What your can learn from this chapter;
Because of the issues of spam, signing up for such an email is not usually an immediate and automated process. You can get an email at aktivix.org though a friend of a friend basis - if you know anyone with an aktivix.org email or in any of the following groups or networks, noborders, indymedia, hacktionlab, climate camp & social centre network - then send an email to firstname.lastname@example.org letting them know the connection and the name of the email that you would like. It may be that the person of collective that you got this booklet from can help you to get an aktivix email account. You can also sign up for an account at Riseup.net1 and Autistic.org2 .
Collectives that provide mailing lists include the following: aktivix.org, riseup.net, autistici.org. We recommend aktivix.org. Just send them an email about the list required to email@example.com. Not all names are possible, so be prepared to change. It is nice if you can state your request simply in the subject line, such as: Subject: request for list for XYZ group/purpose, because it makes it easier to separate it from sp@m.
Email is great, it's decentralised and can be made very secure. Unfortunately, many people are moving away from it towards more insecure forms of communication.
Using BCC: When writing to a number of people use the BCC (blind carbon copy) field to send the email rather than To or CC fields. This ensures that no recipient knows who else has received the mail. Unless you have the permission of everyone on the your list to share their address with the other people, use BCC keep it secret. If you need the features of a mailing list, use one.
Issues with corporate email providers: There are two key issues with a commercial webmail provider (such as Google, Hotmail or Hushmail).
The secure email providers mentioned above also encrypt all messages sent between themselves, meaning that an email from an Aktivix user to a Riseup user is encrypted both as you compose it and when it travels between Aktivix and Riseup having been sent. Any Gmail (or similar) users on your mailing list are the weak link and you could recommend a more secure email account.
Some people simply maintain a list of contacts which you include in the to: or cc: field when you send an email. Or you can use a dedicated mailing list. These can handle large lists which you simply can’t do reliably manually. The mailing list server allows people to subscribe to or unsubscribe from the list and handles security and privacy much better, so members of the list don’t automatically know the email addresses of all the other members. The list server software can also create automatic archives which can be very useful.
Lists provided by activist tech collectives are only as good as their weakest point – in other words, if just one person on your mailing list has an “@googlemail.com” address, you can’t consider the list to be secure.
Consider the following points when creating lists:
If you are concerned about privacy but not using a secure webmail service, or are communicating with someone who is not, or want an addition of level of personal security, you will want to encrypt your email. Encryption is the process of taking a plain text message and converting into something that looks like gobbledygook, which at the other end can be decrypted and the original message restored.
The Free Software tool of choice for this is called GPG, the GNU Privacy Guard. Most people, even well rounded techies, find GPG tricky to get their heads around. Give yourself time to look at this - and it may take some time - but it is worth it.GPG encryption uses pairs of numbers we refer to as key pairs. GPG will help you generate your key pair, comprised of a public key and a private one. You need to give your public key to anyone you wish to have encrypted communication with.
Your private key you will keep absolutely secret and never ever reveal to anyone ever, as it is used to decrypt email sent to you. It is so very secret that it needs protecting with a passphrase, which is basically a very long password.
GPG helps because by encrypting the email using the recipients' public keys, the sender can be assured that only the authorised recipients will be able to read it (privacy). If the email is signed by the sender's GPG key, the recipient can be assured of the identity of the sender (authenticity).
There are two main ways of using GPG. The first is with an email client like Thunderbird. The second is with an Add On for Firefox called FireGPG.
Step by step instructions about setting up and using GPG with the popular Thunderbird email client can be found in the book Basic Internet Security. 3
If you use webmail and it is not an option for you to use Thunderbird to check your mail, there is an add on which you can use to use GPG from within the Firefox web browser. In general it is best to use a mail program like Thunderbird in stead of using Webmail. Accessing your webmail from an untrusted environment like an Internet café is discouraged, because you cannot guarantee your password or traffic will not be intercepted. Using PGP in that situation may even make matters worse. Your secret key and passphrase, which you carry around on an USB-stick, may be read by a malicious program on the computer. In short, only use FireGPG to access your webmail in an environment you trust. There are instructions for installing FireGPG on their website. http://getfiregpg.org