Hacker News new | past | comments | ask | show | jobs | submit login
Mega to run ‘cutting-edge’ encrypted email (rt.com)
69 points by tchalla on Aug 11, 2013 | hide | past | favorite | 34 comments



I've only read the RFCs for email protocols once, so someone correct me if I'm wrong. But the only way email is ever going to be truly secure is if extensions are added to the current protocols to add end to end encryption of the message body. Otherwise there's always going to be a third party arm for law enforcement to twist where the message is in plain text for a short time.

Also you can't trust the guy, I'd trust him to host illegal material because he wants it to stay up, but what happens when governments start offering bribes to hand over my emails?


I imagine that it'll be something involving browser-JS-baked PGP and an optional client-side driven indexing service (like a Sphinx search agent running in the task bar.) It'll weave in some sort of "Hey, you're emailing a service provider that doesn't support PGP enforcement - supply recipients public key, send unsecured message, or ask them to switch to MegaMail?"


Yea, I'd imagine it to be a shinier version of hushmail with lots of sketchy marketing thrown in...


You can already encrypt email bodies end-to-end using PGP.

The unsolved problem is the (queue dramatic music) METADATA!!!

For an email to get from your computer to the recipients, it has to have metadata that the intermediate computers understand: The SMTP protocol is designed to deliver your email by relaying it any which way it is set to. So when you send it, it goes to your office SMTP server, which then might relay it to your head office SMTP server, which then might relay it to the recipient's spam filtering service, which might then relay it to the recipient's head office, which might then relay it to your recipient's office from where the recipient retrieves the email when they're good and ready.

SMTP is not ever going to be secure. Even if you use TLS (which most mail servers do by default these days) you're only encrypting the message-in-transit so any of the myriad of systems between each SMTP server can't read it.

All it takes for the NSA to read your metadata (and cache your encrypted message) is to compromise one of the SMTP servers it passes through. Then they can compel you to decrypt it using any method they have at hand.

The secure way to send email is to have your computer connect directly to your recipient's computer over an encrypted transport layer (TLS) and possibly for your recipient to authenticate to accept that connection (so AFK means no email). You'll have to know your destination point's IP address somehow. (DNS sounds fine, after all it's just a phonebook. However requesting an IP address could easily be logged and so you've leaked metadata again)

This means you can't send an overnight email and expect someone to get it in the morning when they switch on their computer. If you want to do that it needs to sit on a server somewhere. And that server is subject to attack.

So for convenience, we could build a server designed to accept any of these messages from anywhere. But it also needs to accept messages to anywhere as it can't be allowed to know who the recipient is. That's metadata.

The problem now is how do I get my messages from my server? The server isn't allowed to have my key, so it can't go and attempt to decrypt every waiting message (or decrypt every envelope).

At some point, you'll have to either give up convenience (can't get email unless you're both online) or security (you'll have to trust something you're not in control of).

I'd be stocking up on tin cans. And string.


Don't remailer services solve the metadata anonymity?

I understand forwarding after a variable waiting period also frustrates sender address detection. Finland still good hosts for these?

Wikipedia:

An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are Cypherpunk anonymous remailers, Mixmaster anonymous remailers, and nym servers, among others, which differ in how they work, in the policies they adopt, and in the type of attack on anonymity of e-mail they can (or are intended to) resist.


From my comment:

> At some point, you'll have to either give up ... security (you'll have to trust something you're not in control of).

The anonymous remailer must be trusted for this to work. And this doesn't get around the fact that email is broken generally. Companies wont start using anonymous remailers.


Actually, its really simple. You operate your own mail system, and require secure network access to use it.

For example, The social security administration requires each state to do this for the state employees who handle disability-related business. Those employees must use their mail system.


Again, you're trusting something that isn't yours. In this case you're trusting the state's server.


You're looking for a unicorn. There isn't a convenient way to have a third-party deliver something to someone without knowledge of where that thing is going.

If you need a trusted chain of custody for whatever you're moving, than you need to build that infrastructure (as in the example I provided previously). If you need the ability to securely communicate outside of a secure infrastructure, there are various ways to do that (bank-style, ssl-secured messaging centers, PGP, S/MIME, etc).

Anonymity is a separate problem. Spies use techniques like dead drops. The boss in "The Godfather" didn't use the phone. Corporate executives use PIN-to-PIN blackberry messaging and swap phones periodically.


But in this case the you that's worried about security is the social security administration for the state.

The real problem with the argument is that it's hard for people to set up their own secure mail servers, but organizations, like in this example, can do it decently well.


Am I correct, the "To:" field is really required to deliver email? If so, standards can be changed, or plugins developed to hide rest of metadata with encryption.


The 'to' header isn't required to deliver email. You could essentially encrypt the entire header block if you're changing the protocols. What actually delivers the email is the 'RCPT TO' command on the SMTP transaction.

At the moment, SMTP requires that you also give it a 'MAIL FROM' command that tells who the sender is. Most servers also require a HELO that identifies the sending server, but you can basically get away with putting anything in there.

But now you're left with an authorization problem.

Currently the combination of these three fields is what determines whether an SMTP server will accept the message for delivery or relay. If all you get is the 'RCPT TO' command, then you have no idea who's sending the message until it's decoded.

This puts the authorization task on to the recipient's computer. So the 90% of all email that's spam will now need to be parsed on the desktop.

One solution here would be to include another section above the encrypted email header+body that is the authorization block. Now the recipient's server holds then entire encrypted message using the RCPT TO as the destination. The recipient downloads a list of auth-blocks addressed to them and issues back a DENY if they don't want the message.

The authorization block would identify the sender who has signed their identity in a publicly identifiable way. BAM! There goes spam.

Unfortunately the BIGGEST problem in all this is Microsoft. They could have added simple-to-set-up PGP to Outlook years back. So how likely do you think it is that they'll switch to any new protocol. (The anti-spam industry really lives in fear of Microsoft waking up and working on implementing any of the new protocols that would instantly stop spam.)

In all this, I'm ignoring web-based email for all this: that's a much bigger security nightmare as you have to trust your private keys to the third party


It seems like it could be done with a service offering public key info, and using key signing and web-of-trust to keep the keys reliable, and encrypting in open source client software not provided or updated by the mail service provider.

That still leaves the service open to being strong-armed into sending you malware. And, of course, your mail headers are in the clear.

But, apparently, to the Lavabit people, what I've outlined here isn't sufficient, and the implication is that the NSA and/or FBI has ways of compromising all email providers no matter how they operate.


This is why it really needs to be done at the protocol level, an email provider can't change the behavior of my desktop client and the process could be completely automated for the average user.


I'm not sure of the relevance of the protocol IF the service remains store-and-forward.

Silent Circle and Lavabit seem to think it's better not to use email at all. An open Skype-like system is probably pretty good. Keys are ephemeral, and transferring encrypted files in audio-video sessions makes it hard to MITM.


Email is pretty bad, but its not going anywhere so we should try to fix it.

The service would remain store-and-forward but the content would be encrypted throughout, something which is not currently possible without both parties knowing how to setup and use PGP.


I think you're looking for bitmessage which is an email replacement that hides the header and content, and is inspired by bitcoin.


I wouldn't trust him. He seems like such a shady guy[1]

[1]: http://en.wikipedia.org/wiki/Kim_Dotcom#Early_criminal_inves...


That wikipedia entry does him no justice. In the 90ies he ran several Mailboxes (anyone remembers those?) where people shared warez and then he went on to sell his users data to an ip lawyer who used the data to sue them. Google for "Kimble" and "Gravenreuth" to read the details. I'd rather trust the NSA with my data...


Wow, there really doesn't seem to be anything off-limits for this dude.

Even traditional ponzi schemes:

> He set up a network of interlinked companies, including Trendax which was claimed to be an artificial intelligence-driven hedge fund delivering an annual return of at least 25%


There was a ponzi involved? I thought that was just a fluff company trying to sell a whole lot of nothing to a rich investor.


And remember the time where he scammed the telcos with some exploit? Or when he was convicted of insider trading? Kim is just looking for money.

The image of a heroic hacker standing up to defend The Cyberspace from The Man always was marketing. That's actually the only thing he's good at- marketing himself. The gov shutting down megaupload was actually the best thing that could've happened to him, it made him authentic and people who don't know better usually believe his crap based on the news coverage.

For anyone interested in this matter (or just wants a good laugh) I recommend finding kimble.txt. It's in german though.


Watch the Mega announcement [1] to get a very clear picture of this guy. He starts talking at [2].

1 https://www.youtube.com/watch?v=LwlLC2PUrH8 2 https://www.youtube.com/watch?v=LwlLC2PUrH8&feature=player_d...


Wow. Thanks for sitting through that for us!


I've think he's got a vendetta against the US govt now. I bet he really wants to stick it to them after what they've done. Don't you agree?


He wants attention first and foremost.


I understand what you mean but looks can be deceiving. If you saw a picture of Keith Alexander, you might think he looks like a decent guy.

In the case of Dotcom, I might also be a little cautious although I'm not aware of any actions on his part that would make ME, as a civilian of a random country, not trust him.


No thanks Kim. It's just going to be some shiny app with marketing fluff sprinkled on top for the every day user to create the illusion of security and privacy for people who don't know any better. Very opportunistic.


Edit: After looking around, the following sounds very much like Bitmessage. Which doesn't work precisely like this, and I worry about how it'll scale if the messages get sent to everyone - how does that work with significant throughput? But in any cause sounds like a fairly well thought out system.

==================

So, what would it take to trust an email provider? What'd that look like?

All encryption done on your machine from code you compiled, or at least can compile. Open sourced, so it can be checked. Keys always in your control.

The email should be split into several parts and then onion routed, with associated encryption, to another service with semi-random timing in the forwarding protocol to disrupt traffic analysis.

This service then removes the final layers of encryption, reassembles the message and forwards it to the final destination. Preferably this last step/service is done on a semi-random basis within the forwarding network rather than with a centralised server. Each person serving as a forwarder and a sender would help to confuse traffic analysis when coupled with the semi-random forwarding as well.

I might be wrong, however, I'm guessing that this isn't going to look like that.

Otherwise, it seems to me, you're putting a lot of trust in the server. Even if they pass you some fancy script that does the encryption on your end and there's some way to check that it hasn't changed between visits. Even assuming they don't send you malware. They're still going to be able to see who you're sending stuff to. (And neither of those previous assumptions is non-controversial to begin with.)


I druther keep my e-mail on NSA's servers than Mega's. Given .com's past, it'd practically be the same thing.



If PGP is the solution then a first step could be to agree on a standard markup inside the email so that we could point the email client to the public PGP for automatic unencryption.


I'd prefer not to trust neither him or they...


Kim Dotcom is a maverick!




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: