FAQ
What is a Snekul?
That is LUKENS backwards. Long ago, when signing up for internet usernames, I picked this. Despite there being less than 10 or so people named Eric Lukens in the USA, I found most decent usernames based on my name were already used. Wanting to be consistent, I decided to pick a new one, and going backwards was an easy thing for people to remember but also didn't look too bad either. It got me a short username that worked almost everywhere.
Where do you work?
That's a secret. Not really, by law it's actually public information as I work for the University of Northern Iowa as a Senior Information Assurance Architect in their IT-Information Security department. For legal reasons, if you are interested in communicating with me regarding matters involving my employment at the University of Northern Iowa (UNI), you must use my UNI email address, eric.lukens@uni.edu.
Where is snekul.com email hosted?
It is on Google's G suite legacy free edition.
What happened to your Facebook account?
I deleted it. Despite signing up in 2004, after having it for 20 years, I deleted it in the summer of 2024. After filtering out the noise, there were about 3-4 posts a month that I was interested in from family and friends. This was way, way down from the number of posts I used to be interested in during the early 2010s. It's been downhill since then. It wasn't worth the time sorting through all the ads, sponsored posts, and news reshares for the little bit I got out of it.
What happened to your Twitter (now X) account?
Yeah, I dumped that as soon as Musk took over. I knew where it was headed.
Did you have a Lavabit email account?
Yes, though mine used the domain hotpop.com. My account predated the Lavabit branding, which was done as a response to concerns regarding the privacy of Gmail. At the time of the Lavabit shutdown, I primarily used it for junk/bulk email and not as my primary address. The shutdown of Lavabit was done by the operators as the US Government FISA courts demanded access to the SSL private keys to decrypt all users' communications to the service as part of the investigation into Edward Snowden. The only way this would have been useful was if a full tap of the internet connection to their servers was already in place. In addition to seeing the incoming email, this would likely have given them access to see the passwords used by users of the service, and then allow the FBI to log in as that user to see the full content of the email account.
I Found an ericlukens@yahoo.com or ericlukens@hotmail.com address, are those you?
Yes they are. The Yahoo one is effectively dormant as I don't check it, but the account at Yahoo is still valid. The Hotmail one still works, just forwards to my account. Long ago, I used Yahoo, as they allowed free POP/IMAP access to use a desktop email client. When that feature went away, I migrated to Hotpop. Of course, when Gmail became available, I got one of those accounts and then went from there.
You call yourself a security professional, how can you use Google email?
Security and privacy have some different goals. My main concerns are to a) ensure that email sent from my address is actually really from me, b) that it is difficult for people to gain access to my account, and c) that the service is very reliable. Google does a very good job in regard to those issues. However, these are just security and availability concerns. Privacy concerns regarding how Google scans and handles the email for advertising purposes are absolutely valid. I personally have decided that the basic security concerns, reliability, and recognizability of Gmail outweigh the privacy concerns. Thanks to using my own domain, I can pick up and move it whenever I like, should my perspective on the situation change.
Obviously, I take precautions with sensitive data. Either encrypting it or directing it via a different communication method.
I have certainly considered using ProtonMail, and even ran a test account on a custom domain for a while. However, in my professional and private experience, I have encountered entities that block ProtonMail or where ProtonMail accounts are given a significantly higher spam score. As ProtonMail allows sign-ups without a phone number or any other verification of identity, the signal-to-noise ratio of their email addresses is poor. With their zero-knowledge design, it is difficult for them to design powerful tools to keep phishers off their systems. As such, since I need my emails to be reliably received, I haven't migrated to ProtonMail.
This site is on Google Sites! Can't you use Drupal, WordPress, or something better?
I've run Wordpress sites before and probably could handle Drupal as well, but I don't want to spend the time for something as simple as this website. There's nothing important here and I accept no user-provided input. Everything is either intended for the public or isn't posted on here at all. Why would I need anything better? Google Sites handles my needs just fine.
Isn't it fun to get to spy on email and website activity?
Speaking for myself, I try to avoid it as much as possible. You are far more boring than you think. I have had to do it before, I don't like it and I don't want to do it again. Some businesses and schools might use their abilities to enforce productivity and other rules. On the other hand, the systems I've worked with have always been just triggering on known malicious websites or content.