Security of Snail Mail vs Email

Re: Security of Snail Mail vs Email

You need a third option. Neither. I don't find one more secure than another, but I do find both of them very insecure. I still have some of my mother's statements, where the postings and information each month were done by hand (yes, I mean hand written).

Frankly, I intend to go right on with the paper statements. I still get (most of) my checks returned each month. I pay some bills electronically, but from the bank. I let no one remove money from my account. The only things I pay electronically are those items where it speeds up the process (such as a credit card).

But I digress (how unusual)...

The reason I want that paper is that you never know when you're going to need proof of payment. Electronic statements are the final nail in the coffin for checks being returned. In addition, electronic statements presuppose that I'll always have access to them, in whatever form they're in. Having used paper tape to decorate a christmas tree (years ago), and punch cards as book marks (still), I am more aware than most of how ephemeral all electronic storage is.

Remember those statements of my mother's? You think that you're going to have that kind of access twenty years down the road, when you're trying to trace back some item or other? How about even three years (a more likely scenario)? Nah. I'm keeping the paper. Maybe 10 or 20 years from now all this will start to be consistent, but that time isn't here yet. Wait until the electronic banking industry gets out of beta.

Re: Security of Snail Mail vs Email

I agree that both are insecure. All you can control really are the end points. I host my own mail server so at least my end point is under my control. It's the journey that the message takes be it electronic or otherwise that is always in question.

However, I hate paper. Give me a piece of paper, a business card whatever and i will lose it before I walk out the office door. Paper and myself have like charges and we repel each other. So I use electronic means in most of my daily life. Which by the way you are charged for a lot of the time; usually more than the price of a stamp.

That's why I didn't vote. Change it to preferred method and I would chose electronic.

Also, are the communications going out over the wire in the clear(not secure), SSL(better), and or PGP(still better)?

xor

PS Defcon was great, I'm still dehydrated from all the festivities.

Re: Security of Snail Mail vs Email

Though it depends on your bank, "electronic copy of your statement" doesn't necessarily mean that private data is transmitted through email. In my case, with one of my accounts, their electronic copy is held on their website. The only thing I get by email is, "a new statement is ready. Go to our site to login." The only leakage here is:
1) I might have an account with the sender
2) My email address that they use to contact me
3) When they usually notify me that I have an account statement ready

With that checking account, they also keep electronic copies of checks, with both sides scanned with https access to review any checks I've used, and opportunity to download each. This is convenient, because I am sure my banks backup system is better than mine, and a burglary in my house, or fire won't lead to loss of my paper records to evil or irrecoverable loss while they are stored at the bank.

I've tried this with my phone account too, but they have information leakage in email which includes your name, your phone number, your account balance. I stopped that electronic service, as the value gained in off-site storage was not worth the risk in exposure.

[Edit:]
I do agree with bank sending of money from my account, not my other accounts pulling money from my Bank. There are huge risks for costly mistakes which can happen when you give your other accounts access to take money from you without your active, explicit permission with approval for each and every transaction. Your bank is *your* customer with legal obligations to abide by with access to your money. You have more protection when you explicitly authorize and approve each and every transaction. When you give others access to take money from you, you have fewer protections, and an increase in delay to having problems fixed, and get money returned when mistakes are made. Additionally, when such mistakes are made, you may still be stuck with fines and fees related to the mistake. You must then spend time to try to recover any such fees or fines, with no guarantee that you will be compensated. I realize that court is an option, but would you pay $10-$40 fee for small claims court, to recover $14 in fees? What about the time that would be lost in going to court, especially is multiple trips are required?

Re: Security of Snail Mail vs Email


This is a no-brainer if you understand the problems of regular post.

1. Postal service constantly changes carriers on given routes (vacation, route loads, new construction on routs that cause delivery changes, and the 1# reason of cutting costs on route runs by constantly changing and reassigning routs).

2. Mistakes because of the above occur when mail is miss directed, lost, not delivered on time or at all.

3. Inadequate postage. Mail gets handled two or more times.

4. Inadequate address information. Mail can literally end up anywhere and often times does.

5. Confusing business and residential numbers. Anything from no house number or business number to streets labeled strangely where new construction occurs.

6. Sloppy carrier.

7. Your mail stuck or lost in another piece of post.

Many folks simply do not look to see who the post is addressed to before opening it. It seems to be a unwritten rule that if it's in a given persons mail box it must belong to them. I've found this especially true of elderly folks on my street. Could be that possession is 9/10th's of the law thing?

I've had a great deal of my post delivered to and opened by neighbors over the years on my street, two streets over, and clear across town for just a few of the aforementioned reasons. I'm not sure why, but I've lost three credit card statements, two of which my nice neighbors next door opened but returned to me, and one that vanished into the abyss. Naturally all three accounts were immediately canceled. Email of almost any kind is inherently safer than regular post. There are days I'd trust a pizza delivery guy more to deliver my mail across town.

Re: Security of Snail Mail vs Email

He/she gets a tip. :-)

xor

Re: Security of Snail Mail vs Email

Those are some very good considerations. Particularly the difficulties with postal delivery/opening which I hadn't really thought of. That is, I'd thought of postal system as somewhat analogous to internet routing with changing paths/handlers depending on load/day, but hadn't really considered the issues with misdelivery/handling.

The main thing I had considered:
Unless using SSL, PGP, &c, any information sent as part of a mail message is in the clear at any point along its route. In my head at least, this feels like my [whatever organization] sending me updates on postcards.

Every week or two I get another coupon to Bed Bath and Beyond addressed to one previous tenant or another.

Re: Security of Snail Mail vs Email

This is quite rational thinking when connecting a to b, but with manual delivery, you have to factor in the volume of post and the mistakes humans make daily by those sending it and the others just doing their jobs.

Re: Security of Snail Mail vs Email

I think its 6 a one half a dozen of another, with neither being secure.

One bad experience with snail mail though:

Snail Mail:

I had several credit card statements go missing in a row. I dont know if the roommate took them or they got lost in the mail. I had to pretty much yell at my bank to stop sending me my credit card statements by mail because A) I did all my credit card payments through the banks site and B) it had my full cc number at the top of each page of the statements. Why I dont know and I said how stupid that was and the person just shrugged.

I just have all my bills set up to be paid through the bank so I know when the money is coming out and when.

Re: Security of Snail Mail vs Email

That in itself (as you suspected) is a security risk. Not to change the subject here, but am I the only one who micro shreds all those credit card offers that come to the house? If left unshreded, what kind of a security risk are they if tossed in the trash that goes to the curb?

Re: Security of Snail Mail vs Email

You are not alone in doing that. It's a big enough risk, IMO, and the time required to prevent it is small. It's an easy trade-off.

Re: Security of Snail Mail vs Email

I love you both, because that line of discussion is a perfect lead-in to this article which absolutely love sharing with everyone. A very fast read, and hilariously informative, to boot.

Re: Security of Snail Mail vs Email

Very nice! That now beckons the next question.. How much shredder to buy for the job? Considering that there are 6 Din shred levels of security, where does one find the best deal on cross cut - pulverizing shredders for the job at hand? Also I've found that the boasted specs on a given shredders cut size is stretched in truth so where does one cut through (no pun intended) that crap?

Re: Security of Snail Mail vs Email

I have a micro-cut shredder from Staples. It doesn't reduce things to the dust I was used to before I retired, but it's very close. Trust me, with this one, there is NO reassemble. I shred almost everything with my name on it. Outside of spending $2000-$15,000 for a unit, this is probably the best thing to have.

I also call companies that send credit offers and such and threaten legal action. Sometimes it works, sometimes it doesn't. Discover now leaves me alone.

I *do* miss the shredder that was in my office though. It turned paper into dust; it was a thing of beauty. Remember, if someone wants your data, cross-cut isn't much safer than strip-cut. According to the Wikipedia article referenced above, the type of shredder I currently have is a particle-cut shredder. After it's shredded, I put it in the compost heap as dry matter. Works for me.

Re: Security of Snail Mail vs Email


Most of the time i do micro shred them. Some times I just turn into a little pyro for 2 minutes and burn them in a burn barrel in my back yard as way of having some fun.

I should start calling them and threaten legal action with the amount of "your in college get your first credit card" offers i get. >.< its sickening