

Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t - 001sky
http://www.nytimes.com/2012/11/17/technology/trying-to-keep-your-e-mails-secret-when-the-cia-chief-couldnt.html

======
loeg
This article misses a few points. I'm not going to cover all of them, but
here's my pet issue:

Yes, you can access existing Gmail accounts over Tor. But in my experience, it
is _damn_ hard to create them over the anonymizing network. Google wants a
mobile phone number, which of course defeats the point. On the other hand,
Hotmail had no such requirement last time I attempted this…

~~~
spindritf
> Google wants a mobile phone number, which of course defeats the point.

Can't you just pick up a pre-paid sim card in a corner shop? You get a
"burner" phone as a bonus.

~~~
1337biz
I guess the problem here is the "convenience" factor. Reaching an acceptable
level of privacy seems to be taking more and more effort.

~~~
loeg
Yeah, inconvenient security isn't useful.

------
Sami_Lehtinen
Excellent points, this is just why I run my own servers and actually emails
which are private are sent as links, messages and data remain only on my
server and are deleted after 30 days. So even if someone still got that
message with link, they don't have my message anymore. Btw. You can count how
many of your friends are security experts and how many aren't, I'm pretty sure
that ratio is quite bad.

Anyway, for some uses your own tor hidden service is fine, it's quite easy to
run if you're familiar with Tor and services. You can also use something
better and more secure for communication than HTTPS and Tor, like SSH and BBS
like interface. It reduces risk that people accessing your service with
systems which aren't properly prepared to be secure won't store anything at
all on disk. (Yes, it still could be possible to swap or hibernate some data
if users are real failures.)

Yet another option which I like is RetroShare, it's secure and keeps data
private, but it doesn't inheritly hide connections between nodes, for that
part you'll need another anonymization layer.

For simplicity, I prefer to use self hosted message system with SSL and
notifications can be sent with link or without link to users when required
based on message content / subject / privacy level required etc. If users do
have registered account, then they also might need to give their login
credentials if required. My server also provides TOTP authentication as 2FA
solution, for a few geeks who use it, including my self.

------
acabal
I've been thinking a lot about email security and encryption in the past year.
Especially since everything you send on, for example, Gmail is stored on their
servers forever, even if you "delete" it, and even if you're super-paranoid
and use your own mail servers, you'll be mailing other Gmail accounts that
record your activity anyway. 10 years from now the government could mine your
past communications in ways never before imagined in the era of paper mail and
paper shredders. Things you said a decade or even two earlier that were
innocuous at the time could be brought as evidence against you.

Because of the nature of easily-copiable bits, the only real way to be secure
in communications is encryption with something like GPG. But public/private
keys are a completely unfathomable idea to regular people. Hell, they're even
confusing to techies. Even if the concepts are understood, implementing and
using them is cumbersome and error-prone to say the least.

That's why I think the most important thing to be working on, from a social-
importance perspective, is a way to make GPG-style encryption friendly,
usable, and easily-grokked. The problem of good-enough encryption has been
mostly solved, I think--we just have to get people to use it!

~~~
trekkin
Try AES.io, or SilentCircle, or HushMail. There are encrypted communication
services available, the problem is that most Internet users don't think they
need encryption, or do not trust it.

------
roedog
Keep in mind that the email account was a private, personal account. His CIA
email account wasn't compromised. I'm guessing that they know pretty well how
to keep their email safe.

------
guelo
Using Tor Mail seems like it would be very anonymous. Though if they're
sniffing your traffic the Tor signature makes you look suspicious.

------
mtgx
I've heard even choosing "Go off the record" in Gtalk, doesn't really protect
you, as Google still saves them. It may be something they are not willing to
admit, though. But again, it's just something I've read.

I would suggest using Jitsi, an open source alternative to Skype, that
encrypts both chats and calls/videocalls, when talking to another Jitsi user.
The best part is you can still use your Google Talk/Facebook chat/XMPP/other
logins. But it encrypts the conversations happening between them.

<https://jitsi.org>

As for e-mail either one of these (Except Hushmail which I've also heard has
been compromised):

[http://www.makeuseof.com/tag/3-secure-encrypted-email-
provid...](http://www.makeuseof.com/tag/3-secure-encrypted-email-providers-
online/)

Or just write e-mails in a text file, encrypt it locally, and then send it to
someone. It will be hard to anonymize who's sending it, though, unless maybe
you create some new e-mail accounts using Tor, and then always using them
through Tor.

~~~
spindritf
> I've heard even choosing "Go off the record" in Gtalk, doesn't really
> protect you

Go off the record[1] in your client instead and enjoy all the important
protections, which include: encryption, authentication, perfect forward
secrecy and deniability of the kind that you can keep denying everything even
when presented with a word for word printout of the conversation.

Why even give Google a chance to fail you? Sure, it can still be known whom
you're contacting and when but otherwise, you're covered.

[1] <http://www.cypherpunks.ca/otr/>

~~~
cllns
"Go off the record" is misleading, it has nothing to do with OTR, as one might
assume:

[1] [http://webapps.stackexchange.com/questions/16931/how-does-
th...](http://webapps.stackexchange.com/questions/16931/how-does-the-
googletalk-client-do-off-the-record-messaging/16937#16937)

------
shin_lao
If you have an intelligence agency from the first world at your back, you're
in a world of pain and there's not much you can do.

However keeping your mail secrets from your girlfriend and/or your boss is
relatively easy. Secure passwords, two factors authentication, ciphered
communications to the servers, S/MIME...

------
trop
Question: What is the innate security risk of using airport wifi? From the
article's conclusion:

 _It takes just one mistake — forgetting to use Tor, leaving your encryption
keys where someone can find them, connecting to an airport Wi-Fi just once —
to ruin you._

~~~
napoleond
Whenever you use a WLAN (or any network, really), you're more or less at the
mercy of that network's administrator(s). In the context of the article, it
would be easy for whoever is in charge of airport WiFi to connect your MAC
address to the Gmail address you thought you were using anonymously.

~~~
detst
> you're more or less at the mercy of that network's administrator

No, you're not. Sure there are additional risks but making broad statements
isn't helpful when we're talking about connecting to a service with SSL.

> connect your MAC address to the Gmail address

How? Again, it's possible but Gmail works over SSL. That connection would have
to be compromised to make any connection to your MAC and then they'd have to
make a connection from your MAC to your personal identity.

~~~
napoleond
Sorry, I didn't mean to spread FUD. I don't think it's an exaggeration to say
that the LAN admin would have a significant advantage relating your online and
offline personae, though. Even the URLs you visit (not encrypted, even over
SSL) tell a story.

~~~
weinzierl
The URLs you visit over SSL are encrypted
([http://stackoverflow.com/questions/499591/are-https-urls-
enc...](http://stackoverflow.com/questions/499591/are-https-urls-encrypted)).
DNS is requests are a different matter though and therefore the host part of
the URL is visible if you don't take extra steps.

Apart from that: If I buy hardware from e.g. Apple or Dell, do they keep a
database that connects the MAC to my identity? I don't know.

~~~
napoleond
Thanks, you and icebraining just taught me something. I don't know why I
thought the entire URL was exposed.

As for the MAC database, it doesn't really matter. It would be easier to
correlate the MAC address with security camera footage, for example. (I worked
on a project for a local network security firm doing exactly that--don't
worry, I wasn't doing the security end of things.)

------
pinaceae
the main issue is that any conversation in the internet gets saved. nothing is
forgotten, ever. it might be encrypted, but that only delays reading it.

you want a safer way to communicate. use the telephone, non-voip. the content
of your conversation is temporary, there is no record. if someone is not
listening in to your conversation _right now_ , no evidence in terms of
content stays behind. if it would have been petraeus, all we would know that
he had a lot of phone calls with his biographer....

~~~
tsotha
>you want a safer way to communicate. use the telephone, non-voip. the content
of your conversation is temporary, there is no record.

You assume. There's no technical reason for this to be true, however.
Telephone conversations are digitized and could easily be saved by the
millions. I once worked at a military base where they saved every minute of
every telephone conversation, and back then storage was a hell of a lot more
expensive.

------
ableal
[Off-topic] On my copy of that page, I got an ad to NYT's own content
magnificently titled _"Spatchcocking your turkey"_.

(It leads to
[http://www.nytimes.com/2012/11/18/magazine/the-2-d-thanksgiv...](http://www.nytimes.com/2012/11/18/magazine/the-2-d-thanksgiving.html)
, not a bad cookery piece but alas, only headlined "The 2-D Thanksgiving".)

P.S. On topic, it occurs to me that email was not needed. For the purpose of
revising a draft, any web file access would suffice: Pastebin, Dropbox,
Bitbucket, whatever. Even better, an encrypted service like Wuala or
Silveroak.

------
drivebyacct2
This is a weird headline. Part of the issue wasn't that he didn't know how to
secure it, it's about doing it relatively in plain sight when as many people
are watching as must be when you're the head of the CIA.

