Feeds

back to article How Dark Mail Alliance hopes to roll out virtually NSA-proof email next year

The Dark Mail Alliance has revealed more details of plans to build a secure, encrypted email system that's surveillance-proof, provided the user's machine isn’t already pwned. Jon Callas, CTO of Silent Circle and cofounder of the Dark Mail Alliance, told The Register that the idea for the service came when he met up with Ladar …

COMMENTS

This topic is closed for new posts.
Silver badge

Replacing trust with security

The NSA proved that we cannot trust those in power to show restraint with surveillance. In the 20th century (and due to the absence of things like the cold war or other fundamental threats), terrorism seems to be the catch-all excuse for warrantless, all-encompassing surveillance.

So we need technological tools to re-create privacy. This is a good thing, even if some bad people will use it for bad purposes. To restrict the freedom of all for a small incremental 'common good' is not reasonable: we must be allowed to meet privately and communicate even if some use this freedom for nefarious purpose. It shouldn't matter whether a communication occurs online or in person.

I thoroughly welcome things like dark mail, let's hope it will create a new balance between government and citizens.

28
1
Bronze badge

Re: Replacing trust with security

21st century, Shirley?

And next to terrorists, what about pedophiles? They're big in Holland... ehrm... well their use as an excuse for all kinds of monitoring and wiretapping laws is.

Agreed about the rest - though I wonder what's wrong with PGP/GPG mail... unless it's

1. the geek factor needed to understand how to set things up,

2. a mailer that enforces encryption of all mails to designated recipients...

3. the fact that it leaks metadata making it more susceptible to traffic analysis.

Ah well, let's see how this initiative pans out...

0
0
Silver badge

OpenPGP ?

For secure communication we use OpenPGP encrypted mail, is there any current reason to think that it is no longer safe ?

4
0
Silver badge

Re: OpenPGP ?

The metadata is still vulnerable.

1
0
Silver badge

Re: OpenPGP ?

PGP was my first thought too, and as for metadata this proposal would seem to be just as vulnerable.

0
0
Bronze badge

SMTP?

Doesn't that mean that the metadata - who emails whom when - will still be in the open? I'd say that any system that aims to provide privacy should recognize that this is way more important than encrypting contents. It is certainly possible to send encrypted emails around today, without Dark Mail.

A private system would encrypt the SMTP envelope (or equivalent) and upload the whole message (with the envelope) to a server, encrypted. The message will then be delivered to the recipient from the server, with the envelope still encrypted, possibly with a random delay to thwart correlation analyses. This way all that is leaked is that both sides communicate with Dark Mail servers, which is not ideal but better than SMTP.

Will there be a special client that makes encryption/decryption (including recipients' key retrieval) transparent? For what platforms? [This is still for the reckless - the mildly cautious will encrypt/decrypt on an air-gapped machine, right?]

The big problem, with or without Dark Mail, is key exchange, of course. How will I know that I am signing up to Dark Mail and not to NSA-in-the-middle? No, SSL cannot be trusted in this matter. Yes, I realize that NSA will have to fool Dark Mail, too, e.g., to read emails of lots of people they will not be able to access the servers from a single IP address for too long. I have to assume they are smart and resourceful, though.

Bottom line, looking forward to that whitepaper, even if out of pure curiosity. El Reg will report, right?

6
0
Silver badge

Re: SMTP?

You seem to be largely correct. The service (from what I can gather) will only guarantee security of communications between Dark Mail users, making it effectively a private message server.

Although the applications of this are obviously limited, it should work.

1
0
Silver badge

Re: SMTP?

Simple solution,

the Dark Mail application will encrypt the payload with your recipients public key, and at the same time encrypt the header information with the Dark Mail public key.

Upon receipt, the Dark Mail server decrypts the header, sends the email to the intended recipient with the payload still encrypted.

So, intended recipient receives an email from 'Dark Mail' and doesn't know who it's from until they decrypt it with their private key.

No Metadata exposed except that you sent an email to Dark Mail, or received one from Dark Mail.

5
0
Bronze badge

Re: SMTP?

Key exchange surely shouldn't be that big of a problem, if you're setting up a Dark Mail you can generate your public and private key locally and give Dark Mail your public key. Why would I need Dark Mail to generate my keys - that would mean that Dark Mail had access to the content of my emails, which is what we're trying to avoid

4
0
Bronze badge

Re: SMTP?

Eguro: I did not mean that DM will generate your keys. Of course you will generate the keys locally. However, how will you know that you are giving your generated public key to DM and not to NSA-in-the-middle, who will give *their* public key to DM pretending it is yours? [Assume that the CA that signed DM's SSL certificate is suborned.]

Then I will send you an email after getting "your" (really, NSA's, but DM tells me it is yours) public key from DM and encrypting with it. NSA will intercept the mail, decrypt it with their private key, store somewhere in Utah, re-encrypt it with your real public key that you were so kind to provide, and send it on its way to you. None of us - you, me, or DM - will notice anything.

5
0
Bronze badge

Re: SMTP?

Sir Spoon: This is exactly the solution I have in mind, all I am saying is 1) it is not SMTP-based; 2) key exchange is still an issue.

0
0
Silver badge

Re: SMTP?

Not being SMTP based, well yes and no. The header encryption and initial mail handling - agreed. From there on out though it is.

Key exchange can be dealt with. Dark Mail will have public web servers where their public key (with checksum) will be available, and you can be sure that it is verified frequently - not that hard to do these days with some of the load-balancing proxies around - if they detect a change from their stored script then they automatically restore it to the previous version - nothing to stop you having two or three running concurrently to make it VERY hard to hack and change all at once with no-one noticing.

All you need to do then is provide your public key to DM encrypted with their public key and Robert is your mothers brother as they say.

2
0
Bronze badge

Re: SMTP?

"All you need to do then is provide your public key to DM encrypted with their public key"

But how will I know it is theirs?

You are still not paranoid enough. And in this case you *know* they are out there to get you... ;-)

0
0
Bronze badge

Re: SMTP?

There's a very easy way to verify if the NSA is running a man in the middle attack.

Look up your own key - if it's wrong, then they are. Or if you don't trust that, check offline - in person - on your friends mail to see if it's the same.

The key isn't public to anyone but you, so verifying it should be simple enough, or am I missing something? (other than any basic understanding of how this actually works - which I have 0 idea about)

0
0
Boffin

Re: SMTP?

How about making mail delivery by pull rather than push (i.e. you collect it, like in a webmail service), so that the timing isn't obvious, and whenever you pick up mail, you are also given someone else's mail, which you can't decrypt (not even the headers), to make traffic analysis harder?

Or you could run it like a forum / newsgroup, in which you pick up everything that has come in since you last looked (or some subset, for scalability, perhaps everything on a particular server) and anything that makes sense when decrypted with your private key is for you. Then you don't even need an address as such.

0
0
Anonymous Coward

The metadata WILL be pwned by the spy agencies.

Hmmm. I see a fundamental issue here.

Clearly, if Sender and Recipient exchange public keys, the content of their messages can be secure. That's a basic PKI, nothing new there. The devil is in the metadata; keeping the metadata out of the hands of the NSA will be very difficult. Encrypting the metadata en route to the Dark Mail server would be insufficient to keep it from prying spies, even assuming the crypto is good enough to withstand cryptanalysis with the resources of a nation state (itself a pretty high barrier).

1) If the Dark Mail server is in the US, they'll get a National Security Letter, and it's game over.

2) If the server is outside the US, the NSA or CIA will pwn the server by black-bag-job means, very likely with the connivance of the government of the host country where the server is located, and it's game over. It is unreasonable to assume that this would not happen, as the spy agencies would consider the Dark Mail server a high-priority target, and would devote as many resources to the task as required, doubtless with little or no restraint. (Review the history of the CIA and you'll get the picture.)

Either way, the metadata cannot be protected. Content, yes, as the server never has the keys to it, but the metadata is not protectable with any confidence.

1
0
Silver badge

Re: The metadata WILL be pwned by the spy agencies.

"but the metadata is not protectable with any confidence."

Nor should it be, it should just not be available to the NSA by performing a network tap.

As long as they get a court order to get the metadata for an *individual* (i.e. and not everyone like they did with Lavabit) then it should be possible and permissable - after all they *do* actually have a job to do.

The problem seems to have arisen because without enough checks and balances access to all that data has gone to their heads and they have taken it upon themselves to write a new job description that no-one has fully authorised*.

*Officially

1
0
Bronze badge

Re: The metadata WILL be pwned by the spy agencies.

@ Mr. Spoon - your aim was for the nail, and it seems you've hit its head! Well done!

0
0
Gold badge
Unhappy

If it's based in the US....

It's under THE PATRIOT Act.

IOW all your servers belong to <insert federal agency name here> us.

BTW Did anyone else read this as the The Dark Mall alliance?

(A rather sinister group who hang around shopping areas)

3
1
Silver badge
Stop

Re: If it's based in the US....

It's not live yet. We don't know where the company or servers will be based.

1
0
Silver badge

Re: If it's based in the US....

I think it's taken as obvious that it's not going to be US based.

1
0
Gold badge
Unhappy

I think it's taken as obvious that it's not going to be US based.

Well I hope so, but we'll have to see.

1
0
Facepalm

Definitely a bad choice of name

If they can't see that this will immediately put off 90% of potential users with its implications of underworld activity, not to mention provide a perfect target for the press, then they're well out of touch.

3
0
Silver badge

Re: Definitely a bad choice of name

Again it's basic psychology.

Anyone thinking 'Dark' automatically means 'nefarious' and nothing else is simply projecting their world view for everyone to see.

For me, 'Dark' normally means opaque, or obscure. ymmv.

3
0

Re: Definitely a bad choice of name

Then apparently (with apologies to UB40) 'I am the one in ten' :-).

Though I suspect I'm really not - depending on the scope of your base population.

Do you mean '90% of the world'?

90% of El Reg readers?

90% of the population of China? (I suspect that number might be a little different - up or down is probably left to people's political inclinations to direct)

Oh well. I'll go back to UB40 then :-) :-).

2
0

Re: Definitely a bad choice of name

"Anyone thinking 'Dark' automatically means 'nefarious' and nothing else is simply projecting their world view for everyone to see."

I was thinking rather more of the world view already projected by the media. We already have "Dark Web" as a meme which allows them to stigmatise anonymous communication with underworld associations. Conflating Dark Mail and Dark Web doesn't strike me as something that'll be beyond the limited imagination of the Daily Mail.

The thing that'll stop this push towards proper internet security and anonymity is that something cool and popular (but inadequate) will take over instead, because people will learn what to use from their mates who read publications that are, err.., even more cool and popular than El Reg.

"Dark Mail" doesn't say cool and popular to me.

Where are the marketing people when you really need them?

3
0
Silver badge
Coat

Re: Definitely a bad choice of name

>> thinking 'Dark' automatically means 'nefarious'

OH NOES, the dark matter is out to get us

WE'RE DOOOOOMED!!!

2
0
Bronze badge

Re: Definitely a bad choice of name

Perhaps presenting a "perfect target for the press" is exactly the idea. After all, there's no such thing as bad publicity. And personally I think much less than 90% of people who care enough about privacy to consider registering for a special anti-spying email service (i.e. their potential users) will be put off by that name. As much as I'd love to see encrypted email really go mainstream, I don't think that's what they're trying to do here.

0
0
Bronze badge

I'm a fan!

The problem is - as I believe they are well aware - integrating it into the lives of regular people.

We might think people are surely willing to give up a little usability for a lot of freedom - but survey says we'd be wrong.

And no - I don't have an actual survey - this is a chance for people to prove me wrong and lift my spirits.

0
0
ql
Bronze badge
Meh

TLS in SMTP

I'm wondering if we started requiring TLS on SMTP servers whether it would be a step in the right direction. That should ensure server-to-server, if not end-to-end, encyption, and make the metadata rather safer, should it not? Not a complete solution, but then neither is this proposal, and it may shake up the cosy certificate supply chain at the same time. I run self-signed certs on my servers, which are used in TLS exchanges but aren't ideal....

Sorry - I'm just wondering aloud what steps I can take, after thinking that Dark Mail is to be welcomed, even if it doesn't fully achieve its aims, to do something active to show that, as Schultz said in comment number 1, "To restrict the freedom of all for a small incremental 'common good' is not reasonable"

0
0
Anonymous Coward

Re: TLS in SMTP

Problem with TLS is that you would require a shared key which doesnt scale well or a trusted signed X.509 certificate. Since the three letter government agencies can ask for your anything on your server to do with encryption, they can potentially play google, yahoo, BT or anyone else and you would not know.

So at the end of the day, how do you build the web of trust - same problem that stymied pgp.

0
0
ql
Bronze badge

Re: TLS in SMTP

"So at the end of the day, how do you build the web of trust - same problem that stymied pgp."

All tue - but I can't help feeling that the lack of comprehensive solution to this issue should not stop us from trying everything we can, even if relatively ineffective, to promote non-coperation with surveillance activity.

0
0
Bronze badge

And, the FIFTH horseman is...

CAREER POLITICIANS?

They're not on the list of the 4, so, this set of beings are among the "final five", hehehe...

Or, maybe, the other 4 already INCLUDE politicians? IIRC, politicians can in the news be found to be associated with those 4 horseriders...

In that case, they can be seen as the Dark MALE Alliance.... No offense to the Dark Mail...

1
0
Anonymous Coward

The obvious counter to Non-US servers.

Filtering dark mail messages at the US border routers and not letting such content pass.

0
0
Nym

One secure method of encryption

The "book" code, which is non-technological and requires two ("identical"*) book copies in the hands of those communicating (one in each, to be precise). In the days of the Internet this MIGHT be done through a shared page but they're modified too easily. There are several methods, the most secure being a MIX of usage of words and letters. P.S. They do work.

Book code can be googled/wikipedia

0
1
This topic is closed for new posts.