It is impossible to run an email service without being able to decrypt data. You can search your entire email archive in seconds, from a phone on the end of a slow network, and it just works. End-to-end encryption isn't compatible with the way people want to use email.
We are happy for people to use PGP, though of course we don't offer an interface to it because that would involve sharing keys with us and defeat the purpose.
We've addressed the legal framework we work in in the linked blogpost, and addressed precisely the scenario you lay out. Governments change, and they love to posture, but the reality is the laws, not the soundbytes.
We would be aware of the outage - have you seen how reliable NYI are?
I'm much more worried about the NSA (or any of http://en.wikipedia.org/wiki/List_of_intelligence_agencies) knowing of a hole in one of the pieces of software that we use and injecting a rootkit with that. Thankfully the same security practices that defend against hackers are also useful here.
To add to this, and this needs to be emphasised, is that we make it clear to anybody requesting data that there are legal channels with due process to go through which work.
Yes. Thanks for sharing this video. The minister refused to answer the guys question, just said "We collect what we need to do to our job, and stop asking this question."
One wonders if he's too stupid to understand the question, doesn't know the answer but can't be seen to not be answering, or if he's just trying to keep the options open.
All of the above are scary. But this is not without precedence. The UK chancellor couldn't even answer which tax greggs should be paying.
>It is impossible to run an email service without being able to decrypt data.
Counterpoint: seems to me that protonmail is doing exactly that.
>We've addressed the legal framework we work in in the linked blogpost, and addressed precisely the scenario you lay out. Governments change, and they love to posture, but the reality is the laws, not the soundbytes.
You haven't addressed any of the points I initially raised. Your blog post skirts the issue quite handily.
They don't claim 100% uptime. They just happen to have it. We had a 30 second outage on ONE power circuit during hurricane sandy - we noticed because two non-production devices weren't dual power, and of course the notifications from the servers about their dual power being interrupted.
We've been there over 10 years, so we actually kind of know, rather than guessing, how reliable they are.
What exactly do you want us to say? We aren't participating in any dragnets. We've said that plenty of times. If you think that the NSA is in our datacentre, tapping our wires. Well, I was there in July and I moved all the devices by hand. I didn't pull them open and audit the circuit boards - but there's a level beyond which reality is impossible to distinguish from paranoia. We don't follow our hardware from the silicon sands through all the steps before it reaches our datacentre. Of course it could have nasties injected in it.
We design our security processes to make it hard for both hackers AND agencies to attack us with a bunch of things. Not running the same switch with VLANs for both internal and external networks is a big thing - switches are a notorious attack vector. Our internal network devices are fully isolated from the external links.
And then - the security agencies reading your email isn't even the biggest risk to your security and your life for 99.9999% of people. We're not going to throw out tons of features that improve their life for a perception of improved security - so end to end encryption isn't a sane response.
ProtonMail is a scam, much like Lavabit (although the nature of the scam differs). Lavabit at least had the decency to shut down once they realized their claims were fraudulent, once the government told them how they lied and that they would like to take advantage of those lies please.
They deliver JavaScript to the browser to decrypt messages. While it's true that they don't have access to user messages for as long as they remain honest, that's a profoundly useless property to have. You can just be honest and not try to access messages, which is what Fastmail does. There's no point in handcuffing yourself and holding on to the key.
As soon as a system administrator feels like accessing the messages (either out of curiosity / government order or because an unauthorized user gained administrative control), they can deliver modified JavaScript to the browser that sniffs the password and decrypted content and sends a copy somewhere. This is, very literally, "being able to decrypt data."
The encrypted messages that are sent to non-ProtonMail users require visiting a ProtonMail website to decrypt the message, which has all of the security concerns as above. Furthermore, it's pushing the line of what counts as "email". Fastmail is clearly advertising themselves as an actual email service, where you send content over SMTP and it shows up in the recipient's email client. You can't do that with ProtonMail encrypted messages; the recipient gets a link to the content.
You can build a new protocol that has the properties we'd all want out of a modern messaging system. You might be able to replace email. But it won't _be_ email, and Fastmail is email. If you want Pond, you know where to find it.
And snake oil with a well-designed website, $500,000 of crowdfunding, and a team of PhDs is still snake oil.
Thanks for making a really interesting point that I didn't have space for in the Confidentiality post, but did touch on in the Integrity post.
The whole thing with email is that it's your own immutable copy. If you can't even read it without going to some website that may or may not exist at a later date, then you don't really have a copy. So you wind up having to extract the plaintext and then keep a copy of that somehow to ensure you never lose access. Sounds like normal email, the hard way.
> Counterpoint: seems to me that protonmail is doing exactly that.
ProtonMail is security theater. It is simply not possible for a webmail service to maintain a zero-knowledge policy. They can capture your password every time you log in, and use that to decrypt your email if they want to. Or they could send you a backdoored version of their own JS-based encryption library the next time you visit protonmail.ch. (Hushmail got under fire for doing this a few years ago at the behest of the Canadian government.)
At the end of the day, the only thing that is actually protecting your email at ProtonMail is the fact that Switzerland is not yet known to be collaborating with the NSA. If they claim otherwise, they're either lying, incompetent, or seriously lacking in imagination.
We are happy for people to use PGP, though of course we don't offer an interface to it because that would involve sharing keys with us and defeat the purpose.
We've addressed the legal framework we work in in the linked blogpost, and addressed precisely the scenario you lay out. Governments change, and they love to posture, but the reality is the laws, not the soundbytes.
We would be aware of the outage - have you seen how reliable NYI are?
http://blog.fastmail.com/2014/12/10/security-availability/
They don't have outages.
I'm much more worried about the NSA (or any of http://en.wikipedia.org/wiki/List_of_intelligence_agencies) knowing of a hole in one of the pieces of software that we use and injecting a rootkit with that. Thankfully the same security practices that defend against hackers are also useful here.