[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Jan 13, 2015 at 08:18:12PM +0000, peter walker wrote: > It's always confused me that banks send us unsigned email warning us > about phishing attacks then ask us to click on a llink to check our > account. Or send us an email telling us to log in to the banking site > and then read a message posted there (which turns out to be an advert > for mortgages). Do banks still include clickable links in such emails? I thought they had long stopped doing that. > If the high street banks had got together and agreed that encrypted > email was the way to go then we could all communicate with them securely > without the need for other programs/web pages. As the banks all want > proof of id for everything (often in person) then they would have been > in an ideal situation to kick off some key signing. Except that encryption is hard, at least as a concept to understand. If everyone were to use PGP (or some other kind of end-to-end encryption), it would seriously hinder mass surveillance of email (except that PGP still shows metadata). But it wouldn't significantly solve the far more tangible problems of phishing and other kinds of banking fraud. > Of course if all this had happened then it would be a lot harder for the > authorities to read our email so Dave would really be complaining. Banking - assuming people use banks in the UK, as most people do - isn't a problem for Dave: he could just knock on their doors, show a warrant and he's given access to all the emails he needs to read. His problem is people using end-to-end encryption (e.g. WhatsApp) to communicate to each other, or using HTTPS to connect to a server not covered by UK law. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq