How to Secure Your Outlook Email Messages with a Digital ID

Ask @WinObs: How Can I See What Data the Web's Biggest Companies Keep?

A. As more data breaches result in more of our personal information being leaked or stolen from the various websites we use, data privacy is becoming a growing concern for everyday computer users.

Your information and habits are the currencies used to pay for many services that you get for free or at a reduced cost. But as security breaches rise, more people are rethinking whether they want to pay that cost. And that means more users are looking to exercise increased control over that information across the web.

In response, some tech firms are looking into ways that they can offer you more control over the delicate exchange of data for goods and services.

In past Ask @WinObs articles here on Windows Secrets, I have also written extensively about the new privacy controls Microsoft has introduced with Windows 10. These controls, which have been updated in each subsequent feature update that has been released over the last two and a half years, give you access to view an delete information that is used by Microsoft.

That Microsoft Privacy Dashboard has become quite extensive over the course of the last 11 months since it was introduced by Microsoft. That is also where the new Windows Timeline feature, which is going to be tested in Windows 10 Redstone 4, will get its information.

I went in search of similar dashboards for four of the largest companies on the web that we interact with on a near daily basis. These companies, Google, Facebook, Twitter, and Amazon provide very mixed results with what control they allow you over the information you provide.

Here is what I found.

Google

Google is the only company in this list to offer Microsoft-level granular controls over the user data that follows you across assorted services.

The Google Dashboard is a one stop location where you will find every Google service listed that you use or have used in the past. It is broken down into three areas:

• Popular Google Services
• Your Google Services
• Your Activity Data

When you open up each individual area you will be provided details about that service, what it knows about you, and links so that you can directly access the service, change settings, and review your data.

Like Microsoft’s Activity Tab in their Privacy Dashboard, you can also download an archive of your Google related data from there.

Facebook

The massive social network learns a tremendous amount about us as we use and interact with the service however, there does not appear to be a single spot for your to review all of that data or remove it from the service.

Facebook does have a Privacy Settings and Tool page that allows you to control who can see your posts, contact you, and search for you. In addition, under Timeline and Tagging you have control over who can post on your Timeline, who can see that content, who can tag you in posts or images, and allows you to choose to review those items before they go live on your Facebook page.

Now you can go to the Facebook Activity Log and review/remove items on your Timeline such as posts, comments, videos you have watched, and an entire list of other activities but it is a manual one by one process. If you have been on Facebook for a while those lists of items can be quite lengthy depending on your level of sharing.

Twitter

The other big social media network many of us use each day has its own Privacy and Safety settings page but Twitter limits what you can do with the data the service has collected from you over time.

On that page, the only option for removing the data Twitter has is to delete location data from any tweets that might have had that setting turned on at some point. No options are available to be selective here so it is all or nothing on the location data on your past tweets.

You can also turn off the location setting for any future tweets — this option is on Twitter’s Privacy and Safety Settings page.

A second page, Your Twitter Data, provides you a list of data collected as you used the service. This includes places you have been, what apps you have installed on other devices/handsets (they have no access to data in those apps), and topics that are associated with you based on your profile and activity on Twitter. You can tweak (or turn off) those interests directly on this page under Your Twitter Data settings.

Finally, if you want to control some of the data which is collected as you use Twitter you can go to the Personalization and Data settings that fall under the Privacy and Safety page. There is an option to disable (or enable) all of these settings at one time or you can selectively opt in to these options:

• Personalize ads
• Personalized based on your apps
• Personalize across all of your devices
• Personalize based on the places you’ve been
• Track where you see Twitter data across the web
• Share data through select partnerships

Amazon

Although past orders can not be deleted, you can manage the list of products you have browsed on the site, thus modifying the types of recommendations you get (and the pool of personal data repackaged for third parties). On the “Your Account” page, there is an option for Browsing History and once you are on that page there is a link to Manage History. Click that for the drop-down box to show you the options available.

From here you can turn Browsing History on and off or remove all items from your Browsing History. If you want to keep some items in your Browsing History, then you can selectively remove them one by one.

Next, if you own a Kindle you can go to the Manage Your Content and Devices page to remove items from your Kindle Library and individual devices.

Lastly, you can adjust the recommendations that are made to you based on past purchases and items you own from the Recommended for You and Improve Your Recommendations pages. This is another very labor-intensive process because you have to mark each item individually. So decide how much time you want to spend sifting your data, set up a playlist and grab a refreshing beverage, and get to it.

How to Secure Your Outlook Email Messages with a Digital ID

You can protect your email messages from prying eyes via a digital ID.

You need to send someone personal documents or information, such as financial account details, your social security number, or your income tax numbers. You don’t want to or can’t fax or snail mail the information. Email is the quickest and easiest mode of transportation. But email by itself is not secure. How can you tap into email but at the same time make sure your message doesn’t get intercepted by the wrong people? One solution is to use a digital ID. Through a digital ID, your email is encrypted and certified as coming from you as the sender so that you and your recipient can be assured that no one tampered with it. For this to work, however, your recipient also must have a digital ID.

On its webpage to “Find digital ID or digital certificate services,” Microsoft describes the benefits of a digital ID as follows:
“Digital IDs, also known as digital certificates, help to validate your identity, and they can be used to sign important documents electronically. They can also be used to help protect messages by adding a unique code to the message called a digital signature. A digitally signed message proves to the recipient that you, not an imposter, signed the contents of the message, and that the contents haven’t been altered in transit.”

Setting up a secure ID is a tricky and lengthy process as both you and your recipients need to establish digital certificates to exchange encrypted emails. But if you follow the right steps, you can ensure that your emails to those recipients are safe and secure. I’m using Outlook 2016, but the process as described by Microsoft also works with Outlook 2013, 2010, and 2007.

To get started, open and read the Microsoft webpage to “Find digital ID or digital certificate services.” Then click on the link to “Get a digital ID for Outlook.” At the corresponding page to “Get a digital ID,” read the details on obtaining a digital ID for Outlook and then click on the link for your version of Outlook: either 2016, 2013, 2010 or 2007.

Segue back to the webpage to “Find digital ID or digital certificate services.” Here, Microsoft recommends three services that issue digital IDs: Comodo, GlobalSign, and My Credential from GeoTrust. GeoTrust no longer offers credential certificates. GlobalSign charges $369 per year and up. Comodo offers a certificate for free, so that’s your best bet among the three. Click on the link for Comodo. At Comodo’s website, click on the Sign Up Now button and then read and fill out the Application for Secure Email Certificate.

After you fill out and submit the form, check your email for a message from Comodo with details on how to collect your email certificate. In the message, click on the button to Click and Install Comodo Email Certificate. The email also provides a link and a password to use if you have trouble installing it in your default browser. Be sure to use Internet Explorer, Google Chrome, or Firefox, (but not Edge). Your certificate should install, triggering a message that “Your personal certificate has been installed.”

Yes, the certificate installed but it installed for your web browser, not for Outlook. You now need to export the certificate from your browser and import it into Outlook. Instead of my going through the steps for each browser, I refer you to a Comodo Knowledgebase page on how to export the file. To spare you from having to trudge through the entire page, this link offers the steps for Internet Explorer, this link for Chrome, and this link for Firefox.

After you’ve exported the certificate as a file, return to Outlook. Click on the File menu and select Options. In the Outlook Options window, click on Trust Center and then click on the button for Trust Center Settings. In the Trust Center window, click on Email Security and then click on the Import/Export button.

At the Import/Export Digital ID window, click on the Browse button. Browse to and select the exported certificate file. Type the password you chose for the file and then click OK. The next window tells you that “An application is creating a Protected item.” By default, the security is set to medium, which only requires your permission each time you attempt to use the certificate. If you’re concerned about someone using your computer to send secure emails, you can click on the button to Set Security Level and set the level to High, which requires a password whenever you try to use the certificate. Otherwise, leave the level at Medium. Click OK. Next, click on the Settings button in the Encrypted email section. The details of your certificate should automatically populate the fields for Security Settings Name, Signing Certificate, Encryption Algorithm, and the rest. If you wish, you can change the name to something simpler. Click OK.

At the Trust Center window, turn off the option to “Encrypt contents and attachments for outgoing messages.” With that option turned on, every single email you send would require a digital ID, which is not what you want. Instead, you can encrypt each outgoing email on an individual basis. Close the Trust Center window and then close the Outlook Options window.

Next, you must share your public encryption key with any contacts to whom you want to send or receive encrypted messages. Again, any such contact must also have a digital ID, either one that’s already established or one that the person creates using the steps used to create yours. In Outlook, address and fill out an email to that recipient. Click on the Options tab and then click on the Sign button. Send your email.

Your recipient right-clicks on your email address in the message and selects the option to Add to Contacts (or Edit Contact if you’re already in that person’s contact list) In Outlook, your recipient can click on the Certificates icon to make sure your certificate is selected. That person then simply needs to respond to your message. After your recipient tries to send the reply, a Windows security message may appear asking that person to allow the app to access his or her private key. Your recipient clicks Allow. The reply is automatically signed. After you receive the reply, you also right-click on the email address of your recipient and select the option to Add to Contacts (or Edit Contact). Click on the Certificates icon to make sure the proper certificate is active.

Now, finally, you can start exchanging encrypted emails with your recipient. To do so, address and fill out an email to that person. Click on the Options tab and click on the Sign icon. Send your message, secure in the knowledge that it’s encrypted and protected.