Slashdot Mirror
Yahoo Offering Encrypted Email
James Salsman writes "Now that Yahoo delivers encrypted email,
I would sure like to know what the Slashdot fray thinks of
that, especially in light of Carnivore's vulnerability to
some forms of encryption (but not this one?)." michael adds: You might also want to check out Cyber-Rights.net, which is a UK civil liberties group offering encrypted email through a deal with Hushmail.
I don't think it that carnivore's so much the issue as opposed to people reading your email who really aren't authorized to read it. Prior to the internet, communication was limited to letters, telephone, radio and face to face communication. You had a reasonable expectation of privacy when using letters and face to face communications. You didn't expect much privacy using radio, and somewhere in the back of your mind you realized that your telephone could be tapped if someone was really out to get you.
That same holds true for the internet. Chalk email up to the current level of privacy you get from radio... Now, if all those web based email services adopt encyption of your messages in one form or another, you'll get an added level of security. Yes, law enforcement will still in all likely hood be able to get at your messages, but they'll stay out of the hands of "hackers, crackers and bears (oh my!)".
Not too shabby, i'm thinking. If you're really intent on keeping your messages away form the govenrnment, you can still use PGP.
In the end though, i don't see why people have come to expect privacy on the internet. Yes, i do feel it's wrong that companies like doubleclick can track users across various websites. But you've read over and over that sending plaintext email is equivalent to mailing postcards. Yahoo's now giving their users an envelope. Nothing more, nothing less. If you want more than that, you can roll your own.
They have to send your email unencrpted to SecureDelivery.com first to get it encrpted. If someone wants to intercept, they can intercept in this process easily. So the government is still possible to monitor.
It's more problematic then it seems: people thought that it's safe when indeed there's a big loophole.
A sig is redundant.
MailVault.com also does PGP over 128bit SSL and plans to open source the whole thing.
Sig
Appended to the end of comments you post. 120 chars
...But rather encryption to restrict the recipient's ability to access the data after a certain period of time (a week). In truth, it does both very badly.
First it is clear that this cannot be a serious attempt at the "traditional" problem of encryption--for the reason pointed out in many posts (unsecure channel between sender and Yahoo!) as well as a deeper one--this system requires you to give full trust to both Yahoo! and Zixit, as there is no proof whatsoever that they will even bother to encrypt your email when passing it between themselves. (And if you would trust a potentially life-and-death secret to two companies named "Yahoo!" and "Zixit" then you deserve what's coming to you.) Finally, there is a huge problem with verification: the recipient merely needs to "verify" that they actually hold the email address the sender specified. And how, pray tell, do they do that? Likely they instead need only temporary access to that account to recieve a (plaintext??) email giving them a temporary password. Good lord.
Instead it appears to implement an access control restriction--your recipient can only access the email for 7 days before it is gone forever. Of course, this fails for the same reason all access controls fail--the message must finally be displayed in plaintext on an untrusted machine, namely the recipient's. Assuming "Zixit" has implemented some (hackable) fix to the "copy-and-paste attack" (ala the International Lyrics Server), there is still the ever pernicious "screenshot attack". And as always, even if the recipient's machine could somehow be entirely trusted, there is the final undoing of any access control restriction--the digital-to-analog conversion. Just as I can always tape-record the SDMI music coming out of my speakers, and videotape that DVD playing on my TV, this scheme falls rather easily to a pen-and-paper.
Meanwhile, it doesn't even do the trick of "increasing the amount of encrypted emails the FBI has to look through", because all this traffic is presumably just SSL, and there's a whole bunch of that around. Besides, chances are the FBI/CIA/NSA/KGB/alien invaders would rather just install a keyboard sniffer or run a TEMPEST analysis on your computer than have to solve the FACTORIZATION problem or build huge special-purpose number seives and spend several times the lifetime of the universe waiting around to read your email or invent a quantum computer. (Maybe the aliens would rather do the latter.) Or just bring a warrant to Yahoo!/Zixit, who *both* have full plaintext access to your "encrypted" email and will likely be very happy to comply with the FBI. (Or aliens pretending to be the FBI--has no one noticed how unsecure and spoofable search warrants are?)
Um, I think what I'm saying is, this appears pretty lame. The only "useful" thing I can think of that this does is destroy the message if it is not accessed within 7 days. Of course, trusting this means trusting that 1)Zixit actually destroys the message; 2) Yahoo! destroys their copy of it; 3) no one intercepted it when it was passed in plaintext from the sender to Yahoo!; 4) any logs or copies of it as it propogated (in plaintext) across the Internet between the sender and Yahoo! were destroyed; 5) it was actually encrypted between Yahoo! and Zixit...
Does anybody have any idea why they are not using SSL to upload the original message? It seems silly not to...
Somebody mentioned that the message will still be stored in plain-text on Yahoo's servcers. I have never used Yahoo mail, but don't they have an option NOT to store a local copy? Most mail clients have this, and I guess you can always CC yourself to get access to a (more) secure copy of your own mail on the SecureDelivery encryption server.
Hi!
Step 1:
Get 'large dot.com' company that people know of with fun and well known name to 'use' your product, no matter how flawed their implementation is.
Step 2:
'Mainstream' online news service (*cough* CNet, ZDnet etc *cough*) latch on to the story that 'large dot.com' is using your product, and that the use of this product is vital to stop the 'evil internet hackers' from doing evil things with your children and credit card numbers.
Step 3:
Due to 'informed' userbase, people begin to demand your service for large dot.com's competitors services. Other companies require what the service you provide. Providing service equals more coverate.
Step 4:
IPO you well known service.
Step 5:
Get out before bubble bursts (well, if it hasn't all ready)
Internet 'Profits'. Fun huh?
------
I just send my e-mail in a special Pidgin Pig Latin Esperanto dialect I and some friends developed, then save it to file with WordPerfect 3.0. Then I send the file via e-mail. Don't even need PGP. Sometimes I can't read my own stuff, let the FBI do it's worst.
www.matthewmiller.net
"Live Free or Die." Don't like it? Then keep out of the USA
You forgot some critical steps if you want to be secure.
Not only do you need open source, you need open source that you have personally understood every line of, compiled on a compilers that you wrote in binary youself.
The last part, compiled on a compiler you wrote youself is very deep: a compromised compiler can destroy all advantage of open source. (See the infamious login hack, which you should look up) If the compiler isn't something you wrote in binary yourself, then you can't be sure that your compiler wasn't compromised. And you really should go deeper, since it is possibal (in theory) for someone to put a little prom in your disk/floppy drive that checks to see if a compiler is being written and compromise it, meaning you have to design your hardware from scratch and make it from silcon you mine yourself. (Note that recignising a hand written compiler and figgureing out how to compromise it might require solving the halting problem, so I don't know if it is possibla in the general case, but it is possibal if everyone works from one binary listing)
It is worth it to be paranoid, but unfortunatly if everyone was paranoid enough nothing could get done because everyone has to invent their own wheel on up through everything civialization has done.
lokmail
is the only webmail service that actually
uses good old fashioned PGP encryption over
an SSL link. I think promoting PGP use
and not a new proprietary encryption system is
a better way to fly. You can get a free
PGP webmail account at lokmail right now.
Ignore Yahoo.
-- The Funk, The Whole Funk, And Nothing But The Funk
It certainly made me think the first time I read it. Highly recommended.
--
--
We have fought the AC's, and they have won.
This is great! Now, the Feds won't be able to read the "private" e-mails I get from women who want to know if they'd make good porn stars, or want to invite me to watch the wild action at their party house, or the people offering me unaccredited University diplomas!
Take that, Mr. Fed!
--
Feminism is the wild notion that women are human beings.
Look at it math-wise: if 0.1% of the e-mail traffic today is encrypted (which I'm personally guessing would be way high,) if you were to send an encrypted letter to your buddy (whose ISP is being Carnivored,) it'd get noticed. Being only one message out of a thousand, it might even merit a few minutes on FBI's Deep Crack.
Now, add in all the Yahoo e-mail traffic and that number might rise to 1.0%. Include encrypting lots of Hotmail traffic, and it might rise to 2.0% Pretty soon, there's too much traffic to Deep Crack every encrypted message that runs past. And eventually, once encrypted e-mails outnumber regular e-mails, seeing encrypted traffic go past a router won't even raise a flag.
If you're actually concerned about security, of course you won't use Yahoo's service. Let the "commoners" think that they're getting security. But for now, they're providing background cover to help hide the mail that truly needs encryption.
John
John
...because it gives the user a false sense of security.
The actual encryption algorithm itself here may be fine; I don't know, I can't get the Securedelivery.com site to load. (Not a good sign.) But, as Bruce Schneider is fond of pointing out, it's not just the algorithm, but how it's used. Others here have already noted two problems: one, it's Yahoo's key, so you have to trust them to keep it secure. Two, the message already travels unencrypted to Yahoo, and even Yahoo agrees it's not end-to-end encryption.
So what, you say. It's more encrypted than Yahoo mail was before, so why not use it? The danger is that the public, who, together with politicans, have demonstrated a startling ability not to understand technology and encryption issues, may start touting this as the solution. A real solution (to the technological aspects, anwyay) is to have end to end encryption, with open source tools that at least in principle can be verified to have no back doors, and with your own personal keys you make yourself. Naturally, this makes the folks who run Carnivore unhappy, becuase they can't just go to Yahoo and demand keys. So, probably having given up the battle to competely outlaw encryption, they stand to benefit greatly from systems such as Yahoo's. The public might potentially be convinced that this is as good as encrypting your mail yourself. Indeed, many seem to have trust in huge companies (as is evidenced by the fact that the FUD attacks against Linux ("who will you sue?") took so long to go away), and may think that having Yahoo do it all for you is better.
I'd rather see it done right than implemented poorly in a way that might catch on.
-Rob