A friend of mine in Vietnam had cablemodem installed in her place a few months back. Unfortunately the person who installed it was a very unprofessional young man. She is a hot chick and he was gawking at her the whole time, asking her personal questions, etc. He had to come back once or twice before the cablemodem finally worked properly. Then he started IM’ing her. He started knowing things he should not. Eventually it was determined that while he was setting up the cablemodem he had installed spyware including a keylogger onto her computer and basically took over her whole online life. What a nightmare! She complained to the cable company and the guy got fired but that does not get her information back. Now they are just waiting for the extortion letter. No joke.
The moral of the story is do not use any free webmail service for anything even remotely important. This may seem obvious to many people but many more still don’t seem to realize the implications. Do not store or send any info on a free webmail service that you would not want posted on the bulletin board at work.
The big problem is control. Who has the real ultimate control over your webmail account? Whoever owns the hardware it is hosted on which is invariably a big corporation who doesn’t give a care about you the individual. My friend emailed yahoo a number of times about getting her account either restored to her or deleted entirely but they get a million requests like this every day and completely blew it off. There is no reliable way for her to prove who she is to yahoo. She set a “security question” years ago to be used in such an event when she created the account but no longer remembers the answer.
So what is the answer? The answer is to only use email accounts with someone you can hold directly accountable. When using free email they are under no obligation to do anything for you. When you use your local ISP’s email account you can always show up at their office with your ID and prove your identity and have them reset your password. Or if you are technically inclined (most of the people who read my humble blog probably are) you can do like I do and run your own mail server. Or you can ask a trusted friend for an account on their email server which they are likely to happily provide as it costs them nothing.
Which leads me to the second part of my rant: Windows is a completely insecure piece of garbage which I will never use for anything. And I am determined never to enter my password into any sort of Windows box again since you can never tell if a keylogger has somehow been installed. I am looking into some sort of one-time password system to use as well. This is where you carry around a list of passwords in your wallet and the system accepts each one only once and then it is never to be used again so it does not matter if someone snoops it. Then I could occasionally enter my password on a Windows box and not have to worry about it being stolen. Since the keylogger incident my friend has started migrating to Linux. She finds it relatively easy to use for her common tasks but needs some hardware upgrades to run Fedora Core 5 seeing as how she has been running Windows 95 or 98 which has more modest hardware requirements.