130 comments

[ 4.7 ms ] story [ 123 ms ] thread
Well it is good that NSA have never heard about zero day exploits. Otherwise think of all the nasty stuff they could do to a machine.

Stop with the proofing stuff already. Security is hard and relative. Having a very hardened system can only take you so far. Also it makes you visible - a lot of encrypted traffic is red flag for these kind of agencies. By claiming something is "Villain of the month" proof you just may put someone that really needs security in hot water. In some parts of the world literally.

>Stop with the proofing stuff already.

>By claiming something is "Villain of the month" proof you just may put someone that really needs security in hot water.

+1

(comment deleted)
Not quite. The HN crowd loves encryption and security porn. We love the feeling of sticking it to the man (almost every technologist has anarchistic streak in them). No key is big enough for us and you could always throw 1000 more PBKDF2 rounds. But for the majority of us encrypting our communications is low stake poker game at worst. And for the majority of that majority no adversary is even present. For us the snowden leaks are a matter of principle.

I hope for the day that all traffic over the net will be encrypted and outside of the peeping toms reach. We are not there yet.

But for now - out there - there are people that really need their communications concealed. And it is serious matter for them. Being invisible right now is better defense than having impenetrable fortress.

Will you recommend the setup described in the article for someone who can get in real trouble if the government is able to read her communications or even the learn that she is just communicating (this alone could be damning) with someone?

I always thought that if the NSA really wanted to target my data, they would

a) Hand me a letter signed by a judge.

b) Delay my luggage at the next convenient airport and have a look.

c) Have someone break into my house.

d) Have someone rob me personally.

For all these, a self-hosted mail server offers no protection whatsoever. And for none of them, any zero day exploits are needed either.

The was a great tutorial! Would a raspberry pi have enough power to tackle this setup? I only ask because I have seen similar self-hosting projects on a pi, but nothing quite this complex.
Full-text indexing via Solr would certainly kill it (if it runs at all — what's the JVM landscape like on ARM?) but many of us have been running a similar setup on a vastly less powerful NSLU2.
> NSA-proof your email in two hours

Or just get used to using decentralized and encrypted p2p communication solutions. No server to set-up, just the client to install.

Have recommendations?
RetroShare
Thanks, that looks useful. Quick questions: would non-tech friends and family be able to use this? Problems being behind a NAT?
You should just exchange your public keys with your friends. The software makes this easy: it can create an email with your public key and open your default MTA for sending it to your friends. Then they can easily import the received email (with your public key attached). Then, of course, they should send their public keys to you.

There is no problem being behind a NAT, it supports UPnP / NAT-PMP port forwarding.

If you are in the US, you are not NSL proof.
Yes, the NSA could still get your metadata, content from your ISP with an NSL, but this would eliminate the possibility of getting your email directly from the g00g
Given that 'the g00g' is delivering email in accordance with the very same NSLs I'm not sure how that's really better though. I would certainly place more faith in Google to properly maintain the security and configuration of an email server than myself.

The one advantage I see is that someone has to write the NSL in the first place so if you use a hosting provider that is very small you'd probably avoid attention just due to prioritization of resources. But that would only last until enough other people become aware of that refuge for it to become visible on the NSA's radar...

Yep, you are absolutely correct. This approach is only for the truly paranoid. But if you host accounts for your friends, family, and s/o, then your messages / metadata will never go out onto the web in any readable form. Yes, emails from businesses and other people will be visible but it is certainly a better setup if you care about your privacy.
How is this really NSA-proof? If your family/friends/colleagues are using GMail/Outlook/Yahoo/etc. to send you emails, the security of those emails is anyway compromised.
But if your family/friends all have their email hosted on your server then it's "safe".
Great article about setting up a mail server, but the privacy claims seem a little dubious. Private email takes two. Running your own server won't do much good if all of your email exchanges are with people on gmail, hotmail, yahoo, etc.
If you are still using GMail (or Yahoo, or arbitrary US-based email company) in August, your right to complain about the NSA spying on you is revoked. If you’re complaining about government spying on the Internet, or in a gathering of programmers, and you won’t take basic steps to do anything about it, then you’re a hypocrite, full-stop.

I don't understand this point of view. Your opinion on how fair or legal or morally right a law is has nothing to do with the steps you've taken to avoid that law.

Why do the "basic steps to do anything about it" stop at protections that the technically-skilled can take, rather than contacting and complaining to your Congressperson or otherwise actual attempts to have the law changed?

And how useful is it to run your own encrypted email server if the email message itself isn't encrypted in transit?

You're spot on, the argument is completely invalid. It's the same premise used when people claim you have no right to voice your opinion about an election if you don't vote.

It's an argument form of attempting to intimidate the reader, and very lowbrow intellectually.

It's a pretty comically police state'y attitude to say that anyone's right to complain is ever revoked under any circumstances. The author apparently is immune to being aware of his own hypocrisy.

Abstaining != apathy.

If you vote "none of the above", or spoil your ballot, you have my respect. Heck, if you sit it out and chill, that's cool too.

But if you can't be bothered to participate, or worse discourage others with cynicism (Trey Parker, Matt Stone), and then complain, I have nothing but contempt for you.

That said, running one's own email server is nothing like voting.

Jello Biafra once proposed a system where every ballot has a "None of the Above" and if that option wins, you do the election over with all new candidates.
Here in Portugal we can just submit a blank ballot, and it gets counted separately from the spoiled ballots. Seems easier than adding a new option to every ballot.
Sure, you can do that in most American elections too, but do the blank ballots have any effect besides registering your discontent in a tally.

(For what it's worth, I think that if you don't like anyone on the ballot, you're much better off encouraging better people to run or running for office yourself.)

Great idea. Good for election integrity too. "Under votes", common down ticket, allows someone to helpfully making a choice for you. Those down ticket races like sheriff, auditor, judge are pretty high stakes, often decided by just a few votes.
Elections aren't cheap. Who pays for the redo?
They're also not cheap to campaign for - politicians will want to avoid do-overs.
(comment deleted)
I think that speeding laws should be abolished on highways and interstates, road surface permitting. I really do.

I also don't surpass 10% over the limit. Neither do I have a radar detector, nor a GPS unit that maps speed traps.

Does this make me a hypocrite? Of course not.

But you would be a hypocrite if you also complained about people speeding in the street where you live.
Would I necessarily be? Perhaps I believe that speeding is particularly unsafe when it is not permitted and therefore not expected.

However I think this analogy has strayed too far and broken down. I'm not sure how complaining about others speeding maps back to encrypting email. (Also, I don't actually care when other people speed, so long as they don't do it recklessly ;)

Residential streets are not at all the same as highways and limited-access interstates.
> And how useful is it to run your own encrypted email server if the email message itself isn't encrypted in transit?

It isn't, of course.

The proportion of mail that is encrypted is the square of the proportion of email users who have encryption set up (assuming all email users are equally likely to mail any other user). So if 1% use encryption, only 0.01% of emails will be encrypted. If we want most mail to be encrypted we need 70% of people to use encryption. This means it has to be REALLY EASY TO SET UP AND USE.

Ideally, when someone buys a PC/phone/tablet, and uses it to communicate with others, it should do strong encryption out of the box, so that the user would have to take explicit steps to not encrypt.

Most of these devices run software controlled by Microsoft, Apple or Google, all of which are deeply implicated with the NSA. So it's futile to expect that they will willingly protect their users' privacy. Therefore the next best thing is to write software that once installed will be really easy to use, that is to say in normal operation it will take no effort at all to use (zero user interface).

Just why isn't key distribution an SMTP extention? I'd expect there to be an RFC for it, but I couldn't find anything. (I'm not talking about DomainKeys. I'm asking why an SMTP client can't ask for a recipient's public key, and if it exists do the encryption.) Here is a blog post about it:

http://www.illuminatedcomputing.com/posts/2013/07/public-key...

I've always assumed that encrypting my communications is akin to demanding the authorities pay special attention to my activities.
That's why everyone should do it. For everything.
I think defaulting to encryption is great for businesses. A friend who does security policy for a big corporation is always complaining about data egress, and closing even one vector would help. And within the corp you control the MTA and MUAs, so you could at least secure intra-corp communications. To him, leaking info to a competitor or the public is a bigger deal than the NSA.
Absolutely. I implemented 5 regional health information exchanges. We resigned ourselves to accepting that a disclosure was a matter of when, not if.
I'm currently writing software that essentially does this. It doesn't put the key in the SMTP protocol, but in the mail header, e.g.

    X-Purrcat-Key: ...public key goes here....
Well I commend you for moving things forward! Have you talked with any security professionals about possible pitfalls of using mail headers? I was sort of hoping tptacek would come on and tell me why my idea is no good. :-)
Not yet, though the project will be open sourced, which will hopefully enable other people to catch any security holes I've left in it.
This seems like it would work if you wanted to encrypt a reply message, however how would you get another user's public key if you're the one initiating the first conversation?
There is TLS for SMTP, which admittedly doesn't protect the email once it gets to the server, but at least helps en-route.

Also, I don't think there's a problem around the fact that most of the time you don't communicate directly with the recipient's smtp server - relaying is definitely a part of SMTP. It would work in the case of running your own SMTP server that you use to relay mail (assuming you encrypt your own SMTP sessions), but you'd need smtp servers to recursively query for the public key if you want to enable relaying.

This is starting to sound suspiciously like DNS, so why not just store the keys there? There are already ways to do that:

http://www.gushi.org/make-dns-cert/HOWTO.html

Add in DNSSEC records and you can be pretty certain you have the right key.

Thank you for replying! Relaying does seem like a fatal flaw. DNS seemed like a bad match for per-user information (rather than per-domain), but indeed that HOWTO gives a nice way of working around that. So it's just a question of MUA PGP modules trying that mechanism.
> If we want most mail to be encrypted we need 70% of people to use encryption. This means it has to be REALLY EASY TO SET UP AND USE.

Given most users' utter ignorance about any technical matter (a consequence of the intellectual laziness our age promotes IMHO), I think the only useful way to ensure this is to make it the default in any e-mail client. But this is still only half the way uphill -- it also means storage should also be secure, including remote ones like Gmail, or that users should become educated enough to stop using services that aren't.

The first one is unlikely to happen IMHO, as it would mean companies that depend on mining your e-mail, like Google, would basically have to stop doing it. The other one is even more unlikely to happen as it would require people to actually invest time in using computers, something which our society has constantly brainwashed to think they shouldn't do -- everything should be plug'n'play and trivial and just work out of the box. Heaven forbid you'd actually have to understand the whys and the hows.

Now that our decades-long dream of seeing everyone having access to a computer and to a vast network of information has finally come true, it doesn't look like such a beautiful dream anymore...

> I think the only useful way to ensure this is to make it the default in any e-mail client.

I agree.

> But this is still only half the way uphill -- it also means storage should also be secure

That would be ideal. But even without that, something useful has been done since it is practical for the NSA/GCHQ to read all internet traffic, it is not pratical fro them to burgle everyone's house.

If PCs come with encryption as standard, it needs to be a steganographic file system, with multiple keys revealing different sets of files and with the number of possible keys being very large. Otherwise, an adversary could simply use rubber hose techniques to get the information.

> including remote ones like Gmail

Gmail represents a single point of failure and is thus always going to be attractive to an adversary. Anything stored unencrypted on gmail, Google Drive, or equivalent -- one should assume the NSA can read it.

> The first one is unlikely to happen IMHO, as it would mean companies that depend on mining your e-mail, like Google, would basically have to stop doing it.

You're right in that gmail's business model is basically anti-privacy. We need to convince people to use local email software not store their email on a remote website (such as gmail).

> The other one is even more unlikely to happen as it would require people to actually invest time in using computers

You're right, because it's impossible to have a zero-user interface filesystem encryption (since people need to type in their password).

> something which our society has constantly brainwashed to think they shouldn't do -- everything should be plug'n'play and trivial and just work out of the box.

There's certainly an element of truth to this.

> Now that our decades-long dream of seeing everyone having access to a computer and to a vast network of information has finally come true, it doesn't look like such a beautiful dream anymore...

Computers can be the biggest tool for freedom and empowerment ever invented, or the biggest tool for coercion and oppression. I believe this will be one of the biggest political issues of our times.

Yeah this type of logic regarding the NSA spying has been driving me nuts. It is illegal regardless of what I choose to do or use. The applicability of these laws does not depend on what I or anyone else buys, uses or patronizes and neither does our right to complain about it.
Too bad this does not mention two-factor authentication. I've grown so accustomed to it that I feel naked without it.
Why would you need a two-factor authentication if the server is yours ? You can always reset everything, you are your own Google.
I'm not sure what you mean. I use two-factor authentication to ensure that people can't log in to my mail from 'new' locations without needing my cellphone. Having root access to the server and being able to reset everything doesn't fix this, unless I'm misunderstanding you.
Two-factor authentication is available in Roundcube via plugins. POP3/IMAP4/SMTP don't really support two-factor authentication so the best you could do is use a password that you don't use elsewhere (a good idea regardless) -- I think that's what Google does with their "application specific" passwords or whatever.
IMHO, it's a bit irresponsible, to call something XXX-proof, when we don't even known the full range of capabilities of XXX.
Like bleach only killing 99.99% of germs!!!
Could the NSA use some random hidden exploit and break into the machine if they really wanted to? Probably. But this is about all your emails not being easily indexed by Google/NSA and whoever else the NSA works with.

Obviously emails you've sent out to other servers/domains will be in the clear and will then be indexed.

> Obviously emails you've sent out to other servers/domains will be in the clear and will then be indexed.

Yes, that's what I meant. And - aren't those the majority of the emails? If so, it's incorrect to call it NSA-proof.

Please please don't use greylisting. It's not cool. There are too many broken mail servers around and you'll loose emails. I was unfortunate enough that I had to use mail server with greylisting enabled. As a result I regularly lost booking confirmations.

Spammers know greylisting. Workaround is cheap for them. That's why you are receiving some spams twice.

What do you mean too many? there are so few legit servers that will not resend an email and you can whitelist those.
Not in my experience. I'm using greylistd with Exim and a custom config which uses geolocation to do greylisting by subnet country code. I've only needed to whitelist a handful of broken MTAs which don't retry.

My spammers clearly haven't caught on yet...

      zgrep grey /var/log/exim4/rejectlog* | rev | cut -c 2-3 | rev | sort | uniq -c | sort -rn | head
      8 CA
      7 IT
      5 ES
      4 BR
      4 AR
      2 TR
      2 RO
      2 IR
      2 EC
      1 PT
I silently lost email from my accountants because of some sender verification misconfiguration. Silently dropping email seems too risky to me. Checking the greylist and then marking the email accordingly sounds like a good compromise.
Patch management and zero-day protection are pretty important, but unfortunately not covered in this. It is also hard to maintain over the long term.

This is why I stopped hosting my own email.

That's also the reason why I stopped hosting my own email. I don't trust myself with not losing any emails while properly configuring spam blockers, keeping the system up to date, and staying on top of vulnerabilities.
this is akin to having to put all of your snail mail in a lock box and set up your own post offices just to get mail to where you want it to, hoping it won't get intercepted along the way. I think the government needs to change, not us.
The costs look radically different. Which isn't to say the government doesn't need to change, of course.
Good tutorial but its does not make it fully secure. SMTP is an unsecure protocol, so if your host decides or is compelled to sniff the traffic, all emails received or sent could be recorded in plain text. Not to mention emails from senders using 3rd party services are already compromised even before it gets to you.

How is it that we still don't have proper support for secure SMTP among most email providers?

>Better SPAM detection. Yes, you can beat the Big G.

I never had a spam problem with gmail. V!AGRA and other spam emails are always in my spam filter. I'd say current detection is around 98% effective with the remaining 2% due to the fact that I haven't tried to correct miscategorization of some newsletters.

Instructions of how to secure your email even faster with same level of security.

1. Have Gmail account.

2. Use disc encryption in your desktop/laptop.

3. Have your own email client.

4. Use IMAP to download mail from your Gmail acocunt and to delete mails in Gmail.

NSA can still snoops your email like it does when you use your own server, but you don't keep the archive of your emails accessible to them.

you do realize that 'delete' does not actually delete your messages?
Yes, but the messages stay only six months. Probably roughly the same time as NSA would store intercepted mails.
Not sure if serious or trolling the OP, who I'm not sure if is serious or trolling either.
I'm serious. Don't people read those documents Snowden leaked? There is alternative to Prism called Upstream, that collects and intercepts data directly from communications.

https://en.wikipedia.org/wiki/File:Upstream-slide.jpg

The only difference between downloading daily your data to your laptop and deleting it from Google is that they stay in Google servers up to 30 days after deletion. In both cases NSA can read your emails. Either using PRISM or Upstream.

So, this is nice, but it's not going to "NSA proof" your email in any meaningful sense. You're still going to be exchanging plain text email with most counter parties, and unless you require TLS (as is mentioned in the end, and which will lose you quite a bit of email), you can trivially be MITM'd. Also, the author appears to run it on Linode, ie. a VPS in the US. In other words, the encrypted filesystem is only marginally more complicated to get at than a non-encrypted one.

But that doesn't mean it isn't an extremely useful guide. What would be even cooler was if it would be productized, e.g. by packaging a VM image or as Puppet/Chef recipes - this would make leaving GMail a much simpler proposition to a much larger audience (and make large scale collection of emails, if not impossible, then significantly more complicated) - just get a cheap VPS, do a git clone on the recipe and invoke puppet.

There is an email service that offers what the article explains: https://countermail.com
Is it safe from the Feds compelling them to insert a backdoor?

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

No but neither is the setup of the article mentioned. PRISM is all signal intelligence. That is what SSL/PGP effectively solves.

Wiretapping (rootkits or backdoors) are almost impossible to stop. The endpoint is always the weakest point. And I'm sure the NSA spends millions on the latest exploits. No 3rd party hosting service is capable of preventing that.

> Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

Well that's cool. Except, as others here have noted: what assurances do you have on the other end (destination)? You can have all the encryption you want, but ultimately "they" (NSA, FBI, CIA, whoever) have a thousand ways to get at the information they want: keyloggers, 0-days to get into your machine, 0-days to get into your email server, etc. Sure it's a fun exercise, but don't kid yourself into thinking that you're bulletproof. Whether you agree with it or not, the NSA can more than likely get around any protection you try to implement, if they have enough reason to put the effort into it.
Interestingly enough, one of the best tools that many of us "techies" have to help prevent this was developed (at least in part and initially) by the NSA itself: SELinux.
Odd blog post.

Talks about "NSA-proofing email" and doesn't mention PGP, GPG or S/MIME.

Should be titled "How to set up a mail server with SMTP and IMAP". Seems only peripherally connected with protecting email from snooping in any way.

Yeah, it didn't make any sense to me either. I'm all for running your own mail server but that alone will not make it any more secure unless you only communicate with people using said server.

If I care that much about the content of an e-mail it will be encrypted or I will tell the person via other means. I assume everything I send via e-mail to be available to 3 letter agencies all over the world, regardless of what server I use.

And, even encryption doesn't keep the metadata from the NSA.
It's defence against legal compliance with the NSA.

Emphasis is privacy and compliance, not security.

No it isn't. The email passes through the server unencrypted (between Postfix and Dovecot), so it's still a potential tap point. In fact, running encryption to the server simply says to the NSA: Ask Linode for access to this disk.
He used an encrypted FS I believe, but the NSA could just ask to monitor all mail to and from his instance at Linode (or any ISP) since he didn't encrypt the mail.
And they probably have most of the mail anyways because odds are he's mostly communicating with people using google, yahoo, microsoft, etc.
I wonder how effective this advice would even be at achieving that goal. Consider, for instance, that what meager protections are afforded electronic communications (by the Stored Communications Act, etc.) only apply to providers that "serve the public". [1] Others, such as Jake Appelbaum, have argued that hosting with Gmail or other large providers offloads the legal burden onto their well-equipped legal teams to defend against subpoenas, FISA requests, NSL's and the like. [2]

The problem here is that it is very difficult to protect yourself when you don't understand your adversary's capabilities. We need transparent legislation and accountability in both government agencies and tech industry corporations. A lot of this advice boils down to an assumption that the NSA/DOJ/FBI will "play fair", and there is really no reason to expect them to do that.

[1]: https://ssd.eff.org/3rdparties/govt/stronger-protection [2]: http://youtu.be/HHoJ9pQ0cn8

Well, with that consideration, the advice is moot since it isn't outside government regulation.

Hmm...good point. We really need an open-source ISP for privacy to start to work. A fool-less system where the executing code is available to the public with read-only access with write permissions to appointed admins.

I wonder if it is feasible to hide messages in spam. e.g. pretend that your machine is spewing out ads when it is sending messages. It probably one of the first things that will get filtered out by the NSA.
Is this really going to protect you? I get the feeling it'll just give you a false sense of security.

They will still know who you are sending email to and receiving from.

The recipient metadata is unencrypted correct? As we've seen recently—the metadata often reveals more than the message content.

Not if you're sending important emails to other people hosted on your own server.
I do not want to NSA-proof my email or phone conversations. I do not want to wear a mask to avoid face recognition and what more propositions are yet to come how we should adapt to the situation given.

While we are are from the ideal world where this behaviour would be without consequences, the matter asks for a change of the situation we are finding ourselves in.

Get loud, get political. Don't dream that you are holding a weapon in your hand because you can half assedly encrypt peer to peer communication. This is only confirming the status quo. Like n umbrella might confirm it's raining.

As side-thought: the same technical reflex might have occurred to that institutions in the first place: let's record everything and we will be more safe.

I came along to post a very similar thought. NSA proofing my email won't do any good. I'm not worried about the NSA (or my country's equivalent) spying on me. I'm worried about what are the consequences of their unchecked power in general.
"Get loud, get political."

A major problem with this is that advanced surveillance technology and the increased sharing and cooperation between the various spy agencies and ever more militarized police force is being used to target, spy on, and repress political activists and protestors.

If you seriously, but peacefully and non-violently, try to oppose the surveillance state aparatus and are deemed to be a threat to the huge sums of money they are getting to fight the good fight or a threat to the power they're ammassing, you can expect to be spied upon and harassed at the bare minimum. The more of a threat they consider you to be, the more you're likely to find yourself in jail or worse.

Of course, this has been par for the course for political activists ever since Spartacus led a slave rebellion, and it will not stop the minority truly dedicated and idealistic activists. But the tools of state surveillance and repression have advaced so much that it's much harder for ordinary people to participate in the political process beyond voting for two mostly the same parties, writing emails, or making phone calls without suffering serious consequences.

This is scaring a lot of people off from even trying to make a difference. In many ways, many of us already are living in a dystopia.

That said, trying to raise the political consciousness, technological literacy, and privacy awarenss of the average individual is still a very worthwhile and usually safe thing to do (depending on how radical and confrontational your tactics are), and we'd all be much better off if more people did this instead of throwing up their hands and giving up or pretending it's not happening.

I think do both. But yes, in the long term, a political solution is the only good solution. I hate how all this spying forces us into regressing on usability and also stops us from using some features, simply because we know NSA is on to doing nefarious things with all that data.

But we shouldn't have to worry about that sort of stuff, because we should have strong laws in place protecting against such mass spying.

If NSA is able to do that, any nation and possibly multiple entities can do the same. It's not because you don't know it that it doesn't happen.
I'd like to see this setup coded into a proper server provisioning tool like Chef/Puppet/Ansible.
Should be titled "How to make yourself feel secure with a mail server that isn't".
More than a few things in the article made me go "wait a minute", like saying "Dovecot is LDA, so it runs IMAP", the chained IV and the warning that some programs might not work (and if mutt won't work, how do you know Dovecot will?), or the use of mysql ... but the glibc bcrypt story is especially sad.
I wish people would stop calling "#" a "hashtag" outside of social networks.
I agree. Everyone should call it an octothorpe because that's an awesome word to say.
What I have increasingly seen (not because of the NSA - most of my friends just assume the government are watching - they grew up on 24 and Jason Bourne) - is that email is just not something they use much. I'm told that email is all "spam", by which they mean followups to services they signed up with, not really spam, but not personal communications either. For them, personal communications is increasingly switching to txt/iMessages. The interactivity, the ability to be in a conversation is more natural than email where you write something, toss it over the fence at some MTA. The NSA might just be watching the wrong channel.

Obviously they are no doubt snooping iMessages, but if someone wanted to NSA proof their "email", maybe instead they should just forget email all together and think about mobile, point to point solutions. I used to use bbm before they have up on releasing new phones (something they have since done, but too late for me) - they used to have a decide pin you could use to make point to point encrypted messaging - it was easy to use and I assume reasonably secure. Maybe something like that is far better than even bothering with email.