95 comments

[ 4.7 ms ] story [ 170 ms ] thread
Nowadays is GPG/PGP-ing your emails really that hard? Thunderbird supports GPG on all platforms, Apple's default Mail works with PGP/GPG, I'm sure there are plenty of windows clients that do the same. In additional, online providers like Hush are bringing PGP to the masses without them having to know what in fucks name it is.

Even if you don't encrypt every mail you send, signing is a good idea. Is it unnecessary in many circumstances? Yes, but at least I find it nice to be able to verify authenticity. I don't understand why my bank (Wells Fargo) can't figure out how to sign all their emails [1].

______

1: https://www.wellsfargo.com/downloads/pdf/com/cps/Secure_Emai...

Yes, they can sign some emails...but it requires someone inside WF "sponsor" you to be added to their PKI and it still won't lead to signed or even encrypted emails for online banking. WF is also particularly egregious in not offering real 2FA...they count a username AND a password as "two factor authentication". sigh

GPG support is actually one of the very big things that has kept me using KMail even with Akonadi's rather poor support for POP3 w/ filtering. Being able to expand that web of trust even to businesses and among the tech-savvy would be wonderful, if only to increase awareness of the idea that things which need to be secret from unintended viewers (including, but not limited to, the NSA) need to be encrypted.
Why not move over to thunderbird? It supports GPG through enigmail
I don't need extensions with Kontact, it's built-in. Also I still use Akregator and the organizer/calendaring.

What I'll probably do is to switch my damn email over to IMAP at some point, apparently that's what the kdepim devs are all using... but I don't want to have to fix all my filters, and then I would have to use fetchmail and run dovecot or similar to have my email on my own computer.

Thankfully Dovecot + Sieve makes the transition pretty easy.
"Nowadays is GPG/PGP-ing your emails really that hard?"

Try convincing people to not use webmail and accept the fact that they cannot just check mail on whatever random computer they come across. I speak from experience: this is the biggest hurdle.

Have them use Hush, or any number of the in-browser GPG/PGP extensions that will encrypt your gmail then! At least their webmail is encrypted then (and Hush integrates with most of the notable PKI servers). You have to start them somewhere, just lamenting about it isn't going to change anything. I've moved my family and friends into GPG over the lsat few years and now I receive GPG-encrypted mail more often than not.
Browser plugins are good, but they do not solve the problem most people have complained about to me: that they cannot check their mail on their friend's computers, at the library, etc. Hushmail is snake oil, I would not recommend it to anyone and I doubt that it is even relevant to the problem at hand (how to communicate privately in a world of NSLs).
Use a USB key with everything installed on it in a portable fashion. The Tor Browser Bundle is something like this.

Two issues with this method are that TOR is 80% funded by the us government, using a computer opens you to backdoors.

But at least that's a good start.

Speaking to that, there is a tool called Penango at https://www.penango.com that is a browser plugin that supports GMail at least.

I haven't tried it but if anyone here has, now would be an awesome time to tell us how it went.

And after that is the increasing use of smart-phone clients which don't have support.
Set-up can be daunting, but I always found that entering one's password every time a new mail comes in is unbearable. They should highlight that the pgp password timeout can be changed to something less intrusive.
The default timeout, at least for gpg, is 3600sec (1 hour) which should be more than enough for the majority of people's emailing habits (Sitting down and checking / emailing once or twice a day). Recently setup has become super easy[1], especially on the OSX or *nix side of things. OSX probably has the easiest flow, all you have to do is install one thing[2] and you're off. It will walk you through everything[3] and it supports the built in Mail.app.

_________

1: http://www.gnupg.org/related_software/frontends.html

2: https://gpgtools.org/

3: http://support.gpgtools.org/kb/how-to/first-steps-where-do-i...

>When you run GPG Keychain Access for the first time, the window will be empty or contain only the GPGTools Project Key (delivered via the GPGTools Installer).

>If you don't have a private key, you'll be prompted to create a new key pair.

I think most people respond to their mails pretty much as they come in. I'd add that in corporate settings a norm of near immediate response has developed. I've set my timeout at 9999sec -- mutt throws in an error if I add a digit.

I don't use OSX, but can you comment on how easy key exchange is nowadays?

I have to admit that I have it set up and ready to roll, but pretty much no one I know is willing to take the plunge.

>I think most people respond to their mails pretty much as they come in

Maybe when at work, but at home most people (Especially of the older generation) seem to check their email a few times a day.

Corporate users should never be using webmail on their work computer...If they're MS Exchange based, they should be using Outlook and their exchange policy should allow (and prefer) S/MIME. There are a variety of plugins for Outlook that support GPG and S/MIME is already signed and encrypted.

Pubkey's should always be make available through the existing online PKI services. I personally send all my keys through pgp.mit.edu to be mirrored world-wide. Key-exchange (For High to Ultimate trust scenarios) is simple and easy. Send someone your pubkey by signing it with their pubkey and email it in a signed email (with signed attachments) to them. Have them do the reverse.

> they count a username AND a password as "two factor authentication"

I was so flabbergasted by that I had to look it up and it seems like you're wrong. This page[0] describes a feature called Advanced Access that sends a code to your phone whenever you do certain actions on the website.

[0] https://www.wellsfargo.com/privacy_security/online/advanceda...

Encrypting email would only make sense if both sides are equally encrypting it. If you're using the most paranoidal encryption, but your email buddy does not - than it's all just plain silly.

But even then if Joe and Bill suddenly got smarty-pants and started encrypting their communication - NSA would get suspicious and will find out what you guys are up to via other channels.

"The best way to hide information - is to convince others that it does not exists" --Me

PS: The ultimate solution would be to use Tor-based email (similar to tormail.org) at both sides AND encrypt it from both ends.

Then NSA does not know who is communicating and NSA does not know what they are talking about.

Problem solved.

>>Problem solved.

I wouldn't be so sure. Snowden was hinting at the NSA having the mechanism to break encryption. I lost the exact quote, but it was a direct response to the suggestion that we encrypt everything, and was something along the lines of, "you wouldn't even believe what the NSA is really capable of - it's scary."

Even if they don't have the means to get around encryption, you still aren't fully secure. What if you have a keylogger installed on your machine? What if the hardware itself has been designed to aid the NSA? Intel, after all, is one of their regular collaborators.

If they have to install a keylogger, at least they have to specifically target you.
If NSA can break modern crypto (especially if they can do it in real time) then it is a secret at least as big as Ultra/Magic and the NSA wouldn't ever dare to use anything they found on you this way, even if it was the only way to prevent another 9/11.
But they will know you are using Tor.
Better that than them knowing exactly to whom and how much you are communicating.
If this becomes popular (easy-to-use bundled software is a must), knowledge about whenever one uses Tor or I2P would be as useful as knowledge that the person in question uses the Internet.
"Rot13 is enough encryption for everyone." --Me
Rot13 may not be, but a randomized numerical substitution cipher along with good encryption should be enough to throw off anyone snooping.

It is complicated to explain to your family that they should make their emails a jumbled mess, however...

> But even then if Joe and Bill suddenly got smarty-pants and started encrypting their communication - NSA would get suspicious and will find out what you guys are up to via other channels.

Unless everyone used encrypted email.

And the only way to achieve that is to make it really easy to use, i.e. to have a zero user interface, so the program automatically encrypts it on the way out and automatically decrypts it on the way in. Key distribution can be handled by putting the public key in the header.

The only drawback is this is vulnerable to man-in-the-middle attacks.

Are there any heavily supported projects that seek to replace email as we know it with a 'secure by default' implementation?

I.e. One that keeps the decentralized simplicity of email as it is today, whilst both securing it and removing the negatives, such as spam?

If Microsoft, Yahoo and Google got together they could flesh this out, and as long as the specifications were open and license free, then other third parties would start to develop SecMail servers.

None that I'm aware of, and IMO none is likely to be launched any time soon.

Email is open and license-free, only because it was invented back in the days when not even Richard Stallman saw any need for free software. If email were reinvented today, you'd end up with something very different. It would be copyrighted, patented, and supported by corporations who have strong financial incentives to keep it locked into their proprietary platforms.

The only company that I can think of who might have a chance of success at producing an open and license-free reinvention of email is Mozilla, but they don't seem to be particularly interested in email nowadays. Thunderbird has been stuck at version 17 for ages.

Only one webmail provider would need to deploy PGP-by-default to start the ball rolling. The system is currently in a dynamically stable (extremely) insecure state. Starting widescale adoption of PGP would disrupt the state of the market and, perhaps, lead to an escalation of deployment security.
How is PGP not a solution here? You are (a) using the email system, (b) your messages are privacy, and (c) your mail client will perform spam filtering. If you need to hide who you are communicating with, there are anonymous remailers, or you can broadcast your encrypted messages over Usenet.

Really, these problems were already solved a long time ago, but people thought it was just paranoid to even suggest that the solutions were necessary.

Explain PGP to my old mum. It has to be a seamless replacement, without barriers to entry. PGP is certainly not easy for anyone, and that's the problem. It also depends on the receiver and sender having the same technical knowledge. Again not seamless.
"PGP is certainly not easy for anyone, and that's the problem"

I have managed to explain it to people with no technical background, and they were able to use it within a day. It is really not that complicated. Most people give up on it not because of the difficulty of using it, but because they want to be able to read their email from whatever random computer they happen to find lying around. Smartcards are part of the solution, but you would need browser support (yeah, I am looking at you Mozilla) and the willingness to buy them.

The wrong approach is to assume that everyone is completely stupid and absolutely helpless. People in general lack knowledge about computers; they does not mean that they cannot be taught something new.

Firefox supports smartcards. I actually like it better than IE, though it was difficult to make the initial setup happen.
Meta Comment: Considering that Ars is mining their forum database and pissing off members/subscribers to post tabloid-style shaming articles about the NSA whistleblower, I believe the first step in privacy is to avoid visiting their web site ever again.
Actually, their approach was pretty reasonable. Another site did it before Ars did in a more tabloid manner.
As a long term, now former subscriber, I have to disagree with you. It's all about the page clicks today, fuck the users.
That may be, but really... privacy is dead. It is pretty much impossible to not be outed out on every last forum you used to participate in when the whole world has an eye on you. If Ars hadn't done it, someone would have put the pieces together.

In this day and age, to ensure 100% privacy you have to _really_ go out of your way. It's difficult for cypherpunks to pull it off, let alone normal users.

They used publicly available quotes. Are we not allowed to post any negative coverage of Snowden now?
Hmm. Need to add my public key to my About page. Thanks for the reminder.

I wonder if I can add it to my LinkedIn profile?

They appear to take a SHA1 Checksum from an unencrypted (non-HTTPS) website to verify the integrity of the download.

Surely if you're worried about the integrity of the file you should also be worried about the integrity of the source website also?

Yep, they're still rather vulnerable. I guess their approach would stop a dumb MitM which just replaces any .exe download. It also protects against the download server being compromised, assuming the original server is fine and your connection is clean.

The best way is to check the signature, but that requires GPG in the first place (and trust on the key remains hairy). At least they could serve the site with HTTPS (GPGTools does this right).

We are now using S/mime and in today's Apple+Thunderbird products it's completely built-in and pain-free. Set it up once and after that all emails get encrypted automatically, you don't even need to press a button. Provided of course that You were able to convince your colleagues to invest those 10 minutes to set it up as well. PGP Was painful because every Mail.app update broke it, not sure about the current state-of-the-art there. But the whole point should be: it is not much of an annoyance anymore! Zero annoyance after installation, Works even on your iPhone etc.
Since it's latest update from end of March, MacGPG is fully compatible again with 10.8.
I can't support arstechnica anymore after the hatchet job done by joe mullin against snowden.

http://arstechnica.com/author/joe-mullin-2/

How would you feel if your hacker news posts over the years were trolled into a very personal post about you on hacker news, done by a hacker news employee? The whole thing is creepy.

(comment deleted)
I'm sorry, but since when has quoting what someone publicly said been a "hatchet job"? 90% of it is quotes of what Snowden said, there's very little commentary. As the article pointed out, his identity on Ars Forums was already outed by Buzzfeed.
The term you're looking for is "quote mining". If you take only the most opinionated parts from a large enough corpus, you can make almost anyone seem like an obsessive radical. It's all the more dishonest for that it claims honesty on the basis of technical truth.

(I challenge anyone investigating my past to include this tidbit :)

(comment deleted)
I'm surprised more people haven't read between the lines: the NSA is in possession of quantum computers and interference based decryption is probably already in standard use. Insiders also have dropped hints the Tor networks is, in fact, a trojan horse. We basically have two * extreme * options: 1) a trusted courier with a sealed envelope (don't underestimate this Game of Thrones like scenario as the US Military defeated itself in the largest wargame in the gulf by using courier, sealed envelopes, and motorbikes) and 2) quantum cryptographic communication. The latter is still only the realm of university labs and down at LANL but I read a paper which stated it's physically possible to pass keys along ethernet cable, but all parties need a device which acts as a gate. This in turn opens up Alice and Bob to traditional decryption methods if they're not air gapped from the web.
(comment deleted)
Quantum computers do not allow you to break all public key cryptography, they only allow you to break the common forms in use today.

For some example algorithms that are not vulnerable to quantum computers, see: http://en.wikipedia.org/wiki/Post-quantum_cryptography

Also, it would be quite remarkable if the NSA had quantum computers capable of breaking 2048 RSA or PGP keys. Possible, but extremely unlikely.

Ah, thank you for sharing this. I agree it's unlikely but given some of the * cough * political events as of late it seems more and more likely. Taking off my aluminum foil hat now...
> Possible, but extremely unlikely.

It doesn't seem improbable that the NSA are already recording encrypted communications because they are cheap to store and and have a reasonable chance of being broken in the future. They don't even need to break the algorithm for that data to become useful.

In particular SSL encrypted web traffic of sites they suspect they might physically raid (or have cooperation with) in future seem like an excellent target. Although hopefully the increasing awareness and deployment of perfect forward secrecy should help with that attack.

Exactly, the only real solution I see is to break up the government into many small governments, with small budgets, and controlled by the people.

Not the other way round.

It's very unlikely. Just look at who they are hiring, still mostly mathematicians. Quantum computing is mostly physics, chemistry, and a lot of painstaking engineering.

Unless they are secretly borrowing people hired on at e.g. the DoE, I just don't see it.

Consider that In-Q-Tel, the VC firm whose sole purpose is keeping US intelligence agencies ahead of the game, [1] is one of the primary investors [2] into D-Wave, the first company to create a commercially viable quantum computer. [3]

[1] http://en.wikipedia.org/wiki/In-Q-Tel

[2] http://www.dwavesys.com/en/pressreleases.html#investment_201...

[3] http://en.wikipedia.org/wiki/D-Wave_Systems

Which wouldn't make a lot of sense if they already had a generation of quantum computers with enough qubits to brute force RSA-1024.
Google moving to 2048-bit is probably an indicator of what they see as vulnerable.

Because of the current developments int the press this challenge is being viewed in the context of the NSA, but other foreign intelligence services also pose a threat to user data.

> Quantum computers do not allow you to break all public key cryptography, they only allow you to break the common forms in use today.

True, but it's the public key cryptography in use today that I'm concerned with!

Concerning whether Tor networks might or might not be compromised trojan horses:

Reason why it might be: 80% of the Tor Project's $2M annual budget comes from the United States government (says wiki), this perhaps implies that the US gov. has some influence or control over what goes into Tor, and so if there's anyone who knows how to identify Tor users, it's the US gov.

Reason why it might not be: Snowden had Tor stickers on his laptop, that sort of lends credence to the fact that NSA doesn't have it down yet on how to id Tor users and it is still a good and reliable anonymity tool.

You missed the biggest reason why it probably isn't: Tor is Open Source. The chance of any deliberate Trojan Horse being added in such a high profile project is virtually nil.
He was referring to the possibility that the NSA can already crack the underlying encryption algorithms via quantum computing, etc. If that's the case, being open source and correctly implementing the encryption algorithms is moot.
LOL. You offer the presence of stickers on a laptop as proof of anything. What a joke. Perhaps the govt money is because the gov needs cover traffic just like everyone else. Or perhaps the feds have a vested interest in providing a secure comm channel or dissidents in unfriendly countries.

I need to reinstate my moratorium on reading HN prism discussions. I can't wait to tell people:

"Its not the academic literature or availability of the source code that makes me confident in tor's security, its the stickers I saw on a laptop"

Didn't we just see a story posted to HN about how those who believe in one conspiracy theory are likely to believe in others? They make the evidence fit their worldview, not the other way around.
Quantum decryption sounds expensive and time consuming, so they wouldn't be able to apply it to everything. As long as you have something basic going it might be enough deterrent to keep you out of the light. You just need a better bike lock than the other bikes have on the rack. I guess if you're being targeted specifically then there's not much you can do though.

Also, do you have more info about the courier/motorbike thing? It sounds interesting.

Please show me where the hints about Tor being a trojan horse. That is not a challenge, I am really interested. If these allegations are true they represent a serious reputation risk to the EFF.
Okay, so lets assume that the NSA has quantum computers that can decrypt RSA and ECC with ease. They would have to assume another state funded effort by someone like China could do so as well. Then the NSA wouldn't issue recommendations that the US Government itself use these encryption methods for TOP SECRET and CONFIDENTIAL documents.
The military exercise in the gulf that you mention is the near-equivalent of what Kirk did in the Kobayashi Maru scenario, so I'd be careful with how much you draw from that inference. There are certainly lessons to learn, don't get me wrong, but unless you have the details on the war game and the training to understand what happened and why then you're guessing just as much as anyone else is.

Besides, the government can easily get human informants; there's no such thing as a truly trusted courier system.

I think it not outside the realm of realistic to imagine that the NSA has the ability to break all/nearly all encrypted data with ease. I mean, I have had quite a few friends with PhD level mathematics degrees hired by the NSA. Haven't heard from them in a while, but I can guess at the reasons behind hiring people like them.

Basically I would say the question isn't if we should encrypt e-mail (I think we should in general, regardless of NSA spying), but instead what encryption methods (if any) exist that would be beyond the capabilities of the NSA to easily break.

New startup concept: 3d printed wax seals!
What about Android and iOS? Any recommendations on email clients with a somewhat good user interface and experience?
I am not sure if such system existed in the past or if I read about it in some sci-fi book, but it worked as follows:

You generated your key pair. In (almost) every country in almost every city there were “key signers” (basically trusted members of the PGP community). You met with them and they verified your identity and signed your public key. You needed to visit couple of them to get enough signatures to obtain certain level of trust in the PGP community. Once your level of trust was high enough you could start signing keys of other people. Too good to be true I guess…..

As far as I know, that's pretty much how it used to happen. I do believe there even used to be things called 'key signing parties' which was just a way to get a heap of people to do it en masse. Not to be confused with simply a 'key party', though, I presume.

  joey@gnu:~>gpg --recv-keys 2512E3C7
  gpg: requesting key 2512E3C7 from hkp server pool.sks-  keyservers.net
  gpg: key 2512E3C7: "Joey Hess <joeyh@debian.org>" 24 new   signatures
  gpg: Total number processed: 1
  gpg:         new signatures: 24
KSP's still seem to be alive and well. I'm sure the NSA has long since pulled in this info about the people I met and signed keys with at Linux Conf Australia this winter. (Of course I Have Nothing To Hide.)

If you're using any Linux distribution, there is certainly use of the web of trust at many points in the development, build, and delivery chain of its software.

Anyone know why it is that banks and the likes are not signing their emails? Seems like the perfect use-case.
Because the UIs for email encryption suck, few customers would verify the signatures and it would create another avenue for phishing.
Mine used to (via S/MIME). They fell a year or two ago back to a CYA boilerplate text that reads "email is inherently insecure blah blah blah".
Why do you even want to keep the NSA away? I am more worried about companies such as Intelius than the NSA.

Private companies such as Intelius are posting my personal information on the internet.

Anyone who knows my real name can search the internet and find out where I work, my home address, my spouse's name, my home phone number and my age. I didn't put any of this information on the internet, in fact I don't even have a facebook account. Private companies collected and aggregated this information and put it on the internet. Some of the information came from public records (for example, home address from property ownership records), but some was very private (such as my home phone number, which is not even in my name and rarely given out). This is a huge violation of privacy and I have no way of stopping it. Anyone that wants to harm me can find out where I live with a few clicks of the mouse.

I am not worried about the government spying on me. I am very worried about these for-profit businesses spying on me and outing my information on the internet. Why isn't arstechnica writing stories about that instead?

>I am not worried about the government spying on me. I am very worried about these for-profit businesses spying on me and outing my information on the internet. Why isn't arstechnica writing stories about that instead?

You have the right to a private conversation. You don't have the right to a secret existence. Directory information (like a phone number) is not that private because there's nothing anyone can really do with it besides call you. We don't really recognize a right not to be called. Your phone records, however, lead to information about your friends, lovers, and business dealings. Exposure of that information is a much bigger deal to most people than the mere fact that they exist.

I wonder how much the use of methods to avoid detection by the NSA triggers warning flags that puts you under more individual scrutiny.

Sure, you can encrypt most things, but then maybe you look suspicious so you get special attention. Can you encrypt everything? Of course not.

Maybe.

But the real problem is: encryption is really only a short-term solution, we need a more fundamental one, see: https://news.ycombinator.com/item?id=5879308

How is encryption a short-term solution? We want to be able to communicate privately, without having to trust Google or Facebook to respect our privacy or protect us from external threats. The answer is to encrypt our communications. In the case of social networking, we probably need something more sophisticated than just public-key encryption, but researchers are already presenting solutions:

https://www.cis.upenn.edu/~arielfel/pub/Frientegrity-UsenixS...

If the government will not respect our privacy -- and frankly, there is no reason to believe they will -- then we need to take matters into our own hands. We need to use cryptography to protect our privacy, so that no matter who comes into power we can communicate privately. That is a long-term solution, one that outlasts the government.

First things first.

PGP is useful, but pointless on a system that may be compromised/backdoored at any time (e.g. Windows, iOS, Android ... ). So the first - and possibly most annoying - step would be to install a secure OS.

Please describe how these operating systems could be compromised "at any time"?
> Please describe how these operating systems could be compromised "at any time"?

Targeted, automatic updates by the vendor with a suitable payload.