Private Messages on the Internet Don’t Exist

I thought I’d bring this up because the subject cropped up on a forum I frequent. If you’re planning an illegal activity involving illicit substances do not do it on a public forum or through e-mail (seriously it makes the rest of us on that forum look bad). Private messages don’t exist online (in 99.99% of cases). The messages you send and receive are almost always in plain text format that can be read by anybody with the correct credentials. This means a system administrator can see any private messages sent by any user on the system they administer.

This in of itself may not be a huge deal but if that administrator is served a subpoena for those messages they must legally provide them to the authorities. The same goes with e-mail. E-mail may be encrypted from your system to the e-mail server but it’s most likely not encrypted on the e-mail server after arrival. This means any authority figured with a subpoena can obtain those messages and according to an EFF summit I attended at Defcon any e-mails older than six months don’t even require a subpoena to obtain.

Basically if you’re going to do something illegal, embarrassing, politically unacceptable, etc. don’t do it online. Even if you control your e-mail server you don’t control others’. When somebody on GMail sends an e-mail a copy is stored in their sent folder which includes information on whom it was sent to.

I’ll close in saying the best way to avoid getting in trouble with the police is to avoid doing illegal activities. With that said this advice also applies to things outside of criminal activities such as politic dissidence. Basically anything you want to keep private should be encrypted end to end and stored in an encrypted format that can only be unencrypted by the sender and receiver of the message.