Harvard and MIT Students Launch ‘NSA-Proof’ Email Service | Betabeat
Have you guys seen this? What say ye? http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
Message du 20/05/14 01:02 De : "J.R. Jones" A : Cypherpunks@cpunks.org Copie à : Objet : Harvard and MIT Students Launch ‘NSA-Proof’ Email Service | Betabeat
Have you guys seen this? What say ye?
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
"NSA proof" while provided by american citizens? lol that's impossibru For one reason: National Security Letters are not applicable just for businesses, otherwise there is Guantanamo, that's their last resort if they can't make you talk, no pun intended. To be NSA proof, you gotta be non-american and live in a country that doesn't extradite to the US and also a country whose likelihood of you being smuggled by a special ops team is small. Like Brazil, China or Russia. Switzerland is a known collaborator with the US in the same level of Germany, Poland or Sweden. You can't trust them.
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-... well, it seems too good to be truth. Recently we"ve got a lot of projects like that. Yes, there are enthusiasts. A real good ones. But we should also ask ourselves, (except what tpb-crypto mentiond), who these guys are? Could they be a project of... the NSA itself? Yes. I read their security section. The first thing in my mind (i am not tooooo paranoid:)) is that it is too good. It is absolutely free WITHOUT any mention of donations. Not even a mention. Who supports them? Can we trust him/it? Are they millionaires:)? We see not even one word about the money. Second of all, when you read their security section, its like a honey for bees - it invites you. Its ideal. Too much ideal. So yes, i rely on my feelings too, and there is something wrong with that. These guys are from Germany: https://lavaboom.com/en/beta.html It seems to me a better choice (except the problem of the fact that Germany has got its nsa=bnd and that they give everything to nsa) In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall. We"ve got pgp. Thanks God. But a 100% reliable and bulletproof email provider? No.
Just read the “Threat Model” section of the website. They are working to prevent mass surveillance, not to stop targeted nation state level attacks against individual users. -Lance -- Lance Cottrell loki@obscura.com On May 19, 2014, at 10:36 PM, Александр <afalex169@gmail.com> wrote:
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
well, it seems too good to be truth. Recently we"ve got a lot of projects like that.
Yes, there are enthusiasts. A real good ones. But we should also ask ourselves, (except what tpb-crypto mentiond), who these guys are? Could they be a project of... the NSA itself? Yes.
I read their security section. The first thing in my mind (i am not tooooo paranoid:)) is that it is too good. It is absolutely free WITHOUT any mention of donations. Not even a mention. Who supports them? Can we trust him/it? Are they millionaires:)? We see not even one word about the money. Second of all, when you read their security section, its like a honey for bees - it invites you. Its ideal. Too much ideal. So yes, i rely on my feelings too, and there is something wrong with that.
These guys are from Germany: https://lavaboom.com/en/beta.html It seems to me a better choice (except the problem of the fact that Germany has got its nsa=bnd and that they give everything to nsa)
In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall.
We"ve got pgp. Thanks God. But a 100% reliable and bulletproof email provider? No.
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters. You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil. On Tuesday, May 20, 2014, Lance Cottrell <loki@obscura.com> wrote:
Just read the “Threat Model” section of the website. They are working to prevent mass surveillance, not to stop targeted nation state level attacks against individual users.
-Lance
-- Lance Cottrell loki@obscura.com <javascript:_e(%7B%7D,'cvml','loki@obscura.com');>
On May 19, 2014, at 10:36 PM, Александр <afalex169@gmail.com<javascript:_e(%7B%7D,'cvml','afalex169@gmail.com');>> wrote:
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
well, it seems too good to be truth. Recently we"ve got a lot of projects like that.
Yes, there are enthusiasts. A real good ones. But we should also ask ourselves, (except what tpb-crypto mentiond), who these guys are? Could they be a project of... the NSA itself? Yes.
I read their security section. The first thing in my mind (i am not tooooo paranoid:)) is that it is too good. It is absolutely free WITHOUT any mention of donations. Not even a mention. Who supports them? Can we trust him/it? Are they millionaires:)? We see not even one word about the money. Second of all, when you read their security section, its like a honey for bees - it invites you. Its ideal. Too much ideal. So yes, i rely on my feelings too, and there is something wrong with that.
These guys are from Germany: https://lavaboom.com/en/beta.html It seems to me a better choice (except the problem of the fact that Germany has got its nsa=bnd and that they give everything to nsa)
In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall.
We"ve got pgp. Thanks God. But a 100% reliable and bulletproof email provider? No.
-- Kelly J. Rose Edmonton, AB Phone: +1 587 982-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam@kjro.se MSN: msn@kjro.se Document contents are confidential between original recipients and sender.
Dnia wtorek, 20 maja 2014 09:05:37 Kelly J. Rose pisze:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
I guess that's why they are not putting it on American soil. -- Pozdr rysiek
Their architecture makes them vulnerable to compromise through hacking. If you read their threat model, it is quite modest. They are not trying to be secure against focused efforts by the NSA or similar. -Lance -- Lance Cottrell loki@obscura.com On May 20, 2014, at 8:47 AM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia wtorek, 20 maja 2014 09:05:37 Kelly J. Rose pisze:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
I guess that's why they are not putting it on American soil.
-- Pozdr rysiek
Message du 20/05/14 18:20 De : "rysiek" A : cypherpunks@cpunks.org Copie à : Objet : Re: Harvard and MIT Students Launch ‘NSA-Proof’ Email Service | Betabeat
Dnia wtorek, 20 maja 2014 09:05:37 Kelly J. Rose pisze:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
I guess that's why they are not putting it on American soil.
-- Pozdr rysiek> [ signature.asc (0.3 Ko) ]
It doesn't matter, if you got a link to the US like citizenship, you are liable to receive a NSL. If you come from a poorly defended country, like say Saudi Arabia, they will snatch you out to guantanamo. This kind of problem should be tackled by some honest idealists from either China, Russia, Brazil, India or other big country (Indonesia or Malaysia?) that doesn't extradite and would cause an enormous stink if one of their citizens was taken away to be tortured. If that country would not effectively attack the US in some very painful way. Like I suppose you are Polish, if you are Polish, Poland itself will give you away to the US at the minimal sign of trouble. I don't blame Poland, it is that or being Russia's bitch. Poor Polen always squeezed.
Are they American citizens? Do they plan on ever travelling to the US? On Tue, May 20, 2014 at 9:47 AM, rysiek <rysiek@hackerspace.pl> wrote:
Dnia wtorek, 20 maja 2014 09:05:37 Kelly J. Rose pisze:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
I guess that's why they are not putting it on American soil.
-- Pozdr rysiek
-- Kelly J. Rose Edmonton, AB Phone: +1 587 982-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam@kjro.se MSN: msn@kjro.se Document contents are confidential between original recipients and sender.
Not buying it. Elaborate. -- Lance Cottrell Sent from my iPad
On May 20, 2014, at 8:05 AM, "Kelly J. Rose" <iam@kjro.se> wrote:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
On Tuesday, May 20, 2014, Lance Cottrell <loki@obscura.com> wrote: Just read the “Threat Model” section of the website. They are working to prevent mass surveillance, not to stop targeted nation state level attacks against individual users.
-Lance
-- Lance Cottrell loki@obscura.com
On May 19, 2014, at 10:36 PM, Александр <afalex169@gmail.com> wrote:
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
well, it seems too good to be truth. Recently we"ve got a lot of projects like that.
Yes, there are enthusiasts. A real good ones. But we should also ask ourselves, (except what tpb-crypto mentiond), who these guys are? Could they be a project of... the NSA itself? Yes.
I read their security section. The first thing in my mind (i am not tooooo paranoid:)) is that it is too good. It is absolutely free WITHOUT any mention of donations. Not even a mention. Who supports them? Can we trust him/it? Are they millionaires:)? We see not even one word about the money. Second of all, when you read their security section, its like a honey for bees - it invites you. Its ideal. Too much ideal. So yes, i rely on my feelings too, and there is something wrong with that.
These guys are from Germany: https://lavaboom.com/en/beta.html It seems to me a better choice (except the problem of the fact that Germany has got its nsa=bnd and that they give everything to nsa)
In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall.
We"ve got pgp. Thanks God. But a 100% reliable and bulletproof email provider? No.
-- Kelly J. Rose Edmonton, AB Phone: +1 587 982-4104 Twitter: @kjrose Skype: kjrose.pr Gtalk: iam@kjro.se MSN: msn@kjro.se
Document contents are confidential between original recipients and sender.
Last time I checked, NSLs could only be used against people in the US. Not people located in Switzerland even if they are US citizens. So as long as they don't travel to the US it's safe. And to concerns about monetization, I was looking around their website and found that they have been entering a bunch of start-up seed-funding things. I also noticed that in their privacy policy they have a section covering payment information. I assume this means that they will have pay services once they leave beta. Under the forever free picture on the front page, they say that they will have "multi-tiered pricing including a free version anyone can use." What I haven't seen yet is anything about third party audits or warrant canaries. In Switzerland it is possible to get warrants with gag orders for data (I believe the gag is eventually lifted). They do not make it clear what would change in their transparency report if they got such an order. They also make no indication of how they will respond to security disclosures or to people trying to poke holes in their system.
Message du 20/05/14 18:44 De : "unixninja92"
Last time I checked, NSLs could only be used against people in the US. Not people located in Switzerland even if they are US citizens. So as long as they don't travel to the US it's safe.
Do Harvard and MIT offer complete graduation courses without your physical presence? Are they willing to never step again in the US or its allied countries? If any of those questions ys answered in the negative, then they will get a NSL asap. But considering the lack of obvious financial backing, you already know who is backing them. And that's sad.
On Tue, May 20, 2014 at 11:05 AM, Kelly J. Rose <iam@kjro.se> wrote:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
If you operate a machine upon which plaintext 'email' for users transits/sits on their behalf, you will still be subverted and beaten (literally or not)... either remotely by cooperative agreements (or simply giving), or your own local mitm, [extra]legal force major, etc. The only way out of the mess is either: a) basically start street protesting to change global law and practice and somehow manage to create utopia. b) defend in depth and bury all user messaging within secure p2p darknet overlay networks where only Alice and Bob are parties to the plaintext content. And the code you run to get on it is developed and audited by separate groups, be they well known nyms on such nets, or real world. Any proposed messaging system that is centralized, not pay anonymous, not open, works by you giving up key material you shouldn't, or you needing to demandload their code instead of running your own trusted copy... isn't worth your time. Otherwise stick with plain old email, text, and whatever the fad of the day is. And don't try to call either of them secure.
This kind of problem should be tackled by some honest idealists from either China, Russia
Yet people applaud eliminating such idealists, even eg: Iraq, Iran, Cuba, DPRK, Venezuela, Israel, etc. Keep on wiping out your only counter voices and you'll get what you asked for next. None of these suggested places/people are immune either, only alternatively 'hard'[er] under some given threat models. lavaboom.com and protonmail.ch both appear deliver you their code (javascript) on the fly to run in your browser. Yeah, that's secure.
In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall.
No, you don't need to trust anyone, and should not. That model's long been broken. You should audit the code, spec and docs and then trust that.
We"ve got pgp. Thanks God.
And have only thus secured the message body. A valuable tech advance to be sure. But far from approaching a near wishfully complete checklist solution.
But a 100% reliable and bulletproof email provider? No.
Countless businesses fail, sellout, etc every day and that will not change. It is proven since dawn of business for them to fail or at least morph into something unrecognizable. [Note it doesn't take $much/account to run a good barebones email service 100%, especially if you stick to only mail and cut features. There's no reason we shouldn't have 50 punkish ones in curious jurisdictions to choose from by now.] Back to p2p... your recipient, and your peers are all independent businesses. Look out in your city, other than you and Alice who both are 'up' by definition of wanting to talk some method, you could fail many people/nodes/businesses and still route a p2p message through. It's hard to eval trust of a single business or %'s of nodes. Yet just like all the millions of torrenters, your odds of the majority of the nodes [which have real IP's hard to fake in the disparate millions] being on your side are probably better with p2p than whether one single brick and mortar business is screwing you over, or forced to to so. Business centralization, vanity, monetization, etc to run the lava*'s, proton's and so on is counter to some of the problems they attempt to solve. Their real benefit is often adding research to the educational pile of debunked non-solutions to such problems. A natural selection process of sorts. And as legal test cases for fighting the good fight, pushing boundaries and changing that end of things. If Ladar didn't stand up and speak out we wouldn't know to evolve those parts of our process. We need more people like that.
lavaboom.com and protonmail.ch both appear deliver you their code (javascript) on the fly to run in your browser. Yeah, that's secure.
I have long thought that it's high time to implement JS code signing that can be verified by the client, either innately or through an extension. A quick addition to the comment-metadata system devised to provide licensing information (and parsed by an FSF extension to inform you whether the code your browser is running is libre or not) could be used for this purpose; what's left, then, is to establish a way to translate code signatures into trust. For a monolithic system like a zero-knowledge email host, that's easy; when you sign up, you install their pubkey into your extension, preventing MITM attacks on the JS payload. At best, that's an additional layer over SSL, or it could be used instead of SSL (a crypto-AJAX engine run in browser for sending and receiving data; could be handy for shared hosting where SSL isn't an option). However, it falls down vs. NSLs, etcetera, because hosts can be compelled to send you malware signed with their keys. You need trustworthy third parties who can sign and verify that code is shipped intact. It'd be nice if you could hack a system like this to use the PGP web of trust as a first port of call, and then to fall back to a wider set of "trusted" people if that fails. As a way to further enhance security, having people with these extensions installed send hashes of the JS payloads they receive to a comparison server would be nice. Might even detect some attacks that fly under the radar at present, like people being sent tailored-attack versions of major third-party libs like JQuery, etcetera. When an anomalous hash arrives that doesn't match any "official" releases of the lib, alarm bells should ring. On 27/05/14 05:27, grarpamp wrote:
On Tue, May 20, 2014 at 11:05 AM, Kelly J. Rose <iam@kjro.se> wrote:
Which is totally subverted if you are American citizens or located in the us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
If you operate a machine upon which plaintext 'email' for users transits/sits on their behalf, you will still be subverted and beaten (literally or not)... either remotely by cooperative agreements (or simply giving), or your own local mitm, [extra]legal force major, etc. The only way out of the mess is either: a) basically start street protesting to change global law and practice and somehow manage to create utopia. b) defend in depth and bury all user messaging within secure p2p darknet overlay networks where only Alice and Bob are parties to the plaintext content. And the code you run to get on it is developed and audited by separate groups, be they well known nyms on such nets, or real world.
Any proposed messaging system that is centralized, not pay anonymous, not open, works by you giving up key material you shouldn't, or you needing to demandload their code instead of running your own trusted copy... isn't worth your time. Otherwise stick with plain old email, text, and whatever the fad of the day is. And don't try to call either of them secure.
This kind of problem should be tackled by some honest idealists from either China, Russia
Yet people applaud eliminating such idealists, even eg: Iraq, Iran, Cuba, DPRK, Venezuela, Israel, etc. Keep on wiping out your only counter voices and you'll get what you asked for next. None of these suggested places/people are immune either, only alternatively 'hard'[er] under some given threat models.
lavaboom.com and protonmail.ch both appear deliver you their code (javascript) on the fly to run in your browser. Yeah, that's secure.
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
[image: Inline image 1] http://www.smbc-comics.com/comics/20140527.png On Tue, May 27, 2014 at 5:13 AM, Cathal Garvey <cathalgarvey@cathalgarvey.me
wrote:
lavaboom.com and protonmail.ch both appear deliver you their code (javascript) on the fly to run in your browser. Yeah, that's secure.
I have long thought that it's high time to implement JS code signing that can be verified by the client, either innately or through an extension.
A quick addition to the comment-metadata system devised to provide licensing information (and parsed by an FSF extension to inform you whether the code your browser is running is libre or not) could be used for this purpose; what's left, then, is to establish a way to translate code signatures into trust.
For a monolithic system like a zero-knowledge email host, that's easy; when you sign up, you install their pubkey into your extension, preventing MITM attacks on the JS payload. At best, that's an additional layer over SSL, or it could be used instead of SSL (a crypto-AJAX engine run in browser for sending and receiving data; could be handy for shared hosting where SSL isn't an option).
However, it falls down vs. NSLs, etcetera, because hosts can be compelled to send you malware signed with their keys. You need trustworthy third parties who can sign and verify that code is shipped intact. It'd be nice if you could hack a system like this to use the PGP web of trust as a first port of call, and then to fall back to a wider set of "trusted" people if that fails.
As a way to further enhance security, having people with these extensions installed send hashes of the JS payloads they receive to a comparison server would be nice. Might even detect some attacks that fly under the radar at present, like people being sent tailored-attack versions of major third-party libs like JQuery, etcetera. When an anomalous hash arrives that doesn't match any "official" releases of the lib, alarm bells should ring.
On Tue, May 20, 2014 at 11:05 AM, Kelly J. Rose <iam@kjro.se> wrote:
Which is totally subverted if you are American citizens or located in
us. Simply by the national security letters.
You could have the sexiest cryptosystem ever and the NSL attack will still beat you if you put it on American soil.
If you operate a machine upon which plaintext 'email' for users
On 27/05/14 05:27, grarpamp wrote: the transits/sits
on their behalf, you will still be subverted and beaten (literally or not)... either remotely by cooperative agreements (or simply giving), or your own local mitm, [extra]legal force major, etc. The only way out of the mess is either: a) basically start street protesting to change global law and practice and somehow manage to create utopia. b) defend in depth and bury all user messaging within secure p2p darknet overlay networks where only Alice and Bob are parties to the plaintext content. And the code you run to get on it is developed and audited by separate groups, be they well known nyms on such nets, or real world.
Any proposed messaging system that is centralized, not pay anonymous, not open, works by you giving up key material you shouldn't, or you needing to demandload their code instead of running your own trusted copy... isn't worth your time. Otherwise stick with plain old email, text, and whatever the fad of the day is. And don't try to call either of them secure.
This kind of problem should be tackled by some honest idealists from either China, Russia
Yet people applaud eliminating such idealists, even eg: Iraq, Iran, Cuba, DPRK, Venezuela, Israel, etc. Keep on wiping out your only counter voices and you'll get what you asked for next. None of these suggested places/people are immune either, only alternatively 'hard'[er] under some given threat models.
lavaboom.com and protonmail.ch both appear deliver you their code (javascript) on the fly to run in your browser. Yeah, that's secure.
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
On Tue, 20 May 2014 06:49:26 -0700 Lance Cottrell <loki@obscura.com> wrote:
Just read the “Threat Model” section of the website. They are working to prevent mass surveillance,
Really? But they are going to collect 'metadata' about all their users, no?
not to stop targeted nation state level attacks against individual users.
-Lance
-- Lance Cottrell loki@obscura.com
On May 19, 2014, at 10:36 PM, Александр <afalex169@gmail.com> wrote:
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
well, it seems too good to be truth. Recently we"ve got a lot of projects like that.
Yes, there are enthusiasts. A real good ones. But we should also ask ourselves, (except what tpb-crypto mentiond), who these guys are? Could they be a project of... the NSA itself? Yes.
I read their security section. The first thing in my mind (i am not tooooo paranoid:)) is that it is too good. It is absolutely free WITHOUT any mention of donations. Not even a mention. Who supports them? Can we trust him/it? Are they millionaires:)? We see not even one word about the money. Second of all, when you read their security section, its like a honey for bees - it invites you. Its ideal. Too much ideal. So yes, i rely on my feelings too, and there is something wrong with that.
These guys are from Germany: https://lavaboom.com/en/beta.html It seems to me a better choice (except the problem of the fact that Germany has got its nsa=bnd and that they give everything to nsa)
In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall.
We"ve got pgp. Thanks God. But a 100% reliable and bulletproof email provider? No.
It looks like they would be in a position to do so if they wanted. -Lance -- Lance Cottrell loki@obscura.com On May 20, 2014, at 12:16 PM, Juan <juan.g71@gmail.com> wrote:
On Tue, 20 May 2014 06:49:26 -0700 Lance Cottrell <loki@obscura.com> wrote:
Just read the “Threat Model” section of the website. They are working to prevent mass surveillance,
Really? But they are going to collect 'metadata' about all their users, no?
not to stop targeted nation state level attacks against individual users.
-Lance
-- Lance Cottrell loki@obscura.com
On May 19, 2014, at 10:36 PM, Александр <afalex169@gmail.com> wrote:
http://betabeat.com/2014/05/harvard-and-mit-students-launch-nsa-proof-email-...
well, it seems too good to be truth. Recently we"ve got a lot of projects like that.
Yes, there are enthusiasts. A real good ones. But we should also ask ourselves, (except what tpb-crypto mentiond), who these guys are? Could they be a project of... the NSA itself? Yes.
I read their security section. The first thing in my mind (i am not tooooo paranoid:)) is that it is too good. It is absolutely free WITHOUT any mention of donations. Not even a mention. Who supports them? Can we trust him/it? Are they millionaires:)? We see not even one word about the money. Second of all, when you read their security section, its like a honey for bees - it invites you. Its ideal. Too much ideal. So yes, i rely on my feelings too, and there is something wrong with that.
These guys are from Germany: https://lavaboom.com/en/beta.html It seems to me a better choice (except the problem of the fact that Germany has got its nsa=bnd and that they give everything to nsa)
In the end, we need to trust someone. But we dont read their minds:). And it could be, after all, a big fall.
We"ve got pgp. Thanks God. But a 100% reliable and bulletproof email provider? No.
participants (11)
-
Anthony Martin -
Cathal Garvey -
grarpamp -
J.R. Jones -
Juan -
Kelly J. Rose -
Lance Cottrell -
rysiek -
tpb-crypto@laposte.net -
unixninja92 -
Александр