

Ask HN: I need your help. Trying to develop secure and anonymous email - simonszki

http:&#x2F;&#x2F;securmail.launchrock.com&#x2F;<p>Hi guys, I have a problem and I need your help: me and a couple of my friends decided to create a web service for free anonymous and secure mail after hearing about the NSA debacle(Lavabit closing his doors). We created a launch page to get email for people to try out the service as beta tester. Just go check it out and if your are interested, signup.<p>If you have suggestions, don&#x27;t hesitate. We are working hard to build something great and useful for everyone. If you could share the service to help us out too, it would be awesome. Thanks<p>Really, it all comes down to how you want to protect your data. Now that we know Google&#x27;s been working with the NSA and other email services. There aren&#x27;t many options left for secure email.<p>Ever since news of PRISM broke, there&#x27;s been a lot of confusion and denial about exactly how the NSA is getting the data from the companies that have been collecting it. Now Google&#x27;s fessed up to the details, and it&#x27;s unsurprisingly simple: by FTP or even by hand.<p>With what we are building, it would be basically impossible to do. Built on AES-256 Encryption and Host Proof Hosting, ensuring that your sensitive data is never accessible to anyone but you. We never have your un-encrypted data. Even if our servers were hacked your emails would be safe and when you delete an email, it is not recoverable(US DOD, 7 passes). We do not log any traffic or session data. For this reason, we’re unable to identify any user of our service.<p>Here is the launch page: http:&#x2F;&#x2F;securmail.launchrock.com&#x2F;
======
cjbprime
With respect, I think it's likely that you don't understand the threat model
here and are making dangerous promises of security that you can't keep.

If the NSA shows up and demands that you help them access a user's data and
not tell anyone about it, they won't merely be asking for a copy of your hard
disk. They could ask that you modify your javascript (since you're a webapp,
presumably you're doing client-side cryptography in JS, which is a terrible
idea but let's ignore that for now) to send the user's key to you, or
otherwise transfer cleartext back to you.

I don't mean to be harsh, but I think it would be better not to release
anything at all than to release a product that can't live up to its privacy
promises. If you really want to innovate in this field, please do it with open
source code and peer review from expert cryptographers.

~~~
simonszki
It think you have a great idea about peer review of the code. We already have
contacts with coders in the online password management business. The only
thing that might be a problem is the involvement of the government. Like with
Lavabit, they force them to reveal there SSL master key so that they could
intercept every communications. We are currently trying to figure out if we
could host our server in switzerland or something.(it fixed the problem for
several security company we know.) I think our product present a huge leap in
privacy for email compared to google and the likes who allow free access to
data. Keep that in mind. [http://gizmodo.com/how-google-gives-your-
information-to-the-...](http://gizmodo.com/how-google-gives-your-information-
to-the-nsa-512840958/all)

~~~
cjbprime
I would not trust your service more than Gmail.

With Gmail, I can be fairly sure that the use of encryption is competent and
that they've invested in entire teams of people dedicated to monitoring the
service for hacking attempts -- I might have to worry about them handing data
over to the NSA, but I don't have to worry about them handing data over to a
random black hat who decides to modify the JS you deploy. I also trust that
Google's legal team is capable of _some_ level of argument with the NSA,
rather than just folding to them the first time actual money would be required
to pay a legal team.

I don't see how hosting a server in Switzerland helps you when the NSA is at
your door, telling them that you must help them and you must not tell anyone
about it. The weak point is you, not your servers.

~~~
simonszki
Its a personal choice after all. We are not trying to replace Gmail. Our
solution target people which focus more on privacy. Would you compare Gmail to
a service like mailinator, etc. Part of our encryption is based on
OpenPGP(most widely used email encryption standard in the world).

"I don't have to worry about them handing data over to a random black hat who
decides to modify the JS you deploy" -cjbprime

I like to think that when you do business with people, there is a little of
faith that is necessary. Otherwise, nobody would do business with startups.

And to answer your question about Switzerland, The only way to gain access to
the data hosted within a Swiss data centre is if the company receives an
official court order proving guilt.

I hope it answered your questions.

------
SamReidHughes
If you found a proof that P != NP, you'd want to communicate it with the rest
of the world. In doing so, you'd want to portray yourself in such a way that
people don't think you're a crank. You'd speak in the standard style of prose
that related CS papers use, you'd avoid the signs of a wrong proof as
described at
[http://www.scottaaronson.com/blog/?p=458](http://www.scottaaronson.com/blog/?p=458)
or explain why they don't apply here. You'd portray yourself as somebody that
knows what they're doing.

When it comes to the topic of secure and anonymous email, you haven't done
that. You've done the opposite. There's about a 1 in 1000 chance that somebody
writing the post you've made here is in any position to be writing this
software.

In particular, you don't predict questions people would have and address them
beforehand. Your post leaves so much room for doubt, doubt that you should be
aware of and have resolved yourself. You've also failed to address cjbprime's
question in a way that suggests you have a realistic view of how the world
works -- you didn't mention having a team member in Switzerland who's the only
one that can access the server. That would be an essential fact, but you've
omitted it. Whether it's true or false, you didn't know it was essential, and
now it seems like you don't know what you're doing.

------
professorTuring
A question: have you hired a security consultant to review your procedures and
processes? or, are you yourself a security expert?

I mean, do you know that a secure mail is much more than encryption and
public-private key? You really need to have your service security reviewed.

------
malandrew
This is essential reading/watching here:

[http://ritter.vg/blog-deanonymizing_amm.html](http://ritter.vg/blog-
deanonymizing_amm.html)

[https://www.youtube.com/watch?v=_Tj6c2Ikq_E](https://www.youtube.com/watch?v=_Tj6c2Ikq_E)

------
cyphunk
I do not know if it is possible but you should tell people a bit more about
your service on your webpage. I could find no details about how any of your
claims are implemented.

~~~
simonszki
We are thinking about implementing a blog so that we can share part of the
coding process so that anyone can have a general idea of how our servers are
secured and emails encrypted, etc.

