iMessage has long held out against supporting the standard, despite Google's repeated attempts to convince Cupertino to hop onboard the RCS bandwagon. So, if you have an iPhone-toting friend chiming in, be aware that the messages you send to them are not encrypted.

Read the original:
Google Messages finally releases end-to-end encrypted RCS group chats to more users - Android Central

TU IS / Getty Images

With its newOnline Safety Bill,the UK government is about to ban WhatsApp, Signal, iMessage, and any other encrypted messaging app from the country.

The new UK legislation isattempting yet another impossible end-runaround encryption. It is dressed up to look like a set of laws that will keep people safe while using social media. And while it does not explicitly require that social media and messaging networks drop encryption, the law gives powers to the UK's regulatory body, OFCOM, which it can use to do so. And that's not even the worst part. The bill attempts to circumvent encryption by requiring messaging apps to monitor the messages and photos on your device and then report any illegal activity to the authorities.

"The proposed bill would require any service provider who operates a platform in the UK to proactively monitor users' content for the presence of certain illegal content. When it comes to platforms that use end-to-end encryption (e.g., WhatsApp), the bill would likely require using a technology known as 'client-side scanning' to enable these platforms to remove illegal content or allow it to be reported to law enforcement authorities. Client-side scanning is not specifically required by the bill, but there are no other known means for complying with this law," DT Alemayehu, anIP, technology, and entertainment attorney,told Lifewire via email.

Encryption is pretty straightforward. Something is either encrypted or it isn't. Governments around the world have long insisted that theyshould be given some kind of back door keyso that they, and only they, can snoop on encrypted traffic. But that's flat-out impossible. If the encryption is weakened to allow snooping, then it is weakenedfull stopand therefore useless. And even if it were somehow possible, how long would it take for those magic keys to leak out of government offices?

It wouldn't make sense... to so drastically violate the value proposition of your platform that you alienate theoverwhelming majorityof your users.

Further, encryption isn't just for messaging apps. If it was compromised, you couldn't do online banking, shopping, or anything requiring a secure connection, because it would no longer be secure.Weakening encryption would destroy the online economy, while any serious bad actors would just switch to another communication method, leaving the government to snoop only on regular folks.

WhatsApp and Signal, along with several other platforms and privacy advocates, have co-authored anopen letter warning of the bill's threats to privacy and security. And while the bill does not explicitly call for a weakening of encryption, it would certainly end up that way. Eventhe United Nations is against it. If companies were to comply, this would break encryption for the entire internet, not just for the UK.

"The UK's online safety bill is an existential threat to safe and private communications," Signal'spresident Meredith Whittaker said on Twitter.

Perhaps the UK government knows this and intends to use the new legislation as a stick to get what it wants another way. Do you remember when Apple outlined its plans to scan the photos in your iPhone's photo library for child sexual abuse materials (CSAM)? One clause in the new legislation would require the same thing, only for your messages. And, of course, once this is possible, your messages could be scanned for anything the government or law enforcement agencies want.

Signal, WhatsApp, and others have explicitly stated that they will cease operations in the country if the Online Safety Bill passes as is. It would, as we have mentioned, be technically impossible for them to comply while still providing their current and promised services.

Imagine that a law was passed to force all prepared foods to contain meat. What would vegan and vegetarian food makers do in this situation? They'd have to shut down or pull out of the country. Like Signal and WhatsApp, they could not comply without completely changing their business model.

Thanmano / Getty Images

"If the UK actually passes this law, service providers like Meta would simply pull their app out of the UK market. The UK represents a small fraction of any one platform's user base. It wouldn't make sense, from a business standpoint, to so drastically violate the value proposition of your platform that you alienate theoverwhelming majorityof your users," says Alemayehu.

And that's the risk. By trying to circumvent one of the fundamental technologies of the internet, a government risks annexing its country from that internet. You literally cannot have a WhatsApp that operates internationally but also allows only the UK government to access only British citizens' messages. So the alternative is a separate WhatsApp network designed specifically for the UK or no WhatsApp at all for British citizens.

Thanks for letting us know!

Get the Latest Tech News Delivered Every Day

Tell us why!

Go here to read the rest:
Why the UK's Encryption-Busting Online Safety Bill Is Wishful Thinking - Lifewire

Proton, the company behind the security- and privacy-focused Proton Mail and Proton VPN, has launched a beta version of its new password manager.

Going under the unsurprising moniker of Proton Pass, the software is described as "perhaps the first one built by a dedicated encryption and privacy company". What this means in practice is that security is greater than in other password managers, with end-to-end encryption on all fields of forms.

See also:

Proton Pass comes largely thanks to Proton's acquisition of SimpleLogin last year, and the company says that a password manager has been one of the biggest requests from users of its other products.

Pointing out how Proton Pass is differs from other password managers, CEO Andy Yen says: "while many other password managers only encrypt the password field, Proton Pass uses end-to-end encryption on all fields (including the username, web address, and more)".

He goes on to explain:

This is important because seemingly innocuous bits of information (such as saved URLs, which many other password managers don't encrypt) can be used to create a highly detailed profile on you. For example, if an attacker can see that you have passwords saved for an account with Grindr, gop.com, or even a manga fan site, theyll know a lot about you as a person, even if they can't actually access your accounts.

Details of the Proton Pass security model can be found here, but the company provides the follow quick summary:

Cryptographic details matter, and Proton Pass uses a strong bcrypt password hashing implementation (weak PBKDF2 implementations have made other password managers vulnerable) and a hardened implementation of Secure Remote Password (SRP) for authentication. Proton Pass is also one of the first password managers to include a fully integrated two-factor authenticator (2FA) and supports 2FA autofill. This is meant to make it easier to use 2FA everywhere since its one of the most effective safeguards for your online accounts.

For the time being, access to the beta program is invite-only, and emails are being sent out now. The full public launch is scheduled for "later this year", but Proton has not been specific about when this means.

More information is available here.

Read more here:
Proton Pass is a new password manager from encryption specialists ... - BetaNews