Image from EFF

Is e-mail OK for secret stuff?

Image by EFF

Image by EFF

Short answer: No. Slightly longer answer: Maybe, but not without additional protection.

E-mail is one of the oldest and most widely used services on Internet. It was developed during an era when we were comfortably unaware of viruses, worms, spam, e-crime and the NSA. And that is clearly visible in the architecture and blatant lack of security features. Without going deep into technical details, one can conclude that the security of plain e-mail is next to non-existing. The mail standards do by themselves not provide any kind of encryption or verification of the communicating parties’ identity. All this can be done with additional protection arrangements. But are you doing it and do you know how to?

Here’s some points to keep in mind.

  • Hackers or intelligence agencies may tap into the traffic between you and the mail server. This is very serious as it could reveal even your user ID and password, enabling others to log in to the server and read your stored mails. The threat can be mitigated by ensuring that the network traffic is encrypted. Most mail client programs offer an option to use SSL- or TLS-encryption for sent and received mail. See the documentation for your mail program or service provider. If you use webmail in your browser, you should make sure the connection is encrypted. See this article for more details. If it turns out that you can’t use encryption with your current service provider, then start looking for another one promptly.
  • Your mails are stored at the mail server. There are three main points that affect how secure they are there. Your own password and how secret you keep it, the service provider’s security policies and the legislation in the country where the service provider operates. Most ordinary service providers offer decent protection against hackers and other low-resource parties, but less protection against authorities in their home country.
  • Learn how to recognize phishing attacks as that is one of the most common reasons for mail accounts to be compromised.
  • There are some mail service providers that focus purely on secrecy and use some kind of encryption to keep messages secret. Hushmail (Canada) and Mega’s (New Zealand) planned service are good examples. Lavabit and Silent Mail used to provide this kind of service too, but they have been closed down under pressure from officials. This recent development shows that services run in the US can’t be safe. US authorities can walk in at any time and request your data or force them to implement backdoors, no matter what security measures the service provider is implementing. And it’s foolish to believe that this is used only against terrorists. It’s enough that a friend of a friend of a friend is targeted for some reason or that there is some business interest that competes with American interests.
  • The safest way to deal with most of the threats is to use end-to-end encryption. For this you need some additional software like Pretty Good Privacy, aka. PGP. It’s a bit of a hassle as both parties need to have compatible encryption programs and exchange encryption keys. But when it’s done you have protection for both stored messages and messages in transit. PGP also provides strong authentication of the message sender in addition to secrecy. This is the way to go if you deal with hot stuff frequently.
  • An easier way to transfer secret stuff is to attach encrypted files. You can for example use WinZip or 7-Zip to create encrypted packages. Select the AES encryption algorithm (if you have a choice) and make sure you use a hard to guess password that is long enough and contains upper and lowercase letters, numbers and special characters. Needless to say, do not send the password to the other party by mail. Agreeing on the password is often the weakest link and you should pay attention to it. Even phone and SMS may be unsafe if an intelligence agency is interested in you.
  • Remember that traffic metadata may reveal a lot even if you have encrypted the content. That is info about who you have communicated with and at what time. The only protection against this is really to use anonymous mail accounts that can’t be linked to you. This article touches on the topic.
  • Remember that there always are at least two parties in communication. And no chain is stronger than its weakest link. It doesn’t matter how well you secure your mail if you send a message to someone with sloppy security.
  • Mails are typically stored in plaintext on your own computer if you use a mail client program. Webmail may also leave mail messages in the browser cache. This means that you need to care about the computer’s security if you deal with sensitive information. Laptops and mobile devices are especially easy to lose or steal, which can lead to data leaks. Data can also leak through malware that has infected your computer.
  • If you work for a company and use mail services provided by them, then the company should have implemented suitable protection. Most large companies run their own internal mail services and route traffic between sites over encrypted connections. You do not have to care yourself in this case, but it may be a good idea to check it. Just ask the IT guy at the coffee table if NSA can read your mails and see how he reacts.

Finally. Sit down and think about what kind of mail secrecy you need. Imagine that all messages you have sent and received were made public. What harm would that cause? Would it be embarrassing to you or your friends? Would it hurt your career or employer? Would it mean legal problems for you or your associates? (No, you do not need to be criminal for this to happen. Signing a NDA may be enough.) Would it damage the security of your country?  Would it risk the life of you or others? And harder to estimate, can any of this stuff cause you harm if it’s stored ten or twenty years and then released in a world that is quite different from today?

At this point you can go back to the list above and decide if you need to do something to improve your mail security.

Safe surfing,
Micke

More posts from this topic

Privacy principles 3

Your privacy is our pride, part 3 of 3 – how we act as a company

This is the final blog post in a series of three where we cover our privacy principles. I have earlier covered the fundaments and why security is a requirement for privacy. But privacy is not only about guarding your data and keeping it protected. It’s also about how we act as a company. If you select us as your provider, you want to know that we are acting in a responsible way and support your privacy in a broader sense.   WE KEEP OUR MESSAGING RELEVANT Messaging and marketing towards customers is always a tricky issue that divides opinions. Some are allergic to all kinds of marketing messaging. Others don’t mind and may even find part of it useful. We may have several reasons to contact our customers. Part of it is no doubt promoting our product and service portfolio (yes, marketing), part is necessary info related to the products you use. We also produce generic security and privacy information that we think is of interest, even if it doesn’t relate directly to our products. Our aim is to give you a messaging stream with an optimal signal to noise ratio. And you can fine-tune the stream by opting in or out to some content.   WE ARE THE GOOD GUYS There are strong global forces that want to scarify privacy for economic and diplomatic gains. This means that privacy isn’t just a technical issue anymore, it’s a highly ethical and political issue as well. The time has come when we need to choose sides. F-Secure’s choice is clearly to speak out against the privacy-hostile development. It would not be right to just sell you tools guarding your privacy and at the same time be quiet about the threats. We do demand change, for example in the Digital Freedom Manifesto. Also check out @Mikko at TED, nobody says it better than him.   TRANSPARENCY All this sounds fine, but do you believe us and will you trust us? It is so easy to write beautiful phrases, but you as a customer have very little tools to verify our claims. That’s why we need transparency. We want to be a forerunner and openly declare what data we collect, how we handle it and what principles we adhere to. That’s the best way to differentiate from those who just use privacy as a marketing message.       These principles will help us provide solutions that protect your privacy. As you can see, that’s not a simple task and it requires commitment at all levels of the organization. Publishing these principles is just the tip of the iceberg, what really matters is how we do our ordinary daily work. We need to keep the principles in mind at all time when designing systems and processes, to ensure they never are violated. Maybe I’m a dreamer, but I would very much love to be a digital citizen in a society that fully implement principles like this. It seems like a futile wish at the moment, but we are at least doing what we can to strive for it. The society may be hostile towards your privacy, but we at F-Secure work hard to make the principles real at least in a small part of the digital world. Our own products. That’s a good start, now you have a choice. If you like these principles, you can improve your privacy by selecting F-Secure.     Safe surfing, Micke

Oct 30, 2014
BY 
snowden_crowd

Snowden Says Drop Dropbox; Here’s What You Said

In his recent video interview with The New Yorker, Edward Snowden advised viewers to get rid of Dropbox, Facebook and Google, saying such services are dangerous and should be avoided. But what do consumers think? Are you and I ready to follow his advice and switch to more secure services? To find out what people really think, we consulted our recent global consumer survey* where we had asked people just those types of questions. Here's what we found: 53% of survey respondents said they’d be willing to switch from services like Google to other more private services to avoid search-based profiling. 56% of people said they have become more wary of US-based Internet services in the past year. 46% of people said they would be willing to pay to be sure that none of their personal data transits via the US. 70% said they are concerned about the potential of mass surveillance by intelligence agencies in countries through which their data may be passing. 68% of respondents said they try to protect their privacy at least some of the time through the use of private browsing or incognito mode or by encrypting their communications. 57% of people said they are not okay with companies using their profile data in exchange for getting a free service. Germany, Brazil and the Philippines showed some of the highest levels of concern about data privacy. For example, when asked whether they’ve changed some of their Internet habits in recent months due to increased concerns about data privacy, an average of 56% of people said they had: 45% in the UK, 47% in the US, and 49% in France, and going even higher to 60% in Germany and 67% in both Brazil and the Philippines. Are you ready to start using more private, secure services too? If so, F-Secure has some great options. Our online storage and sync service, younited, is fully encrypted for security and privacy from the ground up. F-Secure Freedome encrypts your connection wherever you are, even on public WiFi, and protects you from hackers and Internet trackers. And free F-Secure App Permissions lets you know which mobile apps you've installed are a threat to your privacy.   *The F-Secure Consumer Values Study 2014 consisted of online interviews of 4,800 age, gender and income-representative respondents from six countries, 800 respondents per country: US, UK, France, Germany, Brazil and the Philippines. The study was designed together with Informed Intuitions. Data was collected by Toluna Analytics in July 2014.   Image courtesy of greensefa, flickr.com    

Oct 29, 2014
BY 
Whistle

How to blow the whistle and survive

Whistleblowers have changed the world and there’s still a lot of hidden secrets that the public really should know about. High-profile leakers like Snowden, Manning and Assange are known globally, and are paying a high price for their courage. But only a few are dedicated enough to blow the whistle in public - most leakers want to carry on with their normal lives and remain anonymous. Snowden did no doubt show the way for others, and there are already several who have tried to leak and remain anonymous. That’s not easy and the stakes are high! Which is underlined by the recent news about the feds discovering one leaker. But is it even possible to leak anonymously in this word that in many ways is worse than Orwell’s fictive surveillance nightmare? Let’s list some advice for the case you would like to leak by phone to a journalist. I guess not many of you readers will ever be in a situation where you need this. But read on, this is highly interesting anyway and tells a lot about how our digital word works. Ok, let’s assume the worst case. The secrets you want to leak affects US national security, which means that your enemy is powerful and can use top surveillance against you. Let’s also assume it’s info you have authorized access to. And that you want to talk on the phone to a journalist. Here’s some basic rules and hints that may prevent you from ending up behind bars. First you need to assess how many persons have access to the data. They will all be on a list of suspects, together with you. The shorter the list, the bigger the risk for you. Your mobile phone is a tracking device. The cell phone network knows what base station you are connected to at any time. Other services can record and store even GPS-accurate position data. All this is accessible to the agents and you must make sure it doesn’t reveal you. Needless to say, your own phone does not participate in this project. You need to find out who you should leak to. Never do this research from your own computer because your search history can reveal you. It leaves traces both in your computer and in your user profile at Google (unless you know what you are doing and use privacy tools properly). Do this research from a public computer. Make sure you have never logged in to any personal account from this computer. You need a “burner phone” to do the leaking. This is a phone that can’t be connected to your identity in any way. Here’s some rules for how to use it: It is always switched off with the battery removed when not in use. Just using the power button does not cut power from all parts of the device. It is never switched on in or close to your home. The agents can easily find out what base station it was connected to and turning it on near home can make you more suspected than others. It is never switched on in or close to your vehicle. Base station records for the phone may correlate with traffic cameras storing your registration plate. This is especially important if you have a modern car with a built-in data connection for service monitoring etc. Never user the burner for any other contacts. Even a single call to your spouse creates a record that ties you to the phone. Needless to say, never store any other info in the phone than what you need for this project. You always leave your own phone at home when going out to use the burner phone. Otherwise the agents can see that your own phone “happen” to be in the same base station when the burner is used. Leave your own phone turned ON at home when you go out with the burner. Otherwise you create a recognizable pattern where your own phone turns off and the burner turns on, and vice versa, in a synchronized manner. Leave any other wireless devices at home. Tablets, wireless mobile payment devices, anything else with a radio transmitter. Using a voice changer is necessary especially if the list of suspects is short. Assume that your calls can be recorded and your own voice checked against the recording. Get the burner phone. Scout for a dealer with old-looking or insufficient security cameras located not too close to your home. Remember that the agents may locate the shop where the burner phone was sold, get the security camera recording and compare against the list of suspects. Even better, ask someone else to buy the phone for you. Choose a cheap non-smart prepaid phone with removable battery. Pay cash and make sure you don’t reveal your identity to the seller in any way. Safely destroy any receipts and other paperwork related to the purchase. Think about where to store physical items that can tie you to the leak. Such items are the burner phone and related documents or data media. This is especially important if the list of suspects is short. Storing such items at home, at your workplace or in your vehicle will reveal you if the agents perform a search. Try to find some other place that is safe and can’t be tied to you. Now you are ready to contact the journalist. Be very rigid with the rules for how to use the burner phone. There are also some additional rules for this situation: Dress discreetly to avoid sticking out in surveillance camera footage. Be far enough from home when making the call. Turn the burner on, make the call and turn it off again right away. Avoid public places with surveillance cameras when the burner is on. Do not use your credit card during this trip. Pay cash for everything. Any other personal payment instruments, like public transportation payment cards, is a big no-no as well. You have to assume that journalists dealing with leaks are being watched constantly. Assume that the hunt is on as soon as you have made the first contact. Try to wrap up the project as quickly as possible and minimize the number of times you turn on the burner phone. When you are done, dispose all items related to the leak in a secure way. The trash can of your own house is NOT secure. Dump the phone in the river or put it in a public trash sack far enough from home. The truly paranoid leaker will break the phone with gloves on. The outer shell can contain fingerprints or traces of your DNA and the electronics the traceable phone ID. It’s good to make sure they end up in different places. Huh! That’s a lot to remember. Imagine, all this just for maintaining privacy when making a phone call! But you really need to do it like this if the big boys are after you and you still want to continue as a free citizen. I hope you never need to go through all this, and also that you do it right if you have to. Disclaimer. This text is mainly intended as a demonstration of how intrusive the surveillance society is today. We provide no guarantee that this will be enough to keep you out of jail. If you really plan to become a whistle blower, research the topic thoroughly and get familiar with other sources as well (but remember what I wrote about researching from your own computer).   Safe whistle blowing, Micke  

Oct 28, 2014
BY