When I was young, there were ads on TV for the "Famous Artist Correspondence School" by John Nagy. He was a professional artist who would teach you how to draw by sending you a packet of materials and instructions in the mail. Well, I often thought about how I can do something similar, and today I am here to provide you my "Famous Computer Products Reviewers Correspondence Course." The best part is that everything you need to get started is sitting right in front of you, and the tuition is completely free. All you need is some time to take the course, and you too can be writing reviews for major trade publications and getting paid to test products for various web sites.
To begin today's lesson, you'll need a relatively recent copy of Internet Explorer (say 5.01 or better), an Internet connection of course, and a copy of Windows. (The software doesn't run on anything else, sorry.)
Today's lesson concerns getting two encrypted email services, Hushmail and LokMail, to communicate with each other. The services are entirely web-based, meaning that you don't download (much) software to your machine but can still take advantage of their ability to secure your messages and send them around the Internet with maximum protection for your privacy. Ready?
First, go to the following URLs and register for the Services: Hush and Lok. Choose a user name and the various passwords with care, and remember to write them down on a piece of paper so you won't forget them later on. Both companies have for-fee services that offer more features and fancier stuff, but for our purposes we can sign up for the freebie services for now.
Don't forget that "https" -- for those of you that really want to learn this encryption stuff, the "s" stands for security, and that is why we are using these services to begin with: to make sure that our email remains private. You do know that any email sent around the Internet can be easily read by just about anyone, right?
You'll notice right off the bat that LokMail is a little bit more of a pain in the neck: they are very careful about the length and the kind of passwords you create. This is a good thing, because they force you to create a password that will be difficult for any random person to guess. Hushmail isn't as particular, which means its passwords are easier for you to remember, but also easier for someone else to try to break into your messages. Ah, this is the first lesson from FCPR- CC: there is a trade-off between usability and functionality. At this point, you should be taking notes about how the registration process went for your own narrative: you didn't think I was going to write the entire review for you myself, did you? The second lesson: trust your own instincts when it comes to describing your reactions to the computer product or service you are reviewing.
To make things easier for you to follow along on your computer, you should open up two browser screens: one for Hush, one for Lok. What you'll be trying to do is to send emails back and forth between the two services, even though they will originate and end up at your own modest desktop computer. The messages might end up going halfway around the world, depending on where you are located and what Internet provider you end up using. But I am getting ahead of myself here.
Once you have registered for both services, now you should follow the screens to login to both. Again, take careful notes of what is involved here and whether you like Hush or Lok's user interface and screen design (I am partial to Hush myself, because it is cleaner and less cluttered and easier to navigate, but you may feel otherwise. That is okay. The key thing here is to understand why you like one or the other design, and to try to articulate it in your review.) Also take note of any pop-under or pop-over windows that get generated by each service. (Hush is particularly annoying in this regard.) Realize that these vendors have to pay their bills somehow: after all, this is 2002 and those salad dot.com days are over.
If all goes well, you should be at the point where you can actually compose a message. For the purposes of demonstration, let's say that your username for Hush is hush1, and that your username for Lok is lok1. This means that you have created two email identities: hush1@hushmail.com and lok1@lok.com. Now try to send email from hush1 to lok1 and vice-versa, and ensure that the emails actually get delivered between the two accounts.
For the purposes of this initial demonstration, let's NOT send any encrypted messages. You'll notice (or should by now) that Hush has two different options when you want to send a message: encrypt and sign. Let's not worry about what these mean right now. You should uncheck both of these if you want to send a message "in the clear" as it is called by security folks. Hush automatically checks them both for you, because ultimately you want to send encrypted and signed messages if you really want to take advantage of their service. Lok has a more confusing but comprehensive pull-down list of choices. Note how this is done for your own narrative (Hush is definitely easier in my view, but if you need any of the choices then Lok is worthwhile.)
If you don't get messages flowing between the two services within a few minutes, you have done something wrong. This is one of the disadvantages of the FCPR-CC: I can't help you here. I will be happy to refund your tuition and suggest you consider another line of work, like becoming a venture capitalist or a shoe salesman.
Assuming you have email exchanging working properly, you are now ready to move on to the next lesson, getting set up for encrypted email. To prepare yourself, you want to review these excellent step-by-step instructions by Hush, concerning the exchange of PGP public keys.
How did I get to that particular page? Well, that is the beauty of the FCPR-CC: I do all the heavy lifting for you, so that you can concentrate on preparing your own review without having to spend hours clicking around the obscure corners of every web site. You can thank me later, and yes, the amount of your PayPal donation can have direct bearing on your ultimate grade.
What is a PGP public key? If you don't know, not to worry: most Famous Product Reviewers don't either, and they have gotten along just fine throughout their careers so far. And thanks to this Correspondence Course, I can show you how to fake it too just like the pros.
These instructions from Hush are pretty good as these things generally go. You will need to obtain a copy of your public Hush key, and then cut and paste it from the Hush screen over to the appropriate place in the Lok keyring screen. And you need to obtain a copy of your public Lok key, and get it over to the guys from Hush so they know who you are as well. If you don't do this properly, you won't be able to encrypt and decrypt messages. If you are having trouble navigating the various screens to accomplish these tasks, see me privately after class.
Now, this is where this course will have to stop, because Yours Truly had some of his own problems. Try as I might, I could only get one-way encryption working: I could send encrypted messages from Hush to Lok, but not the other way around. This is where you need a real Famous Product Reviewer to step in and write your article. I would also have called the various vendors (good luck in both cases, since there is minimal contact information on either site) and tried to walk through the process with them. But since I am not really writing a review here, I will just leave things well enough alone.
Now, all is not lost. If you are trying to send encrypted messages, you can tell all your friends and business associates to sign up with one of these (or any of several other similar services) and they will work just fine. But that isn't really the point. The level of interoperability (as we FPRs call this sort of thing) is pretty miserable.
It is also why encrypted email doesn't really work: the number of steps to get this going is enormous, in my opinion. But your experience may vary: perhaps you couldn't get anything working at all. Or perhaps, through some miracle, you managed to figure it all out. If so, please let me know, and you too can become a teacher for the next Correspondence Course lesson.
To subscribe, send a blank email to
informant-subscribe@pez.oreillynet.com
To be removed from this list, send a blank email to
informant-unsubscribe@pez.oreillynet.com
David Strom
david@strom.com
+1 (516) 944-3407
back issues
entire contents copyright 2002 by David Strom, Inc.
Web Informant is ® registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.