Paul Smith wrote: > > On 2/20/07, Les <hlhowell@xxxxxxxxxxx> wrote: > > > > > I do not want to store messages locally to minimize the risk of them > > > > > being spied by someone else. With the CustomizeGoogle extension of > > > > > Firefox, one can read GMail accounts with the https protocol, which > > > > > encrypts the communications between my machine and GMail servers. > > > > > > > > But are HTTP pages cached in your browser? > > > > > > > > I'd suggest that your mail cannot be casually spied upon on your > > > > computer if you do not share log-ins, and don't leave your computer > > > > without logging out or locking out access. > > > > > > But the traffic containing the messages may be spied between my > > > computer and the GMail server. If the traffic obeys to the https > > > protocol, hence it may be spied but it will be useless for the spier. > > > > > > Paul > > > > > You are chasing the wrong suspect. GMAIL keeps EVERYTHING!!! It never > > dies. > > Your mail may remain on their servers and be searchable forever. If you > > want to secure mail of a specific nature, you must use local encryption > > and you and the receiving party need your own encryption/decryption > > processes, preferably on a system that is never accessable to the > > external (www) network. > > I am not chasing GMAIL; I am trying to avoid that someone of the local > system administration team spies my e-mail, although I think none of > them really cares about my messages... :-) > > Paul Unlike snail mail or your conversations on company provided telephones (both of which give you a reasonable expectation of privacy in the 4'th amendment sense), you have no right to privacy on any computer or network provided by your employer. And since your employer owns the computer and network gear, they also have the right to "inspect" it any time and in any manner they see fit. Thus if you're concerned that anyone from the company where you work is monitoring your email, you need to keep your email completely off the company's systems _and_ you should NOT read that email from any of their gear. Using any of your employer's gear to read your email, regardless of where that email resides, opens the opportunity for your local sysadmin to grab copies of it, even if it's encrypted (and for some especially paranoid employers, sending/receiving encrypted email is cause for termination). Some employer monitoring can also include stuff like web browsing activity, interactive chats, et cetera. Instead, hand out only the email address you use with your ISP from home (i.e.: an account you pay for) and, if sending/receiving email before you get home from work is important to you, get a Palm, Blackberry, etc cellphone that can pull email directly from your ISP. Choice "B" is a laptop with a cellphone modem to an ISP you pay for. Note that sufficiently paranoid employers may already have policies in place preventing you from bringing any portable communications device into work. Probably not the answer you wanted to hear, -S