146 comments

[ 0.21 ms ] story [ 262 ms ] thread
Great! Why now? Why on Inauguration Day?
I wonder if their sysadmins will be able to read your mail or just promise not to. :/
This is why you always encrypt on your machine not your email service. TBH I don't get why people get excited about things like Lavabit. You shouldn't be relying on one particular email service for security when email is not secure by design. Secure your content properly and then it shouldn't really matter what email service you use.
I agree with you, but sadly things like PGP are not universally adopted and can be a PITA to explain to someone not technically inclined. So it all boils down to the lack of standardized an universal encryption in e-mail.
There is a standard, and the fact that it's not universally adopted is more of a social problem than technical.
Then sadly you don't have security.

Understanding the threat model is fundamental: If you don't know what this protects against, it might as well protect against nothing at all; My ISP received my emails in plaintext, so I have to assume that they've got a plaintext backup of those emails.

I believe the words Vincent Canfield, owner of cock.li (another secure email service) are relevant here:

>How can I trust you?

>You can't. Cock.li doesn't parse your E-mail to provide you with targeted ads, nor do I read E-mail contents unless it's for a legal court order. However, it is 100% possible for me to read E-mail, and IMAP/SMTP doesn't provide user-side/client-side encryption, so you're just going to have to take my word for it. Any encryption implementation would still technically allow me to read E-mail, too. This was true for Lavabit as well -- while your E-mail was stored encrypted (only if you were a paid member, which most people forget), E-mail could still technically be intercepted while being received / sent (SMTP), or while being read by your mail client (IMAP). For privacy, I would recommend encrypting your E-mails using PGP using a mail client add-on like Enigmail.

This was originally followed by a quote from /g/, which has been redacted for obvious reasons (if you want it, you know where to find it), save this line:

>Now that I think about it, administering a mail host is exactly like being a nurse, only people die slightly less often.

Hm, feels a bit weird. If they already got served with an order to share the data and they refused to comply, closing down the service instead, what can have changed today? Wouldn't this mean that someone else took up the service, agreed to the order and now this will become some sort of honeypot?

Maybe I'm misunderstanding something, but I don't understand how anyone could trust Lavabit to either stick around or actually be private and/or secure.

One could hope they now have solved it technically in a way that would make it impossible for them to deliver that kind of data.
That's not exactly possible for an email service provided by a third party.
End-to-end encryption. Only the users have the keys.
And SMTP 571: 'Delivery not authorized' for anyone that sends a plain text message.
Interesting but isn't the data already received in plaintext at that point?
You could have a hardened gateway server with read-only storage and that only temporarily stores messages in memory.

Maybe a heterogenous bunch if them so you'd have to crack all of them to get all messages.

You could periodically reset them in case they still get infected.

You could add a transparant proxy that specifically looks for odd, repeated requests, to detect re-infectations.

You'd set up alerts for attempts at communication/scanning from those servers, to detect virusses trying to move laterally between the different instances, and/or isolate them from eachother on the network layer.

You could have a separare hardware device that scans the memory of these servers to detect tampering.

It could also try to detect "plaintextness" and abort as soon as it detects that, so you only have the beginning of the message in memory.

This doesn't help when the ISP is recording (and it probably is), but it makes it very hard to retrieve the data from inside the email datacenter.

> You could periodically reset them in case they still get infected.

Just have them rebuild themselves from ROM after each processed mail :)

This is retarded. If you try something this you will end up just like lavabit did. You can't rely on solutions that require the operator to remain honest.
I don't think it is? Fact is, if you use SMTP, you can only see if the content is encrypted or not once you receive part of it. The techniques I mentioned are to reduce the risk of these (partial) plaintexts being captured, but should be paired with a refusal to deliver.

There's no way to stop a user's contacts sending plaintext emails for all the ISP's/intelligence agencies to see, but you can make sure you touch them as little as possible when they do arrive (see GP) and discourage those contacts from doing it again by not delivering/returning error codes.

Unless you drop SMTP altogether. I think Riot with E2E is looking pretty good, but it's not been hardened at all.

>Fact is, if you use SMTP, you can only see if the content is encrypted or not once you receive part of it.

Then don't put your users at risk by using SMTP.

>The techniques I mentioned are to reduce the risk of these (partial) plaintexts being captured, but should be paired with a refusal to deliver.

Techniques you mentioned are nothing more than pointless showmanship, which you'll cease as soon as the government asks you to.

>There's no way to stop a user's contacts sending plaintext emails for all the ISP's/intelligence agencies to see

Which is why you shouldn't put them in a situation where they will inevitably do so.

>Unless you drop SMTP altogether.

If you're going to launch a service that advertises secure communications, you have to. Otherwise you're just endangering your users, just like lavabit did.

We're not talking hypotheticals here. Lavabit already fucked over their users trying to pull silliness like this.

> You could have a hardened gateway server with read-only storage and that only temporarily stores messages in memory.

Yeah, well, who is your adversary?

I assume NSA and GCHQ by default just log all SMTP traffic. Especially the ones to services like these.

If your adversary is someone sniffing your unencrypted WiFi connection, they'll have your unencrypted e-mail like this one as well.

If your adversary is network and sysadmins who run your SMTP server then all bets are off. I think the danger lies, just like within Tor, that there's a mole in such a team who does harm while being undetected.

If you're protecting against the local authorities ensuring to get a remote, secure connection with a country who isn't playing along with your local authorities is key. Which is why Putin wants Russians to use local services.

Since you cannot realistically prevent unencrypted emails from being sent to your email service, that's not any kind of a solution.

You can't rely on your ability to block them either, or you'll end up just like lavabit did.

Force end to end PGP encryption for all users? If they do that then I'd assume they could hand over data and say "good luck".

They could also setup a P2P delivery & backup system so that it's not guaranteed they have the data. If all the data is encrypted, it's not really an issue to distribute everything (but then again we'd be talking AES512 or better for something crazy like that).

You lost me at AES512...
If you think AES512 isn't secure enough for your data you should not be hosting your mail server out of your network.....

Also, if you have a way to break AES512 I know some people who'd pay a killing to get that information. No litterally there's people who'd kill for that.

AES512 isn't a thing. AES uses 128, 192 or 256-bit keys.
Since there is no such thing as AES512, 'breaking' it isn't that hard...
Fine, AES1024 then! Pedants.
AES512? Is there some 512-bit symmetric key cipher?

They could encrypt with two(or more) 256bits keys, but I think just 256bits key is enough for at least next 5years.

I think ideally you don't what a set reveal date for all of your personal emails. 5 years is very short term to wait for some good email data.
A brute-force attack on AES256 would currently take (10 * 2^256) / (4 * 10^9) seconds, assuming a 4Ghz CPU with 10 clock cycles per try. As long as my calculator tells me it takes "NAN" years to crack my encryption I'm not getting nervous. Quantum computing may change that, but it's currently in the weird space between ("all bets are off, anyway" and "it's not magic").
Quantum computing is not going to change that, but it can break key exchange.
On top of that, I don't remember the specific assumptions but my Crypto professor proved that just to increment a counter to 2^256 would take more energy than exists in the observable universe.

I think also everyone is pretty sure quantum computing won't break AES, but maybe there's some weakness in the S/P boxes that quantum computers can exploit, who knows. That's the fun in crypto, you can't prove that anything other than OTP is unbreakable.

> On top of that, I don't remember the specific assumptions but my Crypto professor proved that just to increment a counter to 2^256 would take more energy than exists in the observable universe.

This proof is present in Schneier's "Applied Cryptography" if someone wants source.

> On top of that, I don't remember the specific assumptions but my Crypto professor proved that just to increment a counter to 2^256 would take more energy than exists in the observable universe.

Well, depending on the theory the universe isn't even supposed to have any net sum, but regardless: even at the Landauer limit (at room temperature; it scales linearly to absolute temp) it would take an awful lot of energy to do the computation non-reversibly, about:

    2**256 * 256 * 2.5 zJ
    ~ 8e+58 J
Which is about 38 orders of magnitude greater than the total energy use of the world (~3.75e+11 GWs).

And any computer built so far is still far, far away from the Landauer limit.

There is also Bremermann's limit which is an intrinsic limit on the processing speed per mass. Eg. a machine that traverses a 256 bit key space in 15 years with one one bit operation per traversed key must weight at least ~1.8e+21 grams, which would be quite a chunk of machinery.

This just goes to show that brute-forcing 256 bits is simply not going to happen with any civilization that isn't able to harness the power of at least one star.

That doesn't say anything about cryptanalysis, though. I think with an algorithm like AES, which has been analysed a great many times, that it's becoming less likely that there is a cryptanalytic breakthrough. It might be the case that AES will remain secure throughout the information age.

RC4 accepted up to 2048 key bits. (It is symmetric, it's just not a block cipher).
From StackOverflow [0]:

"We can't implement "AES 512 key size" because AES is defined for key sizes k∈{128,192,256} bits only; much like we can't make a bicycle with 3 wheels."

[0] http://crypto.stackexchange.com/questions/20253/why-we-cant-...

I was about to disagree with the bicycle analogy, and realized that a tricycle is indeed different than a bicycle, at least by name & definition. Clever analogy.
I love my recumbent tricycle. Legally it’s a bicycle; the fact that it happens to have three wheels is irrelevant.
Not to mention that 128bits is secure enough for the foreseeable future
There's no such thing as "end to end" encryption for webmail, unless you have a browser extension that can validate the JavaScript you were served from the host (which is capable of performing the decryption and obviously has access to your private key).

Otherwise you're just trusting that you've not been served backdoored JS by order of an NSL.

Browser extension would be useful either because it's usually autoupdated and unsigned.
Plus trusting the extension, the browser, the OS and the HW.
I wonder if they will attempt to use a 'canary' system, where each day they post a message to say they have not had to hand over any data to law enforcement. Then if they do get an order that says they cannot discuss, they just don't post the canary.You can't force someone to say something in the US can you?
> Then if they do get an order that says they cannot discuss, they just don't post the canary.

There's no need for this (anymore). You're already allowed to disclose (coarsely) the number of NSL you've received[1].

[1]: https://www.justice.gov/iso/opa/resources/366201412716018407...

> You can't force someone to say something in the US can you?

Unclear. The EFF believes you can't be compelled to lie, however you should consult an attorney with details of the specifics.

Being allowed to say "I received between 0 and 999 NSLs affecting 0 to 999 customers" doesn't really convey the same information as a canary.
How so? Enabling the canary only tells you that one or more was served/obeyed, and can't be used again. To me, 0-999 also tells me that one or more was served/obeyed.
Is the rule actually 0-999? Because they'd have to get 1000 or more before you knew there was 1 or more.
It is four pages, the first page is mostly dedications and the last page is mostly blank. It will not take you much time to read the remaining two pages and develop your own understanding.

Here is how I am parsing it:

The Office of the Attorney General proposes two options:

1. Separate category reports for NSL, FISA content, and FISA non-content requests and customers affected.

2. A single report for all NSL and FISA requests, and a report for customers affected.

If you want to distinguish between the different kind of request (category 1) then you can report in blocks of 1,000, while if you don't, you can report in blocks of 250.

With how untested warrant canaries are in the courts, I wonder how a more detailed scheme would work. Every day making 1000 public statements, each of the form "We have received no more than N NSLs."
I don't think a court will be impressed with that.
> The EFF believes you can't be compelled to lie

This always sounded fishy to me. When a NSL is served, they order you to keep silent about it, so you can't tell e.g. your own CISO. But if the CISO comes and asks, you're not ordered to lie and say you haven't received one? So if the CISO just asks you every morning, the NSL's order of keeping silent is defeated? I can't believe the courts and the executive that support NSLs in the first place would allow such a loophole.

If you find yourself in such a situation, you should consult with an attorney: Telling your CISO may put you and them at risk that you cannot understand.
While maybe literally true, "risk that you cannot understand" is a little overthreatening. Are you implying extrajudicial financial ruin, torture, murder? I doubt it, so what?
I'm trying not to imply anything, because every situation is different. Nevertheless, violating a federal order could have serious consequences, and if you need advice on this subject, you should talk to an attorney about it.
Do you think the average retained attorney will be well-versed in the subtleties of NSL disclosure?

The point being made upthread is that there is no black and white guidance, there is no secret NSL Guide Book for attornies.

Firstly, if it is illegal to tell the CISO about the NSL, it may also be illegal to tell some details to an attorney. At least, by going to an attorney, you're already taking some legal risk, in addition to incurring the extralegal wrath of the FBI.

Secondly, the FBI can serve an NSL to the CEO, a separate one to the CISO, and so on down the chain to the tech people whose job would be to fulfill the order. They can choose to serve one or some or all of these orders, and they can order some served people to cooperate and others to keep silent or lie to one another. It's not feasible to expect all of these people, some of whom are not officers of the company, to consult lawyers.

The FBI has some good material on this subject[1] and specifically permits you to disclose the NSL to your attorney so that you can comply with it.

Something important to understand is that non-disclosure is not an automatic feature of the NSL, but that disclosure binds the parties to the terms in the NSL.

[1]: https://vault.fbi.gov/National%20Security%20Letters%20%28NSL...

> Secondly, the FBI can serve an NSL to the CEO, a separate one to the CISO, and so on down the chain to the tech people whose job would be to fulfill the order

Yes, they can, however that's not what happens. The general council may advise the CEO to disclose certain requirements or aspects of the NSL to the CISO or to other parties for the purposes of complying with the NSL. They will almost certainly not recommend disclosing or distributing the NSL "down the chain to the tech people".

> They will almost certainly not recommend disclosing or distributing the NSL "down the chain to the tech people".

I meant they might target the tech people directly from the start - or someone who isn't a C-level executive, anyway - if they think the CxOs would go to a lawyer and the lower level people would just comply.

No. They will deliver the letter to the secretary, general council or a named director. They will not send it to "the tech people" directly.
Out of curiosity, how granular can the canary system be? Can say, for a Lavabit-like service, each e-mail address have a separate canary associated with it?
I had just this thought. I think your are correct. They'd have to be willing to hand over your data, or get served and taken down again.
Maybe they relaunched the service in a country where no one cares about US mass-surveillance law and it's enforcing entities...
Doesn't using a .com TLD mean they are subject to DNS seizure in the US? ...although maybe it'll redirect once they launch.
This could be a solution. I'm courious to know, maybe they will give more information when the service will be back online.
host lavabit.com && whois 72.249.41.52

Lavabit LLC - Dallas TX and Colo4, LLC - St Louis MO.

(Insert your own joke here about Americans not caring about mass surveillance...)

Not enough data yet. As court orders are served against entities, in this case a company, but agreements/contracts can also be made with an entity, a company has some unique properties many living organic entities do not posses, namely the ability to die, go bankrupt, cease to exist and then after a period of time come back to life again. Maybe Lavabit is a phoenix?
Feels very weird, especially after checking the page source:

  /*
  Count down until any date script-
  By JavaScript Kit (www.javascriptkit.com)
  Over 200+ free scripts here!
  Modified by Robert M. Kuhnhenn, D.O.
  on 5/30/2006 to count down to a specific date AND time,
  and on 1/10/2010 to include time zone offset.
  */
I mean, I get not reinventing the wheel, but given who they are, the fact that they're sourcing scripts from JavaScriptKit.com for something as simple as a countdown timer is odd. It's not even a good countdown script... like, it even has a y2k bug:

  var today=new Date();
  var todayy=today.getYear();
  if (todayy < 1000) {
  todayy+=1900; }
Kudos for not just stripping the attribution I guess, but I wouldn't trust whoever put up that website with my email, encryption or no.
Maybe it's just because he never bothered to learn JavaScript. The old website was pretty simple.
Perhaps. But if you're copy-pasting scripts from other sources into your platform without [being capable of] vetting them, then it fundamentally undermines the security of the platform.
(comment deleted)
(comment deleted)
I wonder how they plan to approach security this time, given how much of the previous demise of Lavabit centered around how they had they ability to circumvent the encryption, despite some marketing claims that that wasn't the case
Is this actually going to be secure? Because there is a reason they closed last time...
Something about me does not want to trust a webmail host who has an ad running on their front page reading "date rape appreciation station." This appalling lack of professionalism makes the entire service suspect to me.

edit: I would like to thank all the misogynists in this thread voting this down. Thanks for keeping tech a welcoming place for women and victims of assault!

Said person is also quoting from /g/. Why would you expect anything else?

OTOH, the guy does genuinely go to great lengths to protect the security of his site (and of the mail of his users), and seems to know what he's doing. So I'm not to down on him for the unprofessionalism.

I'm sure his service is just great, but, in the future, if you ever wonder why women don't go into tech (it seems so easy to, where are they?)- remember this. Tacit support of actors in the community like this make tech seem like a hostile place, or, at the very least, a boy's club of people okay with rape jokes.

It's not a sustainable atmosphere to maintain

Speaking of nurses (per quote), I worked with nurses before, the vast, vast majority of whom were female, and you'd probably be surprised at the never-ending stream of crude (dick) jokes and "sex-talk"...

Wonder if that's the reason there are so little men in nursing?!

That is different than making a joke at the expense of rape victims. Please think this through. The gender gap in another industry does not negate on in another.
I don't know where you get your "ideas", but I never said or claimed any of these things.

Then again, those nurses really were into joking about and belittling of patients, especially "stupid" ones, tho they did it behind the patients' backs of course.

I'm still not sure to this day if all of the ICU nurses calling the deceased "exes" as in "ex-living" was some kind of crude humor or a coping mechanism. Anyway, when I got my first call to collect an "ex" for pathology, I remember being stumped.

Then what were you trying to say? It looks like you were trying to draw equivalence between crude workplace humor in your line of work and the tech communities's acceptance of misoginistic rape jokes. That is what the thread was about and that is the context I placed your reply in.
Men are raped; not just women.

By the same logic there should be no dark humor involving murder since it makes things hostile for everyone (everyone can be murdered).

Infact, there should be no text talking about violence since that would makes things hostile for everyone.

It's 4chan. Again: what did you expect?
Would you please stop?
(comment deleted)
(comment deleted)
That's the point.

You're not supposed to trust it or take it seriously, at all.

It's just a host for fun, for people from *chan websites.

I'm really not sure what you're expecting.

>Rape jokes >just..for fun

Come on, as a tech community we deserve and can do better.

I'm fairly certain cock.li is nowhere near the "tech community". I don't know where you're getting that connection from.

(also, I don't appreciate you strawmanning my comment.)

If it's not your sense of humor, you're welcome to not visit the site. In fact, for the conversation at hand, you didn't at all need to do that because the quote made sense without doing so.

You're taking this comment thread greatly off topic. That's the reason for the downvotes. Not misogyny or something. Claiming otherwise makes your remark sound almost stereotypical.

>sense of humor

Rape is not a joke, by no definition is it humor.

That is kinda missing the point and the comparison is off.

Except a joke itself, nothing is a joke, nothing is by definition humor except itself.

It is sort of like saying that an engine is not a plane, by no definition can an engine fly.

Which is true because an engine doesn't fly, planes do. (Or Apache Attack Helicopters)

Humor is something you build using other parts, it's more than the sum of it's parts, no single part in of itself is humor.

Secondly, there are no rules what humor is and what it is not except that it provides laughter and amusement. If somebody laughs about a rape joke, it's by definition humor, albeit (depending on joke) not a good one by most people's standards.

Lastly, there is something called "Gallows Humor" in which (to quote Freud) "the ego refuses to be distressed by [...] reality. It insists that it cannot be affected by the traumas of the external world."

As Wylie Sypher puts it, Gallows Humor is "to be able to laugh at evil and error means we have surmounted them".

It's a natural human instinct. (I'm shamelessly copying of Wikipedia here, I'm no expert in all topics)

So while, yes, rape is not a joke and it's a very horrible thing to those it happens to and we as a society should make efforts to not allow it to happen, it can only be healthy to make humor and jokes about it. Not to diminish the victims but to diminish the perpetrators. The perpetrator is worth nothing more than a joke to us, they have no further value or meaning in society and ought to be locked away forever after we thoroughly laughed, helping the victim to recover in the next step.

That is what I want from a strong and healthy society.

>Rape is not a joke, by no definition is it humor.

Obviously, this is why South Park crashed and burned, and isn't now in its 20th season.

I don't think you quite understand: This isn't something generically out of the tech community. It came out of 4chan. This is also why we're all so blasé about it: it's 4chan.

Complaining that 4chan is offensive is a bit like complaining that knives cut things, and it won't get you much more sympathy. When I explicitly mentioned /g/, you should have known what you were in for. And if you didn't, the context might have tipped you off.

>This appalling lack of professionalism

I don't think anything about cock.li is meant to imbue professionalism.

I think one of the points is that it almost immunizes them from psychological operations. [1]

I know it sounds conspiratorial, but social justice movements in online communities can be easily leveraged by orgs like the NSA to disrupt an organization. Combined with anti-meritocracy ideals, it's easy to get someone "at the top" who doesn't have any credentials (and who isn't really trying to get there for any other reason than disruption).

It might not be his actual strategy, but the offensive things serve as a deterrent against lowest common denominator character assassinations. He has no reputation to destroy.

[1] https://theintercept.com/2014/02/24/jtrig-manipulation/

I'm sorry that demands to be less awful to groups of people that aren't you make you feel like outside orgs are attacking your freedoms in some sort of conspiracy to destroy your insulated world, ESPECIALLY considering the context that the US has used malicious actors working against gender and racial equality to destabilize groups striving for better social justice.
That does sound like a disgusting ad, but this is the sort of off-topic generic tangent that invariably makes threads worse. You've also made it worse, below, by going into ideological flamewar. Please don't do these things on HN.

Complaining about downvotes is against the site guidelines (https://news.ycombinator.com/newsguidelines.html), so please don't do this either. Assuming that downvotes signify misogyny and then responding with outrage was a particularly huge and unhelpful leap.

We detached this subthread from https://news.ycombinator.com/item?id=13295658 and marked it off-topic.

There's really no coming back for Lavabit. Nobody can trust them anymore, and this isn't just about Lavabit, but about e-mail. If a person is privacy-conscious enough not to use Google, they know not to use anyone else either.
I may have missed something about the original Lavabit affair, but my take-away was always "He's proven to be the rare individual willing to take a significant hit for his principles".

If they now added whatever the state-of-the-art is for a service such as this, wouldn't that create quite a compelling service?

> "He's proven to be the rare individual willing to take a significant hit for his principles"

i agree with that...

Although it seems 'incompetence' instead of 'evilness', he still provided a service which was not safe by design: https://moxie.org/blog/lavabit-critique/

> If they now added whatever the state-of-the-art is for a service such as this, wouldn't that create quite a compelling service?

Right, but that wouldn't be e-mail, and this seems to be e-mail. He made the decision to shut down e-mail accounts (including mine!) to prevent data leakage and that is not a decision that anyone should be forced to make; it is a deficiency of the system.

Protonmail looks interesting. They do not store keys. They can only handover encrypted data. It is open source software. - https://protonmail.com/blog/switzerland/
And it is pretty user friendly too
And yet Proton mail doesn't seem to offer 2FA? That seem like a fail. How can you sell yourself as a "secure service" without that.
Ah OK, I stand corrected, thanks. This must be recent then. They did not have this 4 or 5 months ago when I looked and I remember being quite surprised by this. I was told it was a feature that was on the roadmap. Why is this not listed on security details for the product I wonder?

https://protonmail.com/security-details

It was indeed only added a month or so ago.
What is 2FA & who told you 2FA is any useful? Master passphrase -> local key, there's no place for "2FA" buzzword in this scheme.
First of all encryption which is what a master passphrase gives you is not the same as authentication. These are two different concerns.

Second, how well does that master passphrase plus local local key work for you when you are not on your laptop or when possibly using an untrusted computer?

Are you just trolling? Two factor authentication is not buzzword.

hash(encryptionKey) is authentication key. Untrusted computer is a joke threat model, nobody uses them anymore. I'm not trolling.
(comment deleted)
For their web client, the encryption is really only useful as long as you can guarantee that the JavaScript code has not been tampered with. Once a court orders them to hand over the private key of their TLS certificates (as has happened in the Lavabit case), it's game over for anyone able to man-in-the-middle the connection to Protonmail, or for anyone who's able to compromise their web server directly. It really isn't any better than Lavabit if exposed to that threat model.
The only added defense they have here is jurisdiction. It would be unconstitutional for a court in Switzerland to order them to hand over their private key, wouldn't it?
> They do not store keys

They say they do not store keys.

> They can only handover encrypted data.

Nonsense. They could using additional installed software[1] or even their upstream ISPs could netflow/tcpdump the SMTP traffic. If the data is unencrypted coming in the door, you should assume it is always unencrypted.

I would not advise anyone to use these kinds of solutions -- they cannot offer any actual security guarantees and it is akin to walking around with a bullseye on your chest.

[1]: http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKC...

> They could using additional installed software[1] or even their upstream ISPs could netflow/tcpdump the SMTP traffic.

From memory, netflow is only the connection info (eg source/dest/byte count), and doesn't include any of the transferred data itself. Unless you were meaning straight tcpdump which could grab payload data.

Email is commonly sent over TLS too, which I think (though it's been a while) can be configured as mandatory on servers. eg not accepting unencrypted email

That doesn't mean this is what's happening here, I'm just pointing out it can be done. :)

> Email is commonly sent over TLS too, which I think (though it's been a while) can be configured as mandatory on servers. eg not accepting unencrypted email

However the thing that decrypts the TLS jacket isn't the user's key.

Might as well not be there for some threat models.

i just went through several paid email providers over the last few days and was astonished to see how few allow wildcard mailboxes on custom domains.

protonmail is one of the worst in that regard with only 5 aliases on a regular subscription.

I use FastMail, they handle custom domains excellently.
Agree. FastMail does email very well.
If by 'regular' subscription you mean the cheapest yes it is limited to 5, but you have the possibility to increase it by 5 by paying additional +0,75EUR/month, up to 50.
MxRoute worked for me, I bought in Black Friday.
Weird. I get a timeout for that domain (everything else is fine), but only on my LTE connection. No issue on my fibre line.
DNS probably didn't propagate yet.
It's a proprietary service, though. Sending an encrypted e-mail to someone outside of Protonmail results in them getting a link to a https url to read the message.

I get that it's a legitimate POV that PGP has been proven to be unworkable (although I still don't see why a well-designed client integration wouldn't work). But e-mail is a wonderful, open ecosystem and it's already fighting against the onslaught of proprietary services like FB messenger, slack, iMessage etc. – all of which restrict access to it to approved clients if they allow them at all.

Slight nitpick, slack allows XMPP and IRC clients to connect if you get your admin to flip a switch. They can't obviously guarantee the security of arbitrary clients and so they have it turned off by default.

Email is a great and open system though. Horrible in many ways, but also wonderful.

Thanks for nitpicking.

And yes, email has all sorts of problems, although I'd argue that since the spam problem has essentially been solved none of those actually impact the end user anymore. I'd only wish that it were easier/possible to securely run your own mail server.

On the web side of things, it also appears as if we've gotten to a point where it's easy for the vendors (Google/Apple/MS) to innovate without threatening openness. I'd wish we'd be in the same situation for messaging/mail.

> since the spam problem has essentially been solved

Tell that to the Indian recruiters who flood my mailbox.

> Protonmail looks interesting

Yes, but beware, does not support local (encrypted) backups. If their servers disappear for whatever reason (DDOS, legal issues, hardware problems,...) you end up with 0 e-mails. Nothing.

Without any details on why this time the service is secure and won't be able to hand over actual user data, it is hard to get excited about the relaunch. Also, nice marketing ploy with re-launching on Inauguration Day.
Is this supposed to imply that they feel they'll have more freedom/less censorship under Trump (Jan 20 is inauguration day)? Does FISA change ownership/control between the parties when a president's term ends?
No, it's implying a heightened need for secure communications with the new administration.

And no, courts aren't owned by parties. FISA judges are appointed by the Chief Justice of the Supreme Court. That's been a conservative for the last, ugh..., well longer than FISA exists, anyway.

Also, even if I subscribed to the current dystopian view of politics, I'd argue it's never the parties that excerpt control of a court, but always the administration. There is, in theory as well as in practice, a difference between the two.

I'm running my own e-mail server now using mail-in-a-box. Don't think Lavabit can beat that. If you want secure e-mail use PGP.
If it's running on a VPS on AWS or somewhere, it's still subject to the provider tampering with it.

Secondly, PGP is not nearly widespread enough to be considered secure and additionally provides no anonymity properties which in this day and age should be the focus of any secure e-mail provider.

Additionally, running your own email server also reduces the anonymity to basically null and leaves you with a weak pseudonymity at best.

(comment deleted)
Does this mean Groklaw will come back?
Ladar acted with integrity and self sacrifice. He's earned trust in a way that not many others have.

I am looking forward to trying darkmail, or whatever they're branding it as now.