Slashdot Mirror
After Lavabit Shut-Down, Dotcom's Mega Promises Secure Mail
Lavabit may no longer be an option, but recent events have driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption. ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail:
"'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.'"
The latency is really bad, but at least your information will be secure!
Heh heh, secure. Heh.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
How does searching work for this kind of tranport/storage?
I think you need a new new plan
http://news.yahoo.com/ap-interview-usps-takes-photos-mail-072949079.html
Are those actual links, or just the <a> tags?
Learning HOW to think is more important than learning WHAT to think.
http://torrentfreak.com/dotcoms-mega-debuts-spy-proof-messaging-this-summer-email-follows-130711/
A link to an actual article.
Learning HOW to think is more important than learning WHAT to think.
The should be developed an international mechanism of verifications of the Article #12 of The Universal Declaration of Human Rights. Many countries have signed it. The should be international inspections of data centers, telephone companies, etc.
http://www.un.org/en/documents/udhr/index.shtml#a12
Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Ok I actually tried to read the article and those links don't work. A low day for Slashdot editors.
Check out the new Slashdot iPad app
http://www.zdnet.com/mega-to-fill-secure-email-gap-left-by-lavabit-7000019232/
I find this farcical, so the NSA is going to start playing whack-a-mole with a what will be in the near future, a plethora of alternative secure email providers. Ask the RIAA how well that works out.
AC.. because I can.
I think you need a new new plan
http://news.yahoo.com/ap-interview-usps-takes-photos-mail-072949079.html
(selectively) Quoting the article:
...the photos of the exterior of mail pieces are used primarily for the sorting process..
See, that's just _metadata_. No worries.
It is dangerous to be right when the government is wrong.
According to Security Now/Steve Gibson, the encryption/security on the MEGA file site is not very sound
https://www.grc.com/sn/sn-390.htm (search for "Java Crypto" to get about 3/4 way through the show) or listen to the podcast..
MEGA is well intentioned Im sure, but the Javascript code in MEGA does not cut it for serious security, and they need to dp waaay better for an email service.
Remember that ALL THE DATA is being retained now, so one crack in the system and there is a way in.
Air tight security is do-able, but needs to be serious - I wish Mega lots of luck.
Move along... there is no sig here.
Actually, there's a product in there.
Envelopes for the paranoid. Made of extra-thick paper, with an aluminium foil lining. Each pack comes with very, very thin stickers bearing a pack-unique printing that can be placed over the seal, making it impossible to open the envelope without tearing.
The problem is that private key, in server solution, are available on the server. Even in Mega, the private key is located server side and the password/passphrase is supplied by the end user over SSL. So, the weakpoints are SSL and the domestic machine, as well as an intercept placed on a server at Mega.
What we require is a private key that a person hold, on a smartcard type arrangement. From this we derive a personal certificate authority and a public key. We issue certificates through our personal CA for particular roles and upload them to our provider. This then acts as our transport encryption, digital signatures, email encryption and so forth. The private key never enters the network and everyone has a unique encrypted layer, rather than a common SSL certificate.
Decryption is performed by streaming the contents through the smartcard. We can add additional factors to this authentication such as biometrics, pin, etc. In fact, the user should be able to determine the amount of factors, their order, etc. The decrypted output can either be sent back into the machine (if you feel it is secure), or forwarded to a secure offline machine.
We only need to make sure that this forwarding eliminates the possibility of an exploit and that means a limited stack that only provides certain features. Such as text and/or video.
There is no reason that a standard mobile phone could not have two physical portions, one connected to the web and another for secure comms.
Jabba Dotcom protecting us from the empire? Sign me up!
Or you could go to DEFCON and learn how to remove tamper seals without leaving traces. :)
I DO suspect there's a product in there, but it's a lot more complex than that
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This only works if the recipient knows you are sending it in your special high security envelop. If not dear old Uncle Sam can open the letter read it, and put it back in a regular secure envelope to send on to the recipient.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Don't all email clients do this?
Are those people so infatuated with web applications that they don't realize true applications do everything on the client?
Not so much:
http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html?pagewanted=all&_r=0
Taxation is legalized theft, no more, no less.
No, it works. Uncle Sam can't read it. You just print your document, then scan it on a Xerox printer/scanner like the Workcenter 7335. http://arstechnica.com/information-technology/2013/08/confused-photocopiers-randomly-rewriting-scanned-documents/. If your document is carefully crafted, your message will be obfuscated by the scanner. Print and send that. The receiving party must then send it through another Xerox to get your actual message back.
Not at all.
1. Press soft clay up to the seal to get an impression..
2. Open envelope, read, close.
3. Fire clay. Smooth it down a little carefully.
4. Melt wax, apply clay stamp.
Oh, it doesn't have to actually work. So long as the suckers believe it will work, and will fork over money for it. Because really, the government isn't going to care what the typical conspiracy-theorist paranoid is writing to his friends about.
The problem is that email is managed from a central location.
If email clients opereated as fully encrypted standalone, "peer to peer" entities, the central mail server would be eliminated, and snoops would only be able to grab the encrypted content, and perhaps the locations of sender and receiver.
I've said it before and I'll say it again, this concentration on encryption is fiddling while the house burns. Encryption is sexy, and easy, and kewl, and l33t... but it won't protect against the real threat - traffic analysis.
Going Galt then are we?
I symphathize and have thought much the same myself.
But I recommend you think first before adding one unwise decision on top of another.
A restaurant is one of the most common business to fail, and that's in a good economy. It's hard work to boot.
Plus now you have to deal with increasing taxes, Obamacare and on top of that you get to be on the top of the list of IRS targets.
http://rt.com/usa/irs-taxes-small-business-898/
Good luck. Maybe they'll let us bunk together at the re-education camps.
The amazing thing to me is that using any of these encrypted mail services will automatically flag you as a suspect for the NSA. Just like when detect patterns used by Tor and store all of the traffic in a special place.
How long until the FBI and NSA keep files on everyone that they can identify using these services? Like a new era of McCarthyism but instead of a public trial you have a secret trial where the government has all of the cards. This is essentially what the guy Aaron Swartz and the Lavabit guy ran into right? At some point if you run afoul of these "public" agencies you are taken out of circulation.
This reminds me of the movie "Firefox" in the 80s directed by Clint Eastwood. There was a scene where some english chap was telling Clint Eastwood's character about the KGB, he was comparing it to a monster. He was saying that your only real hope for safety was to sneak carefully by it and not awaken it. That is what I am thinking the "security" services of this country (and many other western countries) is becoming on an unprecedented scale. With more people in prison than ever and people (ohh sorry "terrorists") in jails all over the world without due process (or any judicial representation for that matter) how is this any different?
No but I bet the US feds would love to see all those involved with mega sent to Guantanamo Bay :)
Step 1: Kim Dotcom starts Mega Crypto, which is promptly adopted by the world's political dissidents and leakers.
Step 2: All pending government litigation against Mega suspiciously disappears and his assets are unfrozen.
The guy's accustomed to his ill-gotten gains -- even setting aside the rampant piracy of Megaupload, he's a convicted fraudster and embezzler, and has bribed public officials for protection before.
I suspect that if offered the choice between losing his $20 million house, his 12 cars, his yacht, and becoming a partner of the US government, it wouldn't take him much to crack.
Don't blame me, I voted for Baltar.
May be all the worlds email traffic should go through (and stay at) archive.org this way one would at least know where ones emails end up,...
By court order your mail can be opened and read. It can also be read after opening when you get hit with a search warrant.
---- Booth was a patriot ----
Just use mail on FreeNet,
Sure, FreeNet, which would be the more secure option we have currently, doesn't have any outside gateways, but if you are concerned about security, you don't want one anyway.
---- Booth was a patriot ----
The matter of protecting your e-mail is a simple one - there are standards (S/MIME). What you need to look in a provider is:
(1) They SHOULD NEVER have copies of your private keys
(2) They should follow published standards
(3) Allow S/MIME e-mails
For example, if you want to use your Gmail account with military-grade security that neither NSA can read, just install Penango in your browser and send messages encrypted - this solution is also used by US military and corporations. Penango does not hold any of your private information and/or your keys - so they can not be forced by anybody to give out your secret.. simply because they do not have it!!!! For more info, go to http://www.penango.com/
Look at it this way: everyone's all "we gotta have email encryption" and we've completely lost interest in "OMG 99% of all email is spam and we can't get rid of it." It's the NSA's way of encouraging Internet Businesses.
(please please PLEASE don't make me bring out the whoosh or sarcasm tags m'kay?)
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
This whole thing about privacy will be a non-issue in about 2 years.
There's currently a mass-exodus away from US-based cloud services, and (within the US) away from all cloud services.
Cloud services will have to provide privacy or go out of business. The only way to ensure privacy is client-based encryption keys and open-source software. Since it's impossible to control the distribution of open-source software, the client-side package will end up being free.
This is a good thing, IMHO. Cloud services will focus on the actual service, they won't be able to rummage around in our lives (both corporate and personal), they won't be able to "monetize" their customers as products to advertisers, and the NSA will be shut out of much illegal snooping.
People are already thinking about how to encrypt existing web-based mail services, and I'm even hearing rumors about replacing SMTP altogether with a more secure protocol.
Expect a lot of wailing and gnashing-of-teeth from the government, proposals to make this or that protocol "illegal" or to require government backdoor access, but in the end it will come down to simple economics.
There is an enormous market-driven push towards more privacy. Edward Snowden has had a measurable effect on the world, and probably deserves the Nobel peace prize he was nominated for.
When you rely on a third party for security, you are placing an enormous amount of trust in them. You're trusting that they have not installed backdoors, that they do not copy your encryption keys and that they really are doing all the things they say they are. There are also external factors that may be beyond their control, like government demands, as we saw with Lavabit.
Now, if Mega is going to do something like build plugins, extensions or local proxies for popular web and local mail clients that makes end-to-end encryption easy and commonplace -- and will release all the relevant source code -- then we'll talk.
I like this..
Obviously use something better then md5, and salt it with something generated from the private key and create a b-tree with message ids. This could likely be stored and searched server side with very little risk.
Otherwise actually have a clear text b-tree in client memory, update it locally, and send it encrypted to the server. Might take more bandwidth but it would just be an index.
Hmm, the humour and sarcasm seem to have been be lost on you.
If you want secure email, don't put it in the cloud. People who try to set up new cloud services to get attacked aren't helping, and can't deliver on what they want to make people believe they can.
It's not hard to set up a mail server. It's not hard to use PGP. Be at least a little harder target.
Just say no to the goddamn cloud, already.
Only the outside of the envelope. They can't see contents unless they open the envelope, which requires a warrant. They can't retroactively open your letter once it has been delivered. If you want to encrypt the contents, you can do that too, but you can't encrypt the routing information.
With encrypted email, the header is unencrypted because it's needed for routing, so the government can record every entire message that passes through a cooperating server. With encrypted email, you could copy every message that passes through a server and decide later which ones you want to try and decrypt.
If you want to add real anonymity, you can use anonymous email accounts. But that's thin security. A government really interested in who's getting and sending anonymous emails can figure it out by tracing packet routing.
For harder-to-crack anonymity, you can upload encrypted files anonymously to a server and download all the messages periodically. Whichever ones you can decrypt with your keys are addressed to you. It's very inefficient, but there's no way to figure out who got your messages without either seizing your computer or hacking it. They can still identify who sent it and what set or receivers might have gotten it by tracing packets.
A restaurant is one of the most common business to fail, and that's in a good economy. It's hard work to boot.
Plus now you have to deal with increasing taxes, Obamacare and on top of that you get to be on the top of the list of IRS targets.
http://rt.com/usa/irs-taxes-small-business-898/
>
Yeah, an industry-wide pattern of underreporting wages and tips will do that to you.
Thing is, they aren't too interested in the contents of the envelope at all, at least until you're a person of interest. What they really want is use all that juicy metadata (outside of the envelope, i.e. headers) to establish ties between everyone.
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
PGP encrypted snail mail, then.
+1 Nothing has really changed post-Snowden, we've all always known that emails have the privacy expectation of a postcard-- how many of use were putting "Echelon Food" on out emails a decade ago. It's just, like the Nazis and Enigma, we always assumed the government would never put the brute force resources into collecting everything, so emails were basically "safe." And you're right, in that once you share information with any commercial entity, and there's no bailment, contract or NDA, you've got not privacy. Just accept it, and fight for change-- don't get hung up on some kind of phony "betrayal" narrative that just doesn't stand up to scrutiny. We need privacy on the Internet, strong legal protection. It has not existed up until this point, it will require new laws, the existing ones simply do not work, they're based on assumptions which no longer hold. Fight for new laws, not stupid rearguard actions over what the Constitution Really Means(tm). Courts interpret that, not us, and courts follow laws, not blogs.
Don't blame me, I voted for Baltar.
How does searching work for this kind of tranport/storage?
If you have a bevy of beautiful, friendly, young scantily-clad Polynesian girls that you can sit and watch go through the envelopes searching, who cares how long a search takes?
Now *that's* what I call an upgraded mail service!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
typical conspiracy-theorist paranoid
friends
There's a fatal flaw in your thinking right there...
"Little does he know, but there is no 'I' in 'Idiot'!"
Paper mail is not opened or scanned unless there is an actual warrant. Yes, they will "log" your mail and possibly take a picture of the envelope, but you don't have to put a "valid" senders address on the envelope and you can post away from home. As far as drag net "security" from the NSA and such, paper mail is more or less left alone. You can still encrypt the contents and sign it with a private key. Even if they open up the envelope, they won't be able to decrypt if they don't have the key and your encryption is sound.
I was promised a flying car. Where is my flying car?
I'm a Canadian living in the middle east. Canada's spooks simply just rip my mail open and seal it again with red tape when they feel like it. The funniest thing is that they *always* rip open my tax envelopes. That makes zero sense, since they can just open my tax file and read all about it, they really don't need to rip open their own mail, yet they do.
Actually it makes perfect sense AC, you see who are you most likely to send something nasty like a poisoned letter to? The taxman.
ACs don't waste your time replying, your posts are never seen by me.
It would be interesting to see what they are finding -- in a meta-metadata sort of way. How many degrees of separation between the average person and a known or suspected terrorist? Are there dense networks of association? How many degrees of separation do you have to go out before a terrorist's association look like everyone else's? One? Three?
'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard."
Why not let user the compromise on security in order to search, etc., by giving the server permission to decrypt for N minutes or seconds? Then client software sends the key, Mega promises to destroy the key and the unencrypted text at the allowed time. Standard legal advice in advance explains the resulting exposure risk (if the sovereign requires Mega to silently betray the user). But even then previous email stays secure, despite past permissions, provided there is no future permission.
Most users won't need to encrypt a large volume of email anyway. So they could search locally by eye, and maintain full security.
I know this idea won't work but ... What about a encrypted virtual machine? Just like a hard drive can be encrypted I wonder if it would be possible to run an encrypted virtual machine on a real machine such that the real machine can not observe what the virtual machine is doing.
Well, some people, and by some people I mean the people who have been pushing the panic button for the last decade, say the spooks are routinely looking out for up to three degrees of separation. Three sounds like an entirely plausible optimal number.
There was a relevant facebook study about the small world theory a couple years ago, and IIRC, the average distance between any two people (globally) on the network was 4.6 or some such. Of course, you have the people who have to friend anyone and everything even if they don't know them; probably skews the idea somewhat.
The idea that you and I could be as few as 1.6 additional degrees of separation from some suspected individual is...unsettling. How much longer until the lidless eye wanders further?
Constitutional rights may be respected, repealed, or modified; but they must never be ignored.
Cut off the seal with a hot knife. When you're done violating someone's confidentiality, stick it back on.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Kim Dotcom as usual enjoys filling the spotlight,
you can put a period there, that's all there is to say about it.
If you trust an e-mail service run by Kim, you are a stupid idiot. The guy ratted out people to the authorities before, when it served him.
One thing is right about this idea, though: If you want a secure e-mail provider, it absolutely has to be located outside the USA. Nothing on US grounds can be considered secure anymore.
Assorted stuff I do sometimes: Lemuria.org
Step 1: Kim Dotcom starts Mega Crypto, which is promptly adopted by the world's political dissidents and leakers.
Step 2: All pending government litigation against Mega suspiciously disappears and his assets are unfrozen.
The guy's accustomed to his ill-gotten gains -- even setting aside the rampant piracy of Megaupload, he's a convicted fraudster and embezzler, and has bribed public officials for protection before.
I suspect that if offered the choice between losing his $20 million house, his 12 cars, his yacht, and becoming a partner of the US government, it wouldn't take him much to crack.
He also made a name for himself in Germany for selling out phreakers to the feds when he got cornered. The man is an unstrustworthy megalomaniac.
20 minutes into the future
Truly anonymous email needs to be both encrypted and efficiently hide communication patterns.
If the system is based on a central server that maps addresses and you have the ability to listen to inbound and outbound mail you can fairly easy generate a map that will link real and anonymous email addresses if the system runs in real time. Mails to be relayed should be delayed a random time and sent out in random sized pools. That would hide the link.
An alternative would be a private bulletin board system where no messages ever leave the server and both sender and recipient must log in to send or receive mail. It will also hide the patterns provided the database is completely encrypted, including relations.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
What do you mean secure?
USPS scans the front and back of every envelope that goes through their processing centers. They then use these images and OCR to create the same metadata they are capturing on phone records.
you can upload encrypted files anonymously to a server and download all the messages periodically. Whichever ones you can decrypt with your keys are addressed to you. It's very inefficient, but there's no way to figure out who got your messages without either seizing your computer or hacking it..
I like this idea, and think it can be made plenty efficient by decreasing the number of recipients that "share" a given inbox -- say 1000 users or so.
Yes, please secure email me at 3013@mailinator.com using my public key.
I'd give my right arm to be ambidextrous...
Wow. All these brilliant ideas on encrypting communication like snail mailed rubber envelopes wax seals etc Nothing screams "I have a secret" as loud as obvious encryption attempts. And nothing is as tempting for CIA or DHS operatives to try and circumvent. Security services in *other* countries don't waste their time trying to crack "encrypted email" or rubber envelopes in snail mail. Why? Becaus professional agents don't ever use an *obvious* encryption method at all!. A REAl spy's email might look like "H mom how are you.. yadayada" Instead if, say, looking for foreign spies, they uase psychology to try and discern odd behavior.. and once they have a solid target THEN they try to see if the correspondence looks suspicious. If the US tries to crack MEGA's new encrypted email service, it'll be sour grapes and not any hope of success in catching a "spy". After all they didn't think to start checking Snowden's emails until AFTER he came out ;-)