Google tries to NSA-proof Gmail

Discussion in 'privacy technology' started by MrBrian, Mar 21, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://money.cnn.com/2014/03/20/technology/security/gmail-nsa/:
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    Cool, but what about NSA's taps on their datacenter-datacenter links?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From first post:
     
  4. guest

    guest Guest

    To put it in other words, Uncle Google is trying to look like a hero because people are avoiding it, thinking that this will get them back. :isay:

    It's not the NSA, or CIA, or FBI, or any governments' pseudo-evil organizations that I'm worrying about. Besides, nobody is going to use GMail to discuss about world domination plans. Instead, fix your ~Phrase Removed~ YouTube because I keep getting lags, and standardize HTML5 already!
     
    Last edited by a moderator: Mar 21, 2014
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Great, now why would I believe that they won't offer direct access to NSA when they ask for it? :rolleyes:
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://securitywatch.pcmag.com/hack...ll-encrypted-now-but-you-re-not-nsa-proof-yet
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    I don't think that HTTPS would make any sense for DC-DC links.

    You'd want VPNs for that, no?
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Trust Google/Gmail? I just can't imagine being able to go there! I hope they prove themselves. I want to be wrong.

    For me this has nothing to do with their technology. I am fully confident that Google could secure their system beyond approach. I just think at the blink of an eye (from the Gov) they will hand it all over no questions asked.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    HTTPS makes sense between servers internally, that's not the issue. The issue is that the servers themselves can still decrypt.

    It it's:

    Google server <--> NSA box <--> Google server

    HTTPS defeats their box.

    But if the Google server itself *is* the box... there's nothing to do. Google *must* view unencrypted emails in order to do basic functions like spam filtering and malware detection.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    Well, I don't even pretend to know how Google moves mail around between servers in different data centers.

    But I was thinking in terms of synching databases, bulk transfers, etc.

    To me, HTTPS makes sense between a browser and the server it's connected to. But maybe they do a lot of proxying, from one server to another, until they either hit the recipient's Gmail account, or exit Google via SMTP. Is that more or less what you're saying?

    Also, many people use clients with their Gmail accounts, and I don't see how HTTPS would be involved in that. But hey, what do I know?
     
  11. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    53
    This is a trick question, right?
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://gmailblog.blogspot.com/2014/03/staying-at-forefront-of-email-security.html:
     
  13. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    Think I'll stick with my current practices. Complete lack of trust for server-side encryption/security.
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    A lot of good HTTPS will do when it's broken at the certificate authority level. This is strictly PR for those who don't understand how HTTPS works.
     
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From How does the NSA break SSL?:
    Regarding passive surveillance, Google uses Perfect Forward Secrecy.
     
  16. Splosh

    Splosh Registered Member

    Joined:
    Nov 19, 2012
    Posts:
    18
    By using the information that's been available I tried to put together a schematic that addresses problems in email security. It's not perfect and fully consistent with the leaks (there's too much to digest)

    -http://www.cs.helsinki.fi/u/oottela/emailsec.pdf-
     
    Last edited: Mar 22, 2014
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    With a splitter and stolen certificates, there's no need to decode or MITM the original. They can decode the copies and allow the originals to pass through. Regarding being detectable, that's what NSLs are for. We already know that they do both. What reason is there to think that they don't use both abilities together?
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Despite all the naysayers in this thread this is great news for Gmail users. More companies should follow suit.
     
  19. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    People still use Gmail? Much less any google product?

    Dang!
     
  20. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    Removed Off Topic Posts. Let's Focus on Google tries to NSA-proof Gmail. If This Thread Turns Political, It Will Be Closed!
     
  21. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I think we're seeing a lot more snake-oil sort of moves regarding privacy/security since the NSA crap. In other cases, just making good public image (like Facebook).

    Hotmail ain't much better though:
    https://www.eff.org/deeplinks/2014/03/microsoft-says-come-back-warrant-unless-youre-microsoft

    That's all I ever see people use- Yahoo, Google or Hotmail and they all suck, with Gmail being still the better of the bunch. People really don't care as long as it's free and works.

    edit

    There are so many issues with Youtube that now would be the perfect time for an alternative to compete with them.
     
    Last edited: Mar 23, 2014
  22. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    Thread Closed As Per Policy.
     
Loading...
Thread Status:
Not open for further replies.