New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Another question about ProtonMail and Tutanota #1611
Comments
E-Mail (SMTP in particular) is a broken protocol that cannot be repaired. It leaks massive information and relies on non-anonymity of data transfer. I say non-anonymity, because encrypting the content of your e-mail doesn't make your conversation actually anonymous. And even better: TLS encrypted data transfer is not enforced by the protocol, so a random relay might decide to forward your stuff unencrypted (exposing E-Mail headers) to the next MTA. The only things you can reasonably do are:
And that's still not much. Anyway, e-mail remains one of the largest contributors of mass surveillance. |
"TorBirdy is in beta and should be considered experimental. Please make sure that before using it, you are aware of the known issues and leaks by reading the "Before using TorBirdy" and "Known TorBirdy" Issues sections on the project website." TorBirdy - Projects - PRISM Break |
So is there any way to protect yourself against surveillance? I mean except TOR (which I don't want to use, because there is nothing interesting) you can't chat and such securely. Even IM like Signa, Cryptocat and such. You have to give them your name and how would you do that? I mean you could do that via GPG and an ordinary email service or something like that but even that can be visible to Governments. |
@Hillside502 That's one reason TorBirdy isn't an official PRISM-Break recommended solution for secure email. @hasufell's suggestion is reasonable as far as "the only things you can reasonably do", but that doesn't mean this is a good solution. In fact all told it's a bad one because email is –at it's core– an impossible system to secure against privacy threats. Using TorBirdy is going to be better than not using at all, but there is no way you should rely on email at all if privacy is a concern. |
Moreover why should Snowden that stupid to use end-to-end encrypted email services like Lavabit if it is insecure? I'm a bit confused here. |
@Mattel88 This issue is about email, and specifically whether Tutanota is a viable alternative to Protonmail. The answer is no, there are no viable alternatives to any email platform because email as a platform is impossibly broken. @hasufell has provided a reasonable outline of the best you can make of a bad situation. If the question is can you avoid surveillance and use email, the answer is no. You can secure content by wrapping it encrypting the payload yourself but there is no way to secure the privacy end of things from surveillance. If the question is about surveillance in general then this is the wrong issue to discuss that. This issue isn't about web browsing in general or solutions for chat, etc. You should review PRISM-Break in general and only post specific questions about the content there as issues in this tracker. (Also refusing to run Tor and asking about whether there is anything you can do to protect yourself in the same breath makes me thing you aren't serious.) |
There is no such thing, even if Lavabit was configured to not communicate with any other MTA unencrypted. Imagine this: Lavabit sends an E-Mail to a google MTA over an encrypted channel... that google MTA starts doing some funny relaying to one of its own servers, but doesn't really care whether that relaying is encrypted. Let's put it this way:
(in fact, we know that google scans incoming emails as well as outgoing, so you can be 100% certain that your E-Mail is permanently stored and analyzed and potentially sent to your favorite NSA-like service... no matter how "secure" the transfer was) |
First @Mattel88, I'd like to point out that he got caught. The Feds know how he was emailing, who he was emailing, when he was emailing, etc. He may have been able to protect the payload/content of his email thanks to PGP and friends, but Lavabit did not protect him from surveillance knowing about his contact habits.
Neither Lavabit nor any other email service is "end te end encrypted" in a way that covers meta data. You can encrypt your own content, pass it over email (or any other mechanism) in a way that only your end party can decrypt, but just because you pass secure payloads over it doesn't make the email itself as a medium secure. Anybody provider than tells you otherwise is selling something and/or lying through their teeth. That doesn't mean Lavabit was a bad service or that Protonmail / Tutanota / whatever are bad services. They do serve a purpose and used appropriately (read: aware of their limitations) can be a good thing. But get any idea that they will keep you out of surveillance drag nets out of your head. |
I'm still new to this but isn't it the most important part? I know emails are not encrypted if you send them from ProtonMail or Tutanota to another GMAIL user as default. But if I chose to chose a password and send an email to google user (gmail) for example: What does google want to do? I mean the most important part, the message, is encrypted and stored on the ProtonMail or Tutanota server. So google can't do anything if they do not have the password. So what would the NSA want to do? |
It's the least important part. Just imagine what an ordinary private investigator does... he looks where you are going, who you talk to, how often, when, ...all of which is enough to make a complete profile of a person. And... interpreting content data is very difficult. Interpreting metadata is pretty straight-forward, both resource-wise and algorithmic-wise. |
@Mattel88 Basically what @hasufell said. You're thinking about this all wrong. PRISM-Break isn't about keeping some specific data secret like the things in your password vault or the schematics some new chipset or your interoffice memos safe from competitors. PRISM-Break is about avoiding surveillance dragnets up to and including state sponsored ones. It's about privacy as much as it is security. It's about not having who you talk to, when you talk to, how much you talk to, and why you talk to other people being logged in some database. From this perspective meta data is the entire game. Maybe PRISM-Break isn't trying to solve a problem you have a felt need for. If you choose to eschew every level of privacy then feel free to ignore what we're saying there. Otherwise know this: Programs like PRISM take meta data seriously for a reason. You should too. |
"Check if your emails arrived TLS-encrypted (and which corporations were able to read it nevertheless)" Paranoia :: Add-ons for Thunderbird |
That plugin just mainly parses the |
I see. Metadata seem to be very important. I understand that. But could you please explain me the following: ProtonMail:
|
@Mattel88: they are telling you their web interface does not log requests like you logging in, but this does not change how email works. When you send an email – any email – you have to tell the mail server where this email needs to to. It could then bounce around from one mail server to the next until it arrives at the mail server used by the recipient. Every mail server in that chain will know where it got the email from, and where it is supposed to send it. It has to know these things for the email protocol to work. This means surveillance can follow any email from its point of origin to its final destination, if the surveillance is big enough. If not, maybe it has a hard time to map the exact route your email is travelling but it only needs to be at 1 point in the network to read your
Nothing, but how is the recipient going to read your email? If they just let you enter any random password it means ProtonMail/Tutanota also need to offer the recipient some way to decrypt the message. This is probably done by them following some link and entering the password you sent them separately (don’t forget: you can’t email this password). So you have just added a completely new place for someone to try and attack them: that link. You didn’t actually send them any encrypted message, you send them a link. And surveillance could potentially have a wiretap/MITM set-up for the recipient and read “over their shoulder” when they visit that link and enter the password. |
@Mattel88 Hi, if you are ready to change the way you communicate and not use emails anymore, try to recommend Wire to your friends. It is end-to-end encryption for everything and should be more secure than email if we trust what they did. You can see it as a Skype alternative. |
Just to cross link, discussion about Wire on PRISM-Break is on #1582. |
Merged into #1383. |
I've read several threads about ProtonMail here. There was one in 2014 which showed that ProtonMail had a HUGE security hole which allowed to run scripts and read messages.
Here it is: http://www.theregister.co.uk/2014/07/07/protonmail_fail_javascript/
So far I've nothing read something like this about Tutanota. What about them? Is it also a bad choice because they have the same possible security hole? I'm wondering because it is open source.
How strong are these services against surveillance? I remember LavaBit were being closed because the feds weren't able to get into the accounts and Edward Snowden used it. So I assume these service are not that bad and a good choice against surveillance?
Or is it better to use GPG and some ordinary email services like gmail, yahoo and encrypt from there?
The text was updated successfully, but these errors were encountered: