
Implementing "Prism Break" - eschnou
https://eschnou.com/entry/implementing-prism-break-62-25013.html
======
tptacek
The problem with this whole mentality is that is probably made him _more_
vulnerable to surveillance, not less. No organization in the world spends more
money to protect email and messaging services than Google does. This is a fact
that frustrates people on HN endlessly, but all I can tell you about that is
"sorry".

Your assurances that OVH adequately protects its IMAP servers, particularly
from newly discovered vulnerabilities in its server software, are very poor.
On the other hand, you can generally take assurances about Google's
seriousness on these issues to the bank.

The mentality in this article is that hosting information outside of Google
makes you less susceptible to lawful intercept requests from the USG. But that
doesn't make game-theoretic sense given the worldview that mentality arises
from. The only thing moving your data off of Google protects you from is a
"lawful" request. But if you think that the USG is willing to bend or break
the law to get your information --- an article of faith on HN --- moving that
data elsewhere doesn't help you at all. They'll just use extralegal means to
get the data.

Meanwhile, you've expanded the class of external actors that can get your
data, by hosting it somewhere less secure.

Moxie Marlinspike, on this same topic, suggested on a liberation-tech mailing
list that a dissident asking him how to securely communicate online would be
steered towards Google Talk.

~~~
motters
I don't agree. Google may have spent a lot of money, but that hasn't kept them
off of the PRISM list and so far I've not read any really convincing
explanation from anyone at Google about why they're on that list.

I think in the post-Snowden world it's game over for the idea of expecting
reasonable privacy or data security from the likes of Gmail. Once someone can
routinely exfiltrate 100% of your data without a warrant - particularly if you
are a "non US person reasonably believed to be outside the US" then the
security model is not just a bit wonky, it's utterly destroyed.

~~~
tptacek
You haven't managed to disagree with me here, because my point accommodates
the fact that Google might cooperate with the USG.

~~~
tghw
Google cooperating with the USG is a much larger risk factor for being
surveilled. Currently, the USG does not need to exploit server vulnerability
to access Google messages, but for a foreign-owned ISP, they don't have this
back door, at least not as readily. That means a targeted attack, which is
inherently more expensive.

~~~
tptacek
Vulnerabilities in your mail provider present a _superset_ of the problems of
Google Mail.

~~~
tghw
Not really. They're more of intersecting sets. Is a foreign mail provider as
likely to succumb to PRISM? No. Is it possible for GMail to have
vulnerabilities unique to GMail and not to a more standard mail setup? Of
course.

~~~
tptacek
I think the issue is that we disagree, probably very very strongly, about the
relative likelihood of vulnerabilities in Google Mail versus vulnerabilities
in any other mail service provider.

It's O.K. to disagree! We don't have to agree on anything, let alone this.
Just know that my opinion is a professional one in this specific case. There
are extremely smart people working on Google Mail's security, and on the
security of every component in the stack that Google Mail depends on, and that
is an arrangement (in both degree and kind) that is pretty much unique to
Google Mail.

~~~
tghw
I'm just pointing out that asking for data from a database is always going to
be easier than exploiting a system, no matter whose it is. From what we know,
it seems that the USG has the ability to do surveillance on Google Mail by
querying a database, but likely does not have that same ability on a foreign
mail service. Therefore, it is likely that it is easier for the USG to read
mail from a Google user.

As you know, security is not about making things impossible but making them
more difficult and resource-intensive. So far, we have little evidence that
Google has been making anything difficult for the USG.

------
jstalin
Would someone please invent or do a kickstarter project for an "email server
in a box" project. A plug and play email server with webmail, TLS, etc? Maybe
running the whole thing on a pi that you just plug in to your home network so
you can host your own mail?

~~~
icebraining
That's what the FreedomBox Foundation (started by Eben Moglen/Software Freedom
Law Center) is trying to make:
[http://freedomboxfoundation.org/learn/](http://freedomboxfoundation.org/learn/)

------
dylangs1030
I applaud the tenacity with which people want to be "self-secured", but this
is misinformed.

It would not be hyperbolic to say that Google is one of the greatest companies
in the world in terms of network security fidelity. It uses literally
_billions of dollars in resources_ , some of the greatest minds of this
generation to implement them, and cutting edge technology to secure its data.

By contrast, the author has a somewhat hacked together approach here, with
capital _orders of orders_ of magnitude lower, and, frankly, less expertise
than the combined skill of the GMail engineering team alone.

Google, for all the slander it received during the NSA scandal, is like a
secure island oasis in a sea of vulnerabilities. You are _much more secure_
with the large corporation that everyone loves to hate than on your own.

Let's talk strategy as well. Do you imagine you'll be safe from the NSA - or
any agency - because you boycotted one of their alleged sockpuppets and
decided to run your own stack? If they _really cared about your data, do you
think this would stop them?_ And, more importantly, as I detailed in the first
paragraph, _do you have more engineering chops than the combined weight of
even a single Google team?_

~~~
motters
The Snowden leaks indicate that assuming your data is safe and secure from
warrantless access while residing blissfully in plain text on the cloud
servers of the PRISM list member companies is at best a hopelessly naive
expectation. That applies particularly if you are a "non US person reasonably
believed to be outside the US", which means that you're considered to be fair
game for any and all exfiltration schemes.

------
mrt0mat0
What I truly love about this article is it shows how many open source
alternatives exist out there. I think the big problem with people is they
think there isn't a tool that can be equivalent to what they use now. I am
also stuck on facebook. I like your indirect solution though!

~~~
dylangs1030
It isn't equivalent to what they use now! How would a private cloud someone
hacked together be as secure as the billions of dollars Google has poured into
engineering elite, class-A data security?

Before someone accuses me of fanboying Google, recognize that (as I stated in
a top level comment), Google as a company is probably one of the safest in the
world for your data.

The only leg someone has to stand on in saying an open source alternative
might trump Google is that the company _willfully_ allows access to their
data, bypassing the heavy security entirely. If you want to make that
argument, fine, but you better have something else prepared aside from the NSA
scandal regurgitation.

~~~
mrt0mat0
[http://googleenterprise.blogspot.com/2010/01/keeping-your-
da...](http://googleenterprise.blogspot.com/2010/01/keeping-your-data-
safe.html) [http://gcn.com/articles/2011/11/10/cloud-hack-via-
google.asp...](http://gcn.com/articles/2011/11/10/cloud-hack-via-google.aspx)
i guess this was before google poured the billions into it with it's
engineering elite, class-A data security. Google may be more secure but google
is also a big target. a personal cloud is less likely to get hacked. if i live
in the woods with $1000 and only have one lock, i'm probably less likely to be
broken into than a giant bank filled with tons of money in the middle of a
city, even with it's heavier security.

------
trippy_biscuits
1\. Doing everything yourself means knowing how everything works and being
able to manage it all. No one knows enough or has enough time to do that
properly. You've increased your attack surface all while giving yourself a
false sense of security.

2\. If you communicate with anyone that hasn't broken out of prism, you are
still observed and recorded. Watchers may not know what you say, but they will
know when and to whom. What was said isn't all that hard to obtain or infer if
they own one side of the conversation.

------
Joeboy
I made a couple of skeletal Dockerfiles for pump.io and roundcube, which might
help somebody get started:
[https://github.com/Joeboy/dockerfiles](https://github.com/Joeboy/dockerfiles)

------
Nerdfest
I'm not sure why he's switching from Google search to Duck Duck Go if he's
concerned about privacy. Using _any_ cloud service poses a risk and Google has
one of the _best_ records for privacy (check the EFF "Who's got your back"
list.). Also, shutting off your Android phone instead of just not using the
cloud & GPS services (and maybe installing a custom ROM if you're extra
concerned) seems silly. Android works fine without Google's (or anyone else's)
services.

~~~
alan_cx
I may be wrong, but I don't see how anything is worth doing while the security
services can quickly and easily compromise ISPs, and while we believe they can
also crack encryption, or force us to reveal keys we may not have.

All that is really left is to alter out behavior in order to up the amount of
work the security services have to do and to send a message. So, using
services like DDG simply send a message. If enough people do it, the message
_might_ get heard. IMHO, that is really all using DDG achieves. And frankly, I
suspect that is more about annoyance at creepy google data slurping than NSA
type slurping. The NSA would still be able to compromise DDG, but using DDG
tells google something. I use, or try to use DDG not because I think it makes
me safe from the NSA, but because I don't like google's policies on using my
data. Im not kidding my self that using DDG makes me NSA immune.

There is no way to ensure electronic privacy. Frankly, there really never was.
Its was an illusion we kidded ourselves was real. In the end, a wire goes from
an ISP to my house. That wire is traceable.

The worst part is that if reports are to be believed this has been going on
for at least a decade. Cant find a link, but there is that ex-FBI officer who
has claimed that they can get phones calls from 10 years ago, or there abouts.
They already have our data archived, available for their use when ever they
like for what ever purpose they like.

Now they have this power, they will never ever let it go. Neither will our
data from the past decade be destroyed. Now we are so dependent on electronic
communication, we are pretty much penned in. No one will take the risk to
change it. Just imagine if they cancelled PRISM, and destroyed all their
archive data, and then 9/11 Mk2 happened... Would we all say, "that's OK, we
the people took tyhe risk and we are fine with possible consequences"? You
might, I would, but would the general population agree?

We now live under electronic totalitarianism. It is here to stay. Get used to
it.

