Monthly Archives: March 2014

Email Can’t Be Completely Private or Secure

Posted:

People ask us this question every day.  Can you make my (name of big name email service) email account secure?  A better question to ask is if any email can ever truly be private or secure.

Our opinion is email can NEVER be completely private and secure — that’s because of the way email was designed and operates and it’s been that way for more than 30 years.  When you send an email, you are actually sending a text message from your computer to another server, an email server somewhere on the internet that can be read by anyone along the way.  In the trusting world of the early internet, most people were kind and trustworthy, so this wasn’t a problem.  Gentlemen (and gentlewomen) don’t read other gentlemen’s email.  Unfortunately, the internet has slid down along with society.

How Email Works

When you send an email, there is an entire system of email servers on the internet, run by many different people you don’t know, that move your email from your computer to your recipient going between many different places along the way.  Here’s a diagram (below) of what this network looks like.  On the left are your desktop, mobile and laptop that send email.  All the way to the right is your recipient, a desktop computer.  As you can see, the email travels through many different servers to get from the sender to the recipient.  Note: I’m simplifying things a bit here.

It makes a number of hops through various servers on the way from sender to recipient, going through a number of servers, a “cloud” (in this example) and it’s almost guaranteed to go through at least one Spy Server (or hidden switch) that will make a copy of your email.  We’re not even talking about major commercial services here like Yahoo, Hotmail, or Gmail, etc.  Those service duplicate and scan all mail going through their systems.  Document retention is out of your control and depending on their privacy policy, they can give it to others under various circumstances.

We know personally that email has been gathered since 1997 at nearly all major ISPs in data rooms run by the NSA.  If you are outside the US, you should assume that your government’s security services are doing the same thing.  There’s a lot of valuable business and political information available in all that email, and it’s guaranteed to be intercepted and saved.  You won’t know anything about it because it’s transparent to you. (unless it gets blocked or censored)

email_network

Because email is just a plain text format, anyone along the way can read it.  Newer servers now encrypt the email contents between the servers, but not every server supports this, which makes it of limited value.  Even if it’s encrypted, you don’t control the key and it’s usually SSL encryption (that we believe is broken), so that encryption isn’t worth very much.  There’s no telling what kind of servers you are going through and it’s not uncommon to go through 15-30 different email servers before your message gets to your recipient.  It’s just not secure because there is no control over the end-to-end transmission of your message.  It’s difficult for the sender to know the receiver got the email, unless they reply to it.

Email is Like a Postcard

When you send an email, the sender and receiver plus time and date is all out in the open.  Even if your message is encrypted, this “header” information is there for anyone to see, here’s an example:

Return-path: <panamaslj2@zaprosto.ru>
Envelope-to: radio@beforeitsnews.com,
 contact@beforeitsnews.com,
 abuse@beforeitsnews.com
Delivery-date: Wed, 19 Mar 2014 17:44:10 -0400
Received: from [178.126.69.218] (port=17051)
	by mx02.safemail.is with esmtp (Exim 4.82)
	(envelope-from <panamaslj2@zaprosto.ru>)
	id 1WQOHQ-0005kN-L4; Wed, 19 Mar 2014 17:44:09 -0400
Message-ID: <01cf43de$0a33c780$da457eb2@zaprosto.ru>
From: =?koi8-r?B?IvPQydLJxM/OIg==?= <panamaslj2@zaprosto.ru>
To: <abuse@beforeitsnews.com>
Subject: =?koi8-r?B?7sHU1dLBzNjO2cUg0NLPxNXL1NkgySDLz9PNxdTJy8Eu?=
Date: Thu, 20 Mar 2014 01:45:15 +0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4927.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
X-Spam-Status: No, score=
X-Spam-Score: 
X-Spam-Bar: 
X-Ham-Report: 
X-Spam-Flag: NO

There’s actually quite a bit of valuable information in the header, you can connect who is talking to whom and when, just like the “meta-data” from a phone call and so on.  People will know who you are doing business with or communicating with.  Let’s say you are visiting a psychiatrist or a cancer doctor, or buying some long term food to store in your home, or maybe staying at a hotel in another city or attending a rally to protest something.  That’s all recorded FOREVER and even if the message is very strongly encrypted all this information is out in the open.  It’s very valuable marketing data and also could be useful to spies.

Email Can be Blocked and Censored

Think about it, if someone can read all the information in the header, they can potentially block emails from that person to you or even change the content of the files.  We’ve actually seen this happen numerous times with Before It’s News, where we receive many sensitive emails from people who are whistle-blowers and human rights activists.  We’ve tested this and seen that certain mail gets through and other mail doesn’t.  It depend on the sender, receiver, subject and contents of the message.  You don’t miss what you don’t see.

Our Future Solution Will Use Very Strong Encryption and Anti-blocking Technology

We think the solution to this problem is to gradually stop using email altogether.  Our real time messaging will be redesigned in the future to provide an email like service and provide a gateway that will be backwards compatible with today’s email.  It will look and feel like email, but it will be real time and not go through the email network infrastructure that is widely known to be compromised.  You’ll still be able to communicate with people who use email, but they will receive messages from you on a secure web page.

We’ll still offer the best encryption possible with our standard email service, but we will be recommending that people migrate to the real time messaging as we develop more email like functionality.  The encryption is extremely strong, and there are many features like message retraction or destruction and receipt of delivery and reading.  It’s also a lot faster because it’s designed to be real time, like a phone call or chat, not delayed like an email.

 

Read more

SSL Now More Secure on Unseen.is + Friendly Hackers

Posted:

We just completed the security upgrade our team has been working on for the past several weeks.  Everything is behind the scenes, so there’s not much to notice until you look under the hood, but these changes will definitely improve the security of the site.  It took us a couple of tries to get it right, but it’s now in production.  Thanks everyone for your patience and now you should clear your cache, reload the home page and then go change your password.  It’s now a lot more secure.

First, we upgraded the protection for CSRF (Cross Site Request Forgery).  Here’s what wiki says about that:

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.

In layman’s terms that’s where someone tries to login and the site returns a session ID.  Someone else grabs that session ID and then masquerades as that person, successfully logging in to the site as them.  We’ve now repaired and patched that issue.  We haven’t heard of any user who was negatively affected by this issue.

The other major change is the way we use SSL for login on the site.  We’ve now added one other major security feature to our SSL login.  We kept the cute padlock and SSL channel, but now we have secured your password with NTRU security for this vitally important function.  Here’s what your password now looks like with this NTRU encryption:

New SSL

I won’t tell you my password, but you can rest assured it’s a lot shorter than the one a hacker will now see in the SSL data stream.  There’s no way I could remember more than about 16 characters.  This should provide pretty good security for your password.

We’ve added this level of authentication across all Unseen applications;  Win, Mac, Ubuntu and Android.  We’ll be adding download links from the front page and distributing the desktop clients tonight.  Android is still being tested and will be available hopefully March 15.  That depends on the progress for SIP signaling on the web site…once that’s finished, the Android app will ship.  Vinh and I have been using the Android app and we think everyone will be very happy — it’s got all the secure text chatting and audio and video calling, which is really cool, especially if you’ve got a big battery.   ;)

Finally, we want to invite friendly hackers to test the security at our site.  Please be gentle, we’re still bolting down a few things, but we do appreciate your feedback.  These two security fixes just mentioned were a result of a very good discussion with one of our users, who is a security expert.  Responsible people like this are helping us make Unseen a safe place to communicate.

Thanks go to “The Opera Star” for his help and one other friend of ours.  We will make every effort to immediately fix any security problems pointed out by the members of our community and we’re grateful for the time you’ve spent testing things.  If you find a security problem we need to address that we don’t know about, we’ll reward you with premium accounts and even some bitcoin for something that helps the site.  In the future, once things get a bit more stable, we’ll be making parts of our source code available for review, too, and make parts of it available for developers.  If you have any things you think need to be addressed from a security point of view, please send an email to support at unseen dot is.

 

 

Read more