Readers’ comments
Your views and feedback from email and the web
Email signing
I endorse Tim Watson’s letter suggesting an article on email security ( see issue 283, p29). I’m also encouraged that email signing seems to have taken root in Jon Honeyball’s influential mind. However, Tim seems impressed by the DKIM initiative which is, sadly, too little way too late. All it does is certify that an email comes from the domain it purports to come from. It only addresses the class of fraud that persuades the recipient to click on a link and, even then, it can easily be circumvented by registering and certifying a close variant of the target domain. Furthermore, there is
Why is it so damn difficult to get signing certificates that represent actually useful claims?
no easy way for a recipient to establish if DKIM has been applied, so it fails to provide either a positive or negative basis of trust.
As I suggested in my original letter ( see issue 281, p28), what is needed is end-to-end signing with certificates that represent legally protected, publicly recognisable properties such as registered trademarks and company numbers. Email clients need to display this information inside a distinctive visual envelope, and we can then set about educating the public to disregard any identity claims made outside the envelope similar to what has been achieved with the lock icon in web browsers.
And Jon is right, why is it so damn difficult (and expensive) to get signing certificates that represent actually useful claims? I am a member of the Institution of Engineering and Technology (IET), which issues paper certificates of professional qualifications. I have tried to convince it several times – without any success – to extend this to cryptographic certificates. Similarly, my bank has verified my identity for money laundering regulations, so why can’t it provide me with a signing certificate? John Hind
VPN: Very possibly nosy?
I read your feature on choosing a VPN with interest ( see issue 283, p46), but it’s left me with questions. First, how do you know that the VPN you’ve chosen is trustworthy? Couldn’t it be capturing and selling your data without your knowledge? And second, doesn’t using a VPN just alert the authorities to the fact you might be up to no good? Oscar Louis
There are many legitimate uses for a VPN. Crucially, using one on a public network means any data that passes over the air is encrypted, and kept safe from snooping. No “authority” could argue against this. VPNs are outlawed in some countries, but usually as part of state censorship.
That said, we wouldn’t recommend using a VPN to cover up misdeeds. If you are doing anything illegal, this could be clocked and reported by your provider, which leads us back to your first question.
You can never know for sure what your VPN provider is doing with your data when it passes through its servers, but the same is true of your ISP and whichever mobile network provides your data connection. Pick a reputable, paid-for service that’s had good reviews, and be prepared to move if necessary.
Money well spent
I notice with interest that you’re planning to run comparisons between Microsoft Office and the various “free” alternatives in next month’s PC Pro [ see p30]. I have no doubt that the article is already written, but you might be interested in my experiences doing the same comparison.
We have at home three computers of varying age on which we run an ancient version of Microsoft Office (2003) to our complete satisfaction. Our printers and scanners are a Canon Pixma MP970 inkjet and a Samsung C1860 colour laser.
I’ve been experimenting with LibreOffice version 5.3 to see if it can replace the features of Microsoft Office that we need with something more up to date. Up to now it has fallen a long way short, particularly with opening Microsoft Office files produced in Word and Excel, and direct OCR import. Enter the sparkling new LibreOffice version 6.
On our oldest computer, a 2008 Toshiba laptop running Windows 7, the results were promising, but Help is unavailable and although I can scan in images and export to PDF, I still can’t find a way of doing direct OCR into Calc and Writer. So, the winner in this particular round remains Microsoft Office 2003.
On the next oldest machine, a 2013 HP desktop, also running Windows 7, LibreOffice 6 appears to install but refuses to run. I have had to go back to version 5 on this machine, where I can now do some of what I need except open Microsoft files satisfactorily and direct OCR to Calc and Writer Once again, Microsoft Office 2003 is the winner.
On the newest machine, a 2015 Acer desktop running Windows 7, LibreOffice 6 installs and runs. Help is available, but the program doesn’t recognise the existence of either of our scanners or printers and Help offers no help. Hopeless. Once again, Microsoft Office 2003 wins out. It’s been a superb investment. Mike Gosling
Corrections & amplifications
In last month’s review of the Honor 9 Lite ( see issue 283, p70) smartphone, we stated that it didn’t include NFC. This was incorrect. Our apologies for this mistake.
Issue 282 saw the final sentence chopped off the columns of two Real World Computing contributors. Paul Ockenden’s final sentence should have read: “…there is good [GDPR] training out there – it just doesn’t pretend to be something that it isn’t.” And in the same month, Davey Winder’s concluding sentence should have read: “Admittedly, [ClamWin] is a bit of a pain to install as a portable app, but it’s worth the hassle. Download and configuration instructions can be found here: pcpro. link/282clam.” Apologies again!
We have at home three computers that run Microsoft Office 2003 to our complete satisfaction