I consider everything I type into a computer with an active network port to be published.
Anything less would be folly, there are so many hops where people could be listening in on your data (starting with the cable that runs from your keyboard to your computer) that even an email sent to your 'drafts' box on your own IMAP server is probably not secure. Unless you own the co-location facility and all the infrastructure between where you sit and where you store the mail.
The whole security thing to me is a matter of economics. I assume that any data that is not worth reading is collected and that anything that is worth more than it would cost to collect and read is read.
Maybe that's a paranoid view of the state of affairs but at least I won't be surprised or disappointed. My main bulwark against wholesale exposure of the contents of my inbox is a 'Rob'. Rob is a veteran sysadmin who configured and set up my machine and I trust him (I have to, since he has access).
Rob is secure in the sense that he's an honorable person, and that I believe that there is no offer that could be made that would make him break our bond of trust. So short of blackmailing Rob (which is hard, and I would definitely forgive him if that were to happen) my stored email is reasonably secure, but any email in transit is fair game and will probably be caught somewhere along the line and I treat all email that I send and receive as public as a consequence of that.
If I wanted to send (very) secure email, I think I would want a Kindle-like device, with an ePaper display, no physical keyboard just a touchscreen, no bluetooth or wifi or 3G or microphone - just a single USB port. I'd install the software I want on it, and then I'd physically destroy the USB port. I'd want 4 AA batteries, no recharge port. I guess it would need a camera, as well. And it would have its own Faraday cage. And a built-in, non-electronic method that slags the RAM and storage with acid; possibly by pulling a pin out. I'd wipe the screen clean, every time I used it.
How do I get data out of it? I drop data into a QR code sending system. It would generate one full-screen QR-code like image every second or so. On another computer, I'd have a camera that I'd show the device to, and it would read the QR codes, and reconstruct the data. I can reverse the process to send data to it. Show it my computer screen, and it decodes the QR codes to a data file.
And if I personally wanted to increase the security, I would buy three completely different hardware random generators, XOR their output together, and make a giant One Time Pad. I'd invent a way to keep track of where you and I were, in that pad. (You'd start at one end, and I at the other.) I'd physically copy that data onto my secure-Kindle, and your secure-Kindle, and then physically destroy the random number generating system in its entirety. (And then destroy the USB port on both Kindles.) If I ever got a suspicious message from you (re-using One Time Pad, etc.), I'd slag my secure-Kindle. And you and I would invent pass phrases that we would use to communicate messages in secret.
My secure-Kindle would also have a password to let me power it on. And it would have one or more dummy passwords. If I entered a dummy password, the system would act completely normally in every way, but it would secretly insert the phrase "[COMPROMISED, DO NOT TRUST!]" or something like it, in the middle of every message I send.
I might need to have the dummy password electronically wipe the system, to help protect you from a government forcing me to decrypt messages you sent me.
But I honestly don't think there's a good way to stop this. If they have physical possession of the device, and of me, they can force me to reveal my passwords, and there's nothing I can do to stop them.
"Secure email" is an oxymoron. Email isn't secure. We should treat it as such.
Even if you use the "technically challenging" PGP (i.e. challenging for the layman), then the metadata still leaks relationships.
We need a replacement that is secure by default and easy to use, so that 'Mom and Pop' can make the easy switch. Get that right and you can replace email.
In my opinion, a company like Yahoo is in the perfect position to write, sponsor and open source an new innovative messaging solution, that is secure by default (and cannot be made insecure) and cannot be monitored. External validation of the source code and cryptographic implementation would be paramount. A whole ecosystem of new "secure messaging" servers and clients could spring up. It could be the next paradigm shift on the internet.
Yahoo are slowly getting back on their feet. If there ever was a perfect time to release a killer app that would resonate with the majority, it would be this. From trampled and downtrodden to the golden boys (and girls) again.
Perhaps I am crazy but maybe we should stop entrusting corporations to handle our private communications. I think the real feature of secure, private messaging is a P2P or federated approach.
If my, or some one else's, life or liberty depended on it, no. Not email, not the internet.
From a simpleton POV... there is a wire from my computer to an ISP. Then from that ISP to another ISP. Then from that ISP to a recipient. At any point some one can intercept and decode. So, AFAIAC, that's an end to it. Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence". Its an opening.
Frankly I don't see how the internet can be secure. AFAIK, it never was.
> Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence".
Tor/i2p mostly solve that problem.
> Frankly I don't see how the internet can be secure. AFAIK, it never was.
"internet" is not secure, but you can build secure communications over insecure transports as long as you are able to do initial key-exchange somehow securely (ie. face-to-face meeting). Something like OTR with Tor hidden services is very secure.
I don't trust other secure email providers, and to be honest, I don't trust Lavabit or SilentCircle...at least I don't trust them as far as they suggest I should trust them.
I trust providers that offer encryption to prevent basic things like my ISP looking at data or maybe casual eavesdropping if I'm in a foreign country. But the idea of hosted services that completely protect you even against the government of the hosting country, which is how these services seem to be sold, is sort of unrealistic.
And in the broader sense, I trust something like Lavabit less than Gmail. Permanently losing access to my email without any warning is a bigger threat to me than whatever ill defined privacy line Lavabit claims was being crossed. Email for me is primarily about convenient communication. If I want extra security for some reason, I'll use something else or combine GPG with email.
Not especially. As others have mentioned, email leaks metadata and the existing protocols are such that it would be impossible to secure them reasonably.
Of course, it all depends on what your threat model is. Are you a target of the NSA, or a jealous spouse? That's what this comes down to. Neither Lavabit nor Silent Circle could have given encrypted and unattributable email service - so if that's what you needed, you're SoL. If server-to-server encryption was all you were interested in, then the distros of pgpu they used would have been fine for you.
It's hard to think of a threat that would be stymied by server-to-server encryption alone. Maybe someone else has a good idea of what that might be, but it's too early for me.
Lava happened to have a known, admitted national security threat as a client/user. It is expected, legal, and proper for a national security letter to be used in this context.
It is possible that the NSL was demanding things that were way too broad, but I imagine that this was not the case (and rather that Lava had an ethical issue with the whole process).
Do you trust the person on the receiving side? Presumably so if you are sending them something, but once it leaves your computer its out of your control. The recipient could do something like accidentally (or intentionally) forward or reply in the clear, or could have malware on their computer that copies emails as soon as they are decrypted.
No, not really. It's hard to see how any service on top of Internet email will ever be more secure than gpg (with the possible exception of a scheme similar to gpg that ensures forward secrecy).
Mixmaster remailers might add a little something wrt meta data -- but not enough to trust that difference IMNHO (assuming a large part of mixmaster servers are run by, or grants access to, various NATO-allied intelligence services).
In essence, secret keys and trust in public keys needs to be managed by the participants -- no third party can meaningfully manage it.
Not that GPG is particularly secure in the real world -- but it is much more secure than not using any form of encryption.
As have been mentioned elsewhere, a scheme where a provider encrypts email for you can never be provably secure, because it's almost impossible to show that the session keys used to encrypt data aren't selected from some predictable subset of the keyspace (say 1M keys derived from every date stamp with hour precision, keyed up with creation time?).
These are great if you understand and accept the risks.
If one of your risks is a well-funded agency of the US / UK government then these probably aren't a suitable option. Also, you'll want to change your OS to something hardened; and also your computer; and also put better locks on the doors; and also move to a building with no ground floor windows and some nice high fences with CCTV and good access controls.
[+] [-] jacquesm|12 years ago|reply
Anything less would be folly, there are so many hops where people could be listening in on your data (starting with the cable that runs from your keyboard to your computer) that even an email sent to your 'drafts' box on your own IMAP server is probably not secure. Unless you own the co-location facility and all the infrastructure between where you sit and where you store the mail.
The whole security thing to me is a matter of economics. I assume that any data that is not worth reading is collected and that anything that is worth more than it would cost to collect and read is read.
Maybe that's a paranoid view of the state of affairs but at least I won't be surprised or disappointed. My main bulwark against wholesale exposure of the contents of my inbox is a 'Rob'. Rob is a veteran sysadmin who configured and set up my machine and I trust him (I have to, since he has access).
Rob is secure in the sense that he's an honorable person, and that I believe that there is no offer that could be made that would make him break our bond of trust. So short of blackmailing Rob (which is hard, and I would definitely forgive him if that were to happen) my stored email is reasonably secure, but any email in transit is fair game and will probably be caught somewhere along the line and I treat all email that I send and receive as public as a consequence of that.
[+] [-] VikingCoder|12 years ago|reply
Van Eck phreaking. Optical Time-Domain Eavesdropping [1]. Zero-Day exploits on operating systems, browsers, etc. Built-in vulnerabilities to processors. Backdoors in encryption algorithms. Acoustic Keyboard analysis [2]. Laser Audio detection [3]. Hard drive recovery. DRAM recovery. [4]
[1] http://www.rootsecure.net/content/downloads/pdf/optical_temp...
[2] http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_E...
[3] http://spie.org/x40847.xml
[4] https://citp.princeton.edu/research/memory/
If I wanted to send (very) secure email, I think I would want a Kindle-like device, with an ePaper display, no physical keyboard just a touchscreen, no bluetooth or wifi or 3G or microphone - just a single USB port. I'd install the software I want on it, and then I'd physically destroy the USB port. I'd want 4 AA batteries, no recharge port. I guess it would need a camera, as well. And it would have its own Faraday cage. And a built-in, non-electronic method that slags the RAM and storage with acid; possibly by pulling a pin out. I'd wipe the screen clean, every time I used it.
How do I get data out of it? I drop data into a QR code sending system. It would generate one full-screen QR-code like image every second or so. On another computer, I'd have a camera that I'd show the device to, and it would read the QR codes, and reconstruct the data. I can reverse the process to send data to it. Show it my computer screen, and it decodes the QR codes to a data file.
And if I personally wanted to increase the security, I would buy three completely different hardware random generators, XOR their output together, and make a giant One Time Pad. I'd invent a way to keep track of where you and I were, in that pad. (You'd start at one end, and I at the other.) I'd physically copy that data onto my secure-Kindle, and your secure-Kindle, and then physically destroy the random number generating system in its entirety. (And then destroy the USB port on both Kindles.) If I ever got a suspicious message from you (re-using One Time Pad, etc.), I'd slag my secure-Kindle. And you and I would invent pass phrases that we would use to communicate messages in secret.
My secure-Kindle would also have a password to let me power it on. And it would have one or more dummy passwords. If I entered a dummy password, the system would act completely normally in every way, but it would secretly insert the phrase "[COMPROMISED, DO NOT TRUST!]" or something like it, in the middle of every message I send.
I might need to have the dummy password electronically wipe the system, to help protect you from a government forcing me to decrypt messages you sent me.
But I honestly don't think there's a good way to stop this. If they have physical possession of the device, and of me, they can force me to reveal my passwords, and there's nothing I can do to stop them.
[+] [-] junto|12 years ago|reply
Even if you use the "technically challenging" PGP (i.e. challenging for the layman), then the metadata still leaks relationships.
We need a replacement that is secure by default and easy to use, so that 'Mom and Pop' can make the easy switch. Get that right and you can replace email.
In my opinion, a company like Yahoo is in the perfect position to write, sponsor and open source an new innovative messaging solution, that is secure by default (and cannot be made insecure) and cannot be monitored. External validation of the source code and cryptographic implementation would be paramount. A whole ecosystem of new "secure messaging" servers and clients could spring up. It could be the next paradigm shift on the internet.
Yahoo are slowly getting back on their feet. If there ever was a perfect time to release a killer app that would resonate with the majority, it would be this. From trampled and downtrodden to the golden boys (and girls) again.
Go on Yahoo. I dare you!
[+] [-] junto|12 years ago|reply
[+] [-] macinjosh|12 years ago|reply
[+] [-] D9u|12 years ago|reply
[+] [-] zokier|12 years ago|reply
[+] [-] alan_cx|12 years ago|reply
From a simpleton POV... there is a wire from my computer to an ISP. Then from that ISP to another ISP. Then from that ISP to a recipient. At any point some one can intercept and decode. So, AFAIAC, that's an end to it. Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence". Its an opening.
Frankly I don't see how the internet can be secure. AFAIK, it never was.
[+] [-] zokier|12 years ago|reply
Tor/i2p mostly solve that problem.
> Frankly I don't see how the internet can be secure. AFAIK, it never was.
"internet" is not secure, but you can build secure communications over insecure transports as long as you are able to do initial key-exchange somehow securely (ie. face-to-face meeting). Something like OTR with Tor hidden services is very secure.
[+] [-] wiml|12 years ago|reply
[+] [-] jimktrains2|12 years ago|reply
[+] [-] rainsford|12 years ago|reply
I trust providers that offer encryption to prevent basic things like my ISP looking at data or maybe casual eavesdropping if I'm in a foreign country. But the idea of hosted services that completely protect you even against the government of the hosting country, which is how these services seem to be sold, is sort of unrealistic.
And in the broader sense, I trust something like Lavabit less than Gmail. Permanently losing access to my email without any warning is a bigger threat to me than whatever ill defined privacy line Lavabit claims was being crossed. Email for me is primarily about convenient communication. If I want extra security for some reason, I'll use something else or combine GPG with email.
[+] [-] albeertoni|12 years ago|reply
Of course, it all depends on what your threat model is. Are you a target of the NSA, or a jealous spouse? That's what this comes down to. Neither Lavabit nor Silent Circle could have given encrypted and unattributable email service - so if that's what you needed, you're SoL. If server-to-server encryption was all you were interested in, then the distros of pgpu they used would have been fine for you.
It's hard to think of a threat that would be stymied by server-to-server encryption alone. Maybe someone else has a good idea of what that might be, but it's too early for me.
[+] [-] SGFja2VyTg|12 years ago|reply
Lava happened to have a known, admitted national security threat as a client/user. It is expected, legal, and proper for a national security letter to be used in this context.
It is possible that the NSL was demanding things that were way too broad, but I imagine that this was not the case (and rather that Lava had an ethical issue with the whole process).
[+] [-] DanBC|12 years ago|reply
I knew that well funded government agencies could probably get access to anything, so with that caveat yes, I trusted a few providers.
In general if it's important you shouldn't trust anyone. Use GPG, but do so carefully after reading all the documentation.
[+] [-] ams6110|12 years ago|reply
[+] [-] venomsnake|12 years ago|reply
[+] [-] jimktrains2|12 years ago|reply
[+] [-] harrytuttle|12 years ago|reply
Yes I'm aware of GPG etc but no one else is.
[+] [-] Zash|12 years ago|reply
[+] [-] aw4y|12 years ago|reply
[+] [-] e12e|12 years ago|reply
Mixmaster remailers might add a little something wrt meta data -- but not enough to trust that difference IMNHO (assuming a large part of mixmaster servers are run by, or grants access to, various NATO-allied intelligence services).
In essence, secret keys and trust in public keys needs to be managed by the participants -- no third party can meaningfully manage it.
Not that GPG is particularly secure in the real world -- but it is much more secure than not using any form of encryption.
As have been mentioned elsewhere, a scheme where a provider encrypts email for you can never be provably secure, because it's almost impossible to show that the session keys used to encrypt data aren't selected from some predictable subset of the keyspace (say 1M keys derived from every date stamp with hour precision, keyed up with creation time?).
[+] [-] warcode|12 years ago|reply
Or in a simpler sense; do you put your letters in an envelope, or do you just put a stamp on the paper?
[+] [-] DanBC|12 years ago|reply
If one of your risks is a well-funded agency of the US / UK government then these probably aren't a suitable option. Also, you'll want to change your OS to something hardened; and also your computer; and also put better locks on the doors; and also move to a building with no ground floor windows and some nice high fences with CCTV and good access controls.
[+] [-] vegasbrianc|12 years ago|reply
[+] [-] Dirty-flow|12 years ago|reply