Mailinglist Archive: opensuse (908 mails)

< Previous Next >
Re: [opensuse] RESOLVED Off-Topic: sending details (in)securely via email
On 31/05/16 14:30, Carlos E. R. wrote:
On 2016-05-31 05:40, Greg Freemyer wrote:
The thread was TL:DR, but for the initial request, I send encrypted
zip files as attachments fairly often.

If the email sending won't allow that, I upload the encrypted zips to
a website in a temp folder and leave it there until the recipient says
they have it.

There is a problem with that. Once the recipient opens the zip archive
(I have found some that do not know how to do this!), they will save the
documents in clear in a folder, and possibly transmit it again to
somebody else, in clear.

There is thus some advantage with sending a protected PDF file instead,
it will always be protected and saved that way. It did not occur to me
to send photos of documents this way, though.

Marking this as 'resolved' since making a decision today on a workaround. As Carlos originally suggested I created a PDF from the scan in LibreOffice and encrypted it using a password, using the additional options in the PDF export dialog both to add a watermark expressing use only by the specified company, and restricting its printing to low-res 150dpi. Though I used a colour scan (didn't read Aaron's comment about the possible illegality of that until too late), the watermark would render it difficult to forge. Of course that doesn't stop some 'malfaiteur' merely using the information should they ever get their hands on it.

I rang the office and gave them the password over the phone. Should a colour scan be illegal in France (my hunch would be that French laws won't be as stringent or indeed as sophisticated as German ones in that regard), I could surely point to the requesting email sent by my company which demands the scanning and emailing of the document without any further details on necessary techniques, nor of eventual usage / storage. And since dozens of other staff are likely to have replied by simply emailing a scan with no other protections, I find it hard to believe all such staff could face prosecution as if they're supposed to know the fine print of some obscure law.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages