What Gmail's New TLS Icon Really Means: Email Encryption Is Still Broken

An anonymous reader writes: On Safer Internet Day Google announced that Gmail will display warning signs for missing encryption and authentication, a great initiative indeed! Now that it's live we've taken it for a spin, only to find that the warning when composing email is quite slow (for new domains), and that they fail to mention that the non-authenticated TLS encryption that the currently sad state of SMTP encryption leaves us with is really poor, and vulnerable to almost anything (except passive wiretapping). I rather wish they took a stance on how we could move on to proper email encryption.

Crypto infrastructure is too frigging hard!

The problem here is that crypto infrastructure in general is too fucking hard for anyone but dedicated security professionals to work with. Hell, even they have a shitload of trouble with it, as we've seen from the many OpenSSL bug debacles lately! This technology is way beyond what average, or even above-average, computer users are capable of dealing with. Some people will probably reply saying, "But it's not that hard! I can understand it!", yet those are the kind of people who understand this technology the least. At least average computer users know crypto technology is way beyond their capabilities. These self-proclaimed "experts", on the other hand, don't realize how much they don't know! Until crypto becomes far more simpler for average folks to use then we just won't see it used.

Re:Crypto infrastructure is too frigging hard!

[xxxJonBoyxxx]

Not quite. The core beef seems to be that the commonly used STARTTLS method of SMTP transport encryption is essentially optional, which allows hackers to use a variety of methods to force-downgrade target connections (in situations where mature implementations of HTTPS would have safely blown up). In other words, the authors are seeking a world where you install your mail server cert just like you install your web server cert, and it all works fairly securely out of the box. The reality is that it's early yet, but a lot of the work seems to be needed on the part of application developers rather than IT right now.

See https://blog.filippo.io/the-sa...

Re:Crypto infrastructure is too frigging hard!

[scdeimos]

If you're thinking STARTTLS then you're encrypted transport system is already broken. Use the proper SMTPS ports. A number of ISPs (including TPGi in Australia) use Cisco PIX appliances (and other) to intercept SMTP tcp/25 traffic from their users. And they force unencrypted connections by not reporting STARTTLS in its EHLO response. Your privacy and security, broken in the name of "SPAM control."

Re:Crypto infrastructure is too frigging hard!

[GuB-42]

Google actually takes security very seriously.
They want to make sure no one but them can read your email.

WTF? End-to-end encryption not even mentioned!?!?

[unrtst]

Use S/MIME, PGP, etc...
All the transport level stuff isn't going to protect your email or ensure it's not modified in transit (or at the destination or origin).

Gmail's help on their new icon:

If you see the red padlock while composing a message
Don’t send confidential material, like tax forms or contracts, to that email address.

Fuck that... if you're sending confidential email without encrypting the content, you're already screwed.
For semi-important information, one should at least digitally sign the content to prove it wasn't modified in transit (ex. this should be used for any contracts, and if it's very sensitive, it should also be encrypted, and not just on the transport layer).

what about Bill Gates/Microsoft promise?

[rubycodez]

Bill Gates said they would solve the spam problem a few years back. Yet my inbox under office365 that my employer uses is a chum bucket of spam, while good cron and batch job emails end up in "junk" half the time. wtf, Gates. billions and you couldn't at least have pushed domain a authentication/verification system?

Re:what about Bill Gates/Microsoft promise?

[Bearhouse]

Well, I'm sure than one went pretty quickly into the "too hard" round file in the corner.
Especially when they found out that it was hard to monetize...

It's amazing the crap people put up with, (spam, unsecured email)
It's probably our fault; we've done a reasonable job managing the spam, (which is visible to the user) and a crap one convincing our users and managers to demand secure, encrypted email.

gmail is what has broken email.

I consider gmail to by my biggest threat to the privacy of my email.

If I want end to end security, well there is a standard for that. I use it. It works.

But gmail is close to having a monopoly on email. It isn't quite yet, but almost everyone I know uses exclusively gmail now. That means if I want to email them, Google IS the man in the middle. I can't easily email my friends without giving Google the contents of my email, which they will use to build a profile of me - and I've never signed up for any of their services or estasblished any kind of business relationship with them.

Furthermore, most small to medium businesses are using gmail.

Think about this: we used to have a decentralized, non-censorable, email standard that no one entity could control or pervert for their own ends. But the whole world said, "Fuck that, we want one advertising company to see everybody's email!.

Google is the main threat to the privacy of email today. Like Bruce Schneier observed, they want you to have email privacy from everyone except them.

Re:gmail is what has broken email.

[sims+2]

Well if anyone else had wanted to provide a reasonable amount of storage, allow attachments bigger than 4MB, provide both pop3 and imap access, not inject advertising into your outgoing mail, for "free".
They could have been the largest email provider.

But no one else wanted to do that for "free".

Re:gmail is what has broken email.

[DarkOx]

Well you have to look at the whole story though.

Consider all the vulnerabilities that have been found in MTAs, MDAs, and clients over the years. Then consider all the trojans and spam with tracking stuffs, etc. Google filters almost all of the later quite successfully, as to the former for many people and organizations it replaces all those things and so far the infrastructure has been well maintained and resistant to breaches (that we know of). Its also pretty carefully monitored. I suspect the ancient Sendmail install on that old SGI box at your ISP, could have sat compromised for weeks or months before anyone would have noticed in the years before GMAIL.

When you look at it from all sides its not so clear cut.

Re:gmail is what has broken email.

[Col.+Bloodnok]

Google is the main threat to the privacy of email today. Like Bruce Schneier observed, they want you to have email privacy from everyone except them.

I have an ancient gmail account which dates back to the early, early beta days (back when we had to swap invites on Slashdot). Somehow, every few months somebody new is able to register with the same user name, and I get all their messages delivered to my inbox. Their sent mail doesn't appear in my account, but everything else does.

Every facebook status message, itunes and amazon purchase, online dating message, and porn site registration.

Wait, what?

[s.petry]

Some of you will have a hard time with this, but... why is the problem here with SMTP? Is it really that hard to understand that MAIL TRANSPORT is not compatible with HIDE MY STUFF? Good grief people, you can't truly be that ignorant.

Do you trust that anything you mail through the Post office, FedEX, UPS, or any other mail service is "Secure"? Do you believe it's impossible for people to know what's in your boxes because you use those services? I can provide you a list of drug dealers who thought so too, but they are jailed for that thought.

Want secure, use secure. Lotus Notes was friggin awesome for securing content. Nobody wanted to pay for it though, and all the cool kids were using Outlook because you could drag-n-drop audio files right into your email (also read fart noises). Many Writing applications have encrypt/decrypt features. Zip has it too, but generic standard email? Come on now.. it's a MAIL TRANSPORT and works very well as a mail transport.

If you somehow believe "Generic Transport" can also be "Secure", I got some ocean side property you may be interested in buying.

Re:Wait, what?

[tnk1]

You used "Lotus Notes" and "friggin awesome" in the same sentence. Are you trying to cause Skynet's brain to melt down through a logic bomb?

Notes may well have been secure, but it was probably the worst mail client that I have ever used, and that includes using 'mail' from the command line. It was horrific, absolutely horrific. It is one of the few software products that I considered leaving a job for when they employed it. Their usage of that product quite literally convinced me that the company hated the people who worked for it.

If they succeeded at anything, it must have been because the million monkeys that they used to write it actually managed to compose a line or two of Shakespeare while throwing around their feces in whatever cage they were working in.

It's not that no one wanted to "pay" for Notes, it's that no one wanted to pay to use something that they wouldn't even use if they were paid to use it.

Exchange and Outlook is not exactly virtuoso software, but you can actually use it to do your work with and not want to simultaneously kill yourself and everyone else in the general vicinity while you (are trying to) use it. If that combo doesn't do security well, it's probably because no one really cares enough about it. Outlook's sin was always in trying to make your life easier on you whether you wanted it or not. That sort of modus operandi is why it has been horribly insecure at times, but people actually used it. It erred on the side of letting you do things with it. I'm just glad I've never had to be an Exchange admin. I hear that can be shitty.

Re:WTF? End-to-end encryption not even mentioned!?

[DarkOx]

How are you going to implement that for web mail exactly? Will you let the sever do it? That means Google gets to assert your identity, and if they ever get compromised we have a whole mess of people sending signed mail with signatures that may or may not be valid and we are back to a more or less unauthenticated situation.

You could have the client do with JavaScript but that still leaves the door open, if the server is compromised and sends an altered script how can you know?

You go the traditional install plugin route, but then web mail is no more portable than a fat client.

There just isn't actually a good answer for this. You can have secure E-mail or portable E-mail but not both.

This is going to be bad.

[PAjamian]

Google is trying to force servers to use STARTTLS encryption for port 25 MX traffic, this is all commendable, but they are giving their users a false sense of security. When gmail does not display the broken padlock it simply means that the first hop to the recipient's MX server supports STARTTLS, but mail is routinely stored in plain text queues on multiple servers, transmitted on in additional hops that are not necessarily encrypted, and even the first hop encryption often times uses self-signed certs or certs signed by non-authoritative CAs, so the message being sent, while being encrypted is still vulnerable to man in the middle attacks.

But Google is giving the impression that if that first hop offers STARTTLS, then the message will be sent securely and encrypted. This will result in people putting all sorts of credit card details and other information in their emails thinking (because Google said so) that the message is secure, when nothing could be farther from the truth.

Google needs to stop this right away, it's going to do way more damage than good. There is only one way to hide the content of an email from prying eyes and that is with properly implemented PGP encryption. There is no way to hide the meta (envelope) data from prying eyes. It is really important that people not be misled on this account.

Re:WTF? End-to-end encryption not even mentioned!?

[izat]

Second, Google is unwilling to provide such a plugin because it would interfere with the company's ability to scan e-mail and build advertising profiles.

Actually they were working on a PGP plugin for Chrome, though it's moving very slowly, possibly dead.

Re:WTF? End-to-end encryption not even mentioned!?

[MightyYar]

nobody should be using web based email.

At first I thought you were being sarcastic, but then realized that sarcasm makes no sense here. So you must be serious.

It's quite simple - use email for the 99.9% of your communications that does not need to be secure. Send your tax forms through a secure web site. Problem solved. Web email is still useful.

Re:WTF? End-to-end encryption not even mentioned!?

[CronoCloud]

How are you going to implement that for web mail exactly?

End to End with something like Mailvelope?

You go the traditional install plugin route, but then web mail is no more portable than a fat client. There just isn't actually a good answer for this. You can have secure E-mail or portable E-mail but not both.

People SHOULD be using "webmail" via IMAP with proper e-mail clients Then it's portable because there are mobile mail clients that can support PGP. So yes you can have portable secure e-mail, even on a phone or tablet.

You are doing it wrong

[gweihir]

You are calling for link-encryption. That is obvious nonsense for email. Proper email encryption is end-to-end and does not trust the transport at all.

Incidentally, this problem has been solved since 1991 with PGP.

You expected different?

[Khyber]

This company lives off of mining your data and violating your privacy. You expect them to allow you to fully protect your communications to the point where they can't figure out how to advertise to you?

Give me a fucking break.

Re:You are naming it wrong (PGP)

The reason people don't use PGP is because of the name Pretty Good Privacy makes it sound amateurish (that and the initialism PGP is too similar to PHP). Maybe they could get more users if they called it Good Privacy or Very Good Privacy, but I know there's a local-maximum trust in there somewhere because I think trust would go down if they called it Excellent Privacy or Perfect Privacy.

IMO, more people would consider using it if it used an animal name or some name from mythology.

Re:easy encryption

Imagine if you could actually write good clean documented code!

Good example of how not to code.
- no useful comments
- the only two comments conflict with each other
- no line breaks before "if" constructs or after "else" constructs
- assumes existence of files for which it doesn't check existence
- doesn't check status for execution of openssl commands

Not bad for a six-year old.
M

Re:easy encryption

[chihowa]

As someone who just inherited a huge repo full of uncommented code with nondescript variable names (A, B, C...) and no error handling, I have to say that the parent comment isn't scored high enough. Posting crap like that on the internet does nobody any good. Even if it is short enough to understand, poorly written code is especially intolerable if the subject is cryptography.

(Anyone who says that their code documents itself hasn't tried waiting a year and then trying to figure out why their undocumented code doesn't handle some edge case.)