Secure (not anonymous) email services

Has the Countermail service been independently audited to publically document that no plaintext emails are retained? The challenge is one of trust -- how to you know this process is truly implemented, and how do you know that the process is implemented well? I have no reason to doubt the integrity or the professionalism of Countermail; however, it’s wise to “trust but verify.”

Additionally, the end-to-end encryption capabilities offered by Countermail seem to be essentially the same as those offered by PGP Desktop. Is this an accurate assessment -- or, does Countermail offer distinct advantages?

 

My post on this matter was not 100% serious.

I was going to write the "what's for dinner" message in grade 7 code then encrypt that with AES etc.

One can do multiple levels of encryption those each with a different key. We can make it real hard for them.

My point was for real secrecy don't use an insecure method like the www. Today, RIM agreed to give their code keys to Saudi government so they can monitor all their RIM using citizens.

 

Yes they do, but from what I understand they also keep the private key on the server protected only by the account password. Sure they jump through some hoops to avoid having a copy of the account password stored on the server, but once the gun/money is on the table then they can just modify the login script to log the used password and wait for the account holder to log on and voila, the gun/cash wielder just got access to the private key and thereby all the emails; I.e. they do a "hushmail.com". From what I understand lavabit.com is secure as long as lavabit.com doesn't cooperate with the attacker.

Don't take this as an offense, but a pseudo-anonymous user stating that this is the case on a forum does not really constitute evidence. Again, this is not meant as an offense. You may very well be a really dedicated, competent crew... You could also be a bunch of scammers.. Or a honey pot operation by [insert your favorite organization whether it be Russian maffia or NSA]..

A few suggestions though:

• Give the user the option to generate his own keys and only send you the public one.
• Register a .com domain that sounds "neutral"; countermail.com is possibly not the email domain everyone would like and cmail.nu has a weird country extension; I know it's used frequently in Scandinavia as it apparently means "now" in some Scandinavian languages but for the rest of the world it's strange.
• Open source the Java-applet; this let the more technically inclined verify that the applet isn't leaking the private key to your servers (or doing anything else that is naughty).
• Set up a server outside EU/USA and have that as entry/exit point to your system then just tunnel everything into/out from Sweden if you insist on having your servers there; this would stop Swedish MIL SIGINT from reading incoming/outgoing international clear text emails (the reason I mention this is that there was recently a Swedish law created to allow this if I understand correctly).

j

 

It's a sad day isn't it?? Can't believe this canuck cracked

He's already a multi-billionaire from the blackberry and IMO, should of told the saudis to "stuff it!"

I'm looking at purchasing a new phone soon and the blackberry is "now, 100%, completely off my list"!

 

Personally I don't think that software auditing is very usable, I will give you an example: Company X have just released a software and they use an expensive independent consultant to audit their software, everything looks fine and the consultant can't find anything bad, but...

-How do the public know that the consultant did his/her job correctly?
-What happen next week when Company X is upgrading their software to a newer version? Well,the expensive consultant must come back and do the job again...
-What happens if someone hack Company X:s server and modify the code, without their knowing? In this case the audit did no good at all.

If we talk about open source software, how many of you will actually read the whole source code everytime FireFox release a new version? Probably close to zero.

In the end, it's all about trust. I believe that trust is something you earn, not something you get.

I have developed crypto applications since 1999, but I started programming (as a kid) in 1984, our first customers knew me (and my company partners) and was not so concerned about the trust issue. But we understand if some people are suspicious, that's good, but I know that we will earn the trust sooner or later, we just have to wait it out.

One good thing about OpenPGP is that it's a widely used standard and you can verify each packet in the encrypted message. Pages like www.pgpdump.net is pretty good.

/Simon

I'm not sure about the email capabilities of PGP Desktop, I have only used it for file encryption. If we're talking about privacy and IP-addresses I'm sure that they don't provide harddrive-free IMAP servers without IP-logging

 

That's true, I wrote more about the trust-issue in the other reply above this one.

Yes, it's possible and we will probably add this option, today the keys are generated inside the applet on the client computer, the private key is protected with OpenPGP S2K before the applet sends it back to our server. The private key protection is very good, because OpenPGP:s KDF-function (S2K) is very strong, it appends the password and salt until it reaches a length of 65k, before hashing it.

Yes, we have already registrered +10 domains for this purpose. However 99% of all short & good domain names are already registrered, so it's not easy to find.

We might do this next year. But the technically people can already verify this today, by creating a SSL-MITM attack on your own LAN, its' pretty easy. We will release a video about this, so you can check other providers too. It's pretty sad to see that some OpenPGP-email-providers is sending back their customers password in plaintext...

Yes, we already thought about this and will start deploying more servers within a few months.

/Simon

 

I am confused. The private key is sent to (and presumably stored on) your server? Why does CounterMail need access to a user’s private key?

I was under the impression, perhaps mistakenly so, that the decryption of CounterMail email messages occurred on the client and not on the server.

Thank you.

 

We don't have access to the unencrypted private key, only the protected one, I wrote about it in my previous reply to _j_. If you have a strong password the PGP-private key is basically useless to any attacker.

Our service is primary a webmail service, which means you must be able to login from any computer, that's why we must store your keys, contacts etc. But they are always decrypted on the client side, they are never sent to our server unencrypted.

However, we will add the option to store the protected private key on our USB-memories.

 

LOL! That was funny

 

That's very nice. But do you offer any type of anonymous payment? And if not, do you have any plans for this in the future?

 

By proxy, does this also mean VPN?

 

Who is RIM?

 

Yep, but one can still use other encryption methods on a Blackberry (or at least so I hear). I know there are mobile versions of PGP around.

 

You can't. You can only know that at least the company hired a consultant so they can't be all that bad.

Probably not. But that's why open-source software is important -- especially where crypto software is concerned.

-

Then Company X is stupid. First of all, Company X's code repository and version control system should be using digital signatures (I am pretty sure GIT does this by default). Each time a developer makes a change, he signs it. If a malicious attacker tries to upload bad code, it is rejected without the proper signature.

I would doubt hardly anyone reads the entire Firefox codebase, but there are lots of people out there who have specialized knowledge who do keep up with various aspects of it. I can assure you of that. Not to mention, all of the security auditors who work to find exploits in order to either get their names in the news or collect the Mozilla $3k reward. Such code auditing is impossible with closed-source stuff like IE (even though closed-source does not stop exploits from being found as Micro$oft has proven over the years).

I will agree that an average end-user has to trust at some point. Actually, even software developers have to trust the hardware since the CPU manufacturers keep their microcode secret. But this doesn't mean that open-source software has no advantages.

And OpenPGP, as its name implies, is an open standard. Thank God for it, or we would all be beholden to Symantec right now (the owners of PGP).

Your software may be great or it may be snakeoil. I don't know. But if it ain't open-source I will never trust it. Don't take my word for the importance of open-source when it comes to crypto. Bruce Schneier has said the same thing:

 

Yes, we have Liberty Reserve.

 

No, VPN works fine.

 

Of course, it was not my intention to suggest that independent auditing of code is the entire answer for achieving trustworthiness -- but, it can be part of the solution. As I recall, Bruce Schneier has reviewed SecureDoc by WinMagic, for example.

The code for PGP is available for download and inspection from PGP Corporation, and thus there is no need to “be beholden to Symantec” even if OpenPGP were to vanish. And, don’t forget: PGP Corporation is the creator of the OpenPGP standard.

 

Thanks

 

Are there any present or past users of CryptoHeaven - www.cryptoheaven.com or anyone in general that could comment on the security of this service.

It looks good and secure. Incoming plain text messages get automatically encrypted and the user has the choice of storing their private key on their computer or the CryptoHeaven servers.

Besides encrypted email, they also provide encrypted storage and chat!

Here are some paragraphs quoted from their site:

 

Well yes Tobacco, i do have a comment!

I sent an email to Cryptoheaven support asking a few questions and received a prompt reply within an hour. Here is what i asked and then their response.

 

They've been around a long time. I have no personal experience with them, but always take answers like that from Mark in customer service with a grain of salt. That's the problem with these services whether it be Cryptoheaven or Xerobank (which I used to use) or anybody else that tells me X will be done after X is received and the end result will be X. You obviously hand over your security to a 3rd party with absolutely no way of knowing if X really is done as they claim. Are they securely deleted or just deleted? With something like email encryption - I'm going to do it on my end and that way I know whether X is/was/will be done.

 

Hey There LockBox

Completely agree with you and i have my own email encryption in place already. Unfortunately, and i do me "Unfortunately", almost all of my friends and other contacts don't deem securing their email important yet and my attempts to inform and help them do so have been rebuffed

Therefore, i'm looking for something like CryptoHeaven to use until that day arrives. Also, there seems to be alot of hacking lately of gmail, hotmail, etc accounts. With CryptoHeaven, the users mail, folders and even addressbook are encrypted on the server with the private key stored on the user machine if they choose that option.

 

This morning I set up my new free plan for lavabit - not really into it...must say + read some not-so favorable info about the free plans...

This minute finished setting up O!polis... the procedure as such was very exciting

Your experience with the service guys?

I presume each of my recpients has to use O!polis too... which might be a bit problematic.

 

Hey Korben

Your obviously looking for some security so go ahead and just delete that free lavabit account as it is just a plain, simple account with no security features what so ever.

I like the music in the demo video - kinda freaky

It does look secure but you are right - it's not flexible and only works Opolis user to Opolis user which you will no doubt find to be an issue with your contacts who are probably no different than the general public that don't deem email security important yet because they are generally unaware that:

Your email is scanned for advertising purposes and who knows whatever else by ISP's and the likes of gmail, yahoo, etc.

The NSA intercepts, records and then scans "1.7 BILLION" emails, cellphone calls and other forms of communication EACH and EVERY DAY. If something in your email happens to match a keyword, you are watched much closer.

Most services are insecure and open to hacking because accounts are not encrypted.


Until email encryption is a normal practice, one needs to find a flexible solution. I've looked at them all and the following 2 offer security with the most flexibility.

Free - Trulymail - public/private key encryption which is automatic between trulymail users. Service uses a client with the above done and private key stored clientside.

Flexibility - can also setup regular email accounts such as gmail to send and receive mail in the client. If 2 parties have trulymail installed, emails from accounts such as gmail can be sent as an "encrypted package"

Paid - CryptoHeaven - public/private key encryption which is automatic between CH users done through their client. Private key can be stored clientside or on the server (needed to access your account if you are away from your computer)

Flexibility - Can interact with your CH account with regular email account users such as gmail. Email can be sent plain text or encrypted with a "question and answer".
All mail received to your CH account is automatically encrypted (even plain text from say gmail) when it hits the servers.

Prices start at $7.99/month us or $66.00/year=$5.50/month

With this you also get 200mbs of encrypted storage, encrypted chat and encrypted file sharing (files are encrypted with the public key(s) of whichever CH users you wish to share the file(s) with. Storage, chat, email and file sharing is encrypted with the users public key. Also all folders and the addressbook are encrypted with the users public key.

 

Paid is not an option here... but thanks for the info, always good to know

lavabit - closed!

Opolis...I'm severly intrigued by this one...need to spend some time with it...


Trulymail - server connection failure lol again lol will read the help section to walk thru it and we'll see

https://zsentry.com - signed for it, I don't know why - any critique tobacco?