Hacker News new | comments | ask | show | jobs | submit login
Ask HN: do you trust your "secure email" now?
27 points by aw4y on Aug 9, 2013 | hide | past | web | favorite | 42 comments
After Lavabit and SilentCircle shutdown (the first said "better shutdown than give 'em access")...do you trust the other "secure email" providers?

I consider everything I type into a computer with an active network port to be published.

Anything less would be folly, there are so many hops where people could be listening in on your data (starting with the cable that runs from your keyboard to your computer) that even an email sent to your 'drafts' box on your own IMAP server is probably not secure. Unless you own the co-location facility and all the infrastructure between where you sit and where you store the mail.

The whole security thing to me is a matter of economics. I assume that any data that is not worth reading is collected and that anything that is worth more than it would cost to collect and read is read.

Maybe that's a paranoid view of the state of affairs but at least I won't be surprised or disappointed. My main bulwark against wholesale exposure of the contents of my inbox is a 'Rob'. Rob is a veteran sysadmin who configured and set up my machine and I trust him (I have to, since he has access).

Rob is secure in the sense that he's an honorable person, and that I believe that there is no offer that could be made that would make him break our bond of trust. So short of blackmailing Rob (which is hard, and I would definitely forgive him if that were to happen) my stored email is reasonably secure, but any email in transit is fair game and will probably be caught somewhere along the line and I treat all email that I send and receive as public as a consequence of that.

I think you get to a point, where you can't trust electronics at all. (Active network or no.)

Van Eck phreaking. Optical Time-Domain Eavesdropping [1]. Zero-Day exploits on operating systems, browsers, etc. Built-in vulnerabilities to processors. Backdoors in encryption algorithms. Acoustic Keyboard analysis [2]. Laser Audio detection [3]. Hard drive recovery. DRAM recovery. [4]

[1] http://www.rootsecure.net/content/downloads/pdf/optical_temp...

[2] http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_E...

[3] http://spie.org/x40847.xml

[4] https://citp.princeton.edu/research/memory/

If I wanted to send (very) secure email, I think I would want a Kindle-like device, with an ePaper display, no physical keyboard just a touchscreen, no bluetooth or wifi or 3G or microphone - just a single USB port. I'd install the software I want on it, and then I'd physically destroy the USB port. I'd want 4 AA batteries, no recharge port. I guess it would need a camera, as well. And it would have its own Faraday cage. And a built-in, non-electronic method that slags the RAM and storage with acid; possibly by pulling a pin out. I'd wipe the screen clean, every time I used it.

How do I get data out of it? I drop data into a QR code sending system. It would generate one full-screen QR-code like image every second or so. On another computer, I'd have a camera that I'd show the device to, and it would read the QR codes, and reconstruct the data. I can reverse the process to send data to it. Show it my computer screen, and it decodes the QR codes to a data file.

And if I personally wanted to increase the security, I would buy three completely different hardware random generators, XOR their output together, and make a giant One Time Pad. I'd invent a way to keep track of where you and I were, in that pad. (You'd start at one end, and I at the other.) I'd physically copy that data onto my secure-Kindle, and your secure-Kindle, and then physically destroy the random number generating system in its entirety. (And then destroy the USB port on both Kindles.) If I ever got a suspicious message from you (re-using One Time Pad, etc.), I'd slag my secure-Kindle. And you and I would invent pass phrases that we would use to communicate messages in secret.

My secure-Kindle would also have a password to let me power it on. And it would have one or more dummy passwords. If I entered a dummy password, the system would act completely normally in every way, but it would secretly insert the phrase "[COMPROMISED, DO NOT TRUST!]" or something like it, in the middle of every message I send.

I might need to have the dummy password electronically wipe the system, to help protect you from a government forcing me to decrypt messages you sent me.

But I honestly don't think there's a good way to stop this. If they have physical possession of the device, and of me, they can force me to reveal my passwords, and there's nothing I can do to stop them.

My second line of defense: I'm not important enough to monitor :)

First they came for the... well, you know.

"Secure email" is an oxymoron. Email isn't secure. We should treat it as such.

Even if you use the "technically challenging" PGP (i.e. challenging for the layman), then the metadata still leaks relationships.

We need a replacement that is secure by default and easy to use, so that 'Mom and Pop' can make the easy switch. Get that right and you can replace email.

In my opinion, a company like Yahoo is in the perfect position to write, sponsor and open source an new innovative messaging solution, that is secure by default (and cannot be made insecure) and cannot be monitored. External validation of the source code and cryptographic implementation would be paramount. A whole ecosystem of new "secure messaging" servers and clients could spring up. It could be the next paradigm shift on the internet.

Yahoo are slowly getting back on their feet. If there ever was a perfect time to release a killer app that would resonate with the majority, it would be this. From trampled and downtrodden to the golden boys (and girls) again.

Go on Yahoo. I dare you!

Here's a tongue in cheek piece that goes with this post: https://news.ycombinator.com/item?id=6185468

Perhaps I am crazy but maybe we should stop entrusting corporations to handle our private communications. I think the real feature of secure, private messaging is a P2P or federated approach.

If the Director of the CIA can't keep his email secure, what makes anyone think that their email is more secure than his?

What makes you think that Director of the CIA would have particularly secure e-mail setup?

As the director of one of the world's most well funded intelligence agencies one would expect that Petraeus would have been properly versed in all manner of security precautions, as well as knowing how to conduct clandestine affairs without coming under the scrutiny of his counterparts, yet this was not the case at all.

So, either Petraeus was a blundering fool, or there exists no privacy for anyone...

I'm guessing that Petraeus was no blundering fool.

His professional email was likely secure moreso than we'd ever see. However, directing agency resources to cover for an affair would be more blatant than someone discovering his GMail drafts folder. Being in charge of security and having excellent delegation / leadership - doesn't make one the technical expert.

Petraeus' security failures are no indication of the general availability of privacy.

He was appointed to the CIA directorship after a career in the Armed Forces, where one would not have expected him to gain such security skills.

Also being head of an organization does not imply that one necessarily has the skills to do the work of the organization.

If my, or some one else's, life or liberty depended on it, no. Not email, not the internet.

From a simpleton POV... there is a wire from my computer to an ISP. Then from that ISP to another ISP. Then from that ISP to a recipient. At any point some one can intercept and decode. So, AFAIAC, that's an end to it. Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence". Its an opening.

Frankly I don't see how the internet can be secure. AFAIK, it never was.

> Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence".

Tor/i2p mostly solve that problem.

> Frankly I don't see how the internet can be secure. AFAIK, it never was.

"internet" is not secure, but you can build secure communications over insecure transports as long as you are able to do initial key-exchange somehow securely (ie. face-to-face meeting). Something like OTR with Tor hidden services is very secure.

My secure email provider is /usr/local/bin/gpg, so ... yes?

Still leaks email metadata:)

Very true :) But with a little statistical analysis, that's true of basically all communication. An organization with the NSA's resources can automatically infer a set of people I probably talk to even if they can't directly observe my communications with them. I'm not willing to turn my life into a Le Carre novel, and I think that's the level of effort it'd take.

Which is cryptographically tied to an identity.

Nope, just to a key.

So Ann doesn't know she's really talking to Bob? Ann just has some key that she hopes is Bob's, and isn't Eve doing MITM? Isn't that why web-of-trust is important?

Nope, that Eve can intercept a copy of GPG-encrypted mail and extract plaintext To, From, Title, time, with some luck also some info about sender's IP and software, plus all info that is in recipient's and possibly sender's public key (this usually covers full, true name, work, approximate location and alternative e-mails, often also a photo). What you mention is an orthogonal problem.

Hang on, I'm a bit confused here.

Ann has a key. Ann must know that the key is Bob's key. If Ann isn't sure that the key is Bob's key there's a bunch of bad stuff that might happen.

So now Eve can get the metadata, and be pretty sure that the stuff sent to Bob actually is sent to Bob, and not someone else, because it's encrypted with Bob's public key.

Eve can't decrypt anything. But my post wasn't about Eve getting any content, it was about Eve getting metadata that's cryptographically tied to an identity.

Where am I going wrong?

The connection between key and identity doesn't have to be public.

The point is that the headers of an email aren't encrypted (otherwise it couldn't be delivered). In the headers is who the message is to, who it's from, the subject, the time, and if you're lucky, the ip of the sender. All of that isn't encrypted and free for the taking and has nothing to do with the id attached to the key used to encrypt the content.

Right, the metadata is always public.

Without strong encryption you have metadata that can be tied to an identity using statistics with enough data.

With strong encryption you have metadata that can be tied to a key and an identity using statistics with enough data.

Who is Ann, and what have you done with Alice :)

Perhaps Bob knows both Alice and Ann and is using encryption so that Alice doesn't find out about Ann;)

I don't trust other secure email providers, and to be honest, I don't trust Lavabit or SilentCircle...at least I don't trust them as far as they suggest I should trust them.

I trust providers that offer encryption to prevent basic things like my ISP looking at data or maybe casual eavesdropping if I'm in a foreign country. But the idea of hosted services that completely protect you even against the government of the hosting country, which is how these services seem to be sold, is sort of unrealistic.

And in the broader sense, I trust something like Lavabit less than Gmail. Permanently losing access to my email without any warning is a bigger threat to me than whatever ill defined privacy line Lavabit claims was being crossed. Email for me is primarily about convenient communication. If I want extra security for some reason, I'll use something else or combine GPG with email.

Not especially. As others have mentioned, email leaks metadata and the existing protocols are such that it would be impossible to secure them reasonably.

Of course, it all depends on what your threat model is. Are you a target of the NSA, or a jealous spouse? That's what this comes down to. Neither Lavabit nor Silent Circle could have given encrypted and unattributable email service - so if that's what you needed, you're SoL. If server-to-server encryption was all you were interested in, then the distros of pgpu they used would have been fine for you.

It's hard to think of a threat that would be stymied by server-to-server encryption alone. Maybe someone else has a good idea of what that might be, but it's too early for me.


Lava happened to have a known, admitted national security threat as a client/user. It is expected, legal, and proper for a national security letter to be used in this context.

It is possible that the NSL was demanding things that were way too broad, but I imagine that this was not the case (and rather that Lava had an ethical issue with the whole process).

What are you protecting, and who are you protecting it against?

I knew that well funded government agencies could probably get access to anything, so with that caveat yes, I trusted a few providers.

In general if it's important you shouldn't trust anyone. Use GPG, but do so carefully after reading all the documentation.

Do you trust the person on the receiving side? Presumably so if you are sending them something, but once it leaves your computer its out of your control. The recipient could do something like accidentally (or intentionally) forward or reply in the clear, or could have malware on their computer that copies emails as soon as they are decrypted.

I will trust Lavabit if they reopen.

Which may be exactly what "they" want;)

There is no such thing as secure email. Use another channel.

Yes I'm aware of GPG etc but no one else is.

Yes, I do, because I host my own email on my own hardware.

so apparently there's no reason for lavabit, silent mail, hushmail ...?

No, not really. It's hard to see how any service on top of Internet email will ever be more secure than gpg (with the possible exception of a scheme similar to gpg that ensures forward secrecy).

Mixmaster remailers might add a little something wrt meta data -- but not enough to trust that difference IMNHO (assuming a large part of mixmaster servers are run by, or grants access to, various NATO-allied intelligence services).

In essence, secret keys and trust in public keys needs to be managed by the participants -- no third party can meaningfully manage it.

Not that GPG is particularly secure in the real world -- but it is much more secure than not using any form of encryption.

As have been mentioned elsewhere, a scheme where a provider encrypts email for you can never be provably secure, because it's almost impossible to show that the session keys used to encrypt data aren't selected from some predictable subset of the keyspace (say 1M keys derived from every date stamp with hour precision, keyed up with creation time?).

There is if you still care about keeping the contents of your message secure.

Or in a simpler sense; do you put your letters in an envelope, or do you just put a stamp on the paper?

By that analogy so called secure email providers would receive plain letters and put those into envelopes before handing them to you, and conversely ripping your envelopes open before sending out your mails. Because the rest of the world doesn't know how to use envelopes.

These are great if you understand and accept the risks.

If one of your risks is a well-funded agency of the US / UK government then these probably aren't a suitable option. Also, you'll want to change your OS to something hardened; and also your computer; and also put better locks on the doors; and also move to a building with no ground floor windows and some nice high fences with CCTV and good access controls.

Go back to the stone age. Hand written notes with couriers.

never trust anyone! :)

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact