Within the final months I fairly often was able the place I wanted to ship an e-mail attachments with delicate content material to somebody whom I did not know nicely personally (in order that I might discuss to them how arrange encryption), however about whom I knew that that they had little IT background and barely knew easy methods to function a mail consumer. I am not an skilled myself, however I do know there may be such a factor referred to as PGP and with a while&ache I can get it to work.
(Think about the receiver to be a non-tech particular person from a giant firm who little no time to cope with encryption and me being an non-IT engineer, who’s technically minded, however doesn’t have deeper IT/infosec data and desires to guard his privateness as a lot as is feasible.)
As a result of it isn’t clear to me that the e-mail that I ship will likely be ship through TLS between server (and additionally it is not clear to me why I ought to belief these intermediate servers), it appears a really unhealthy thought to a pdf with ship delicate content material as a normal mail attachment.
Out of desperation I’ve resorted to importing the pdf on a file sharing platform (which we will assume to be trusted, in order that my information is secure there). Then I ship the obtain hyperlink to that file through (unencrypted) mail. The hyperlink has an expiration date and is password-protected and I am sending the password alongside the hyperlink; this will appear silly on the first look, however please learn alongside.
On this approach the receiver of the e-mail can nonetheless simply entry the file with out additional IT data on his facet, however my privateness is barely enhanced: Whiile I do know that if somebody could be after me and is intercepting my mail, it will nonetheless be very simple for him to get his arms on my pdf, if he’s quick sufficient to obtain it earlier than the hyperlink expires (which is normally just a few days). However my menace mannequin isn’t about defending towards that kind of assault, however moderately about defending myself towards automated information assortment & hoarding (suppose, e.g., authorities authorities snooping on subway cables).
I might assume, since getting the pdf includes some human motion, similar to filling in a password, that even when my information is collected, it is going to take too lengthy till a human appears at at and by that point the hyperlink could have expired.
My query is:
Is that this an excellent answer for my very reasonable menace mannequin described above? My file sharing platform does not use Captchas when one introduces a password to obtain a file. I assume that, if they might, that I might be 100% safe towards such automated information assortment, since even when such software program would additionally robotically extract the password from the mail (which I doubt would occur, as a result of in the event you hoard tens of millions of mails which have passwords in them, you would want a really great amount of computational energy to run automated NLP algorithms on them, to get the right string that’s the password, maybe greater than is accessible), it couldn’t go previous a Captcha?
Are you aware another strategy to securely ship the e-mail attachment (together with any enhancements to my answer above), in order that the obtain can nonetheless obtain it with minimal IT data and time funding?
(Observe that there was one other query right here relating to sending of hyperlinks in mails, however my use case is totally different and extra particular.)