Private email conversations are impossible, says secure email provider

Scorpus

Scorpus

Posts: 2,162   +239
Staff member

Louis Kowolowski, technical operations manager at the recently closed secure email provider Silent Circle, has stated that the days of private email conversations "are long over", explaning on Friday why the service had to shut down. According to Kowolowski, it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols.

The easiest part of the email to secure is the actual content, but the rest of the metadata must go unencrypted if the email is to be read by standard messaging protocols. This means that, regardless if you use a web client or a more secure desktop client, it's possible to intercept some information about an email conversation, such as the sender's IP address, to and from fields, the time of sending, subject lines, and encryption protocols used.

With this data in hand, other parties, such as a government, can easily discover who is communicating and how often. Kowolowski says this information "may be just as damaging as the content of the email. For example, a freedom fighter working in an oppressive country, trying to get the word out."

Silent Circle closed down its email service as a precautionary measure earlier this month, as they could no longer promise complete privacy to their users. The move followed the closure of Lavabit, a similar service used by former NSA contractor Edward Sowden, who famously leaked the NSA's controversial PRSIM data collection program.

Although Silent Circle no longer provides a secure email service, they still have faith in other forms of secure communication, including phone, text and instant messaging. With services such as Silent Phone and Silent Text, it's much easier to secure all communications end-to-end, rubbing out any possibility of unencrypted metadata interception.

Permalink to story.

https://www.techspot.com/news/53672-private-email-conversations-are-impossible-says-secure-email-provider.html

 
it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols
Click to expand...
I can't be the only one who instantly thinks "well develop new protocols, then". If it means you have to develop new client software instead of having it browser accessible, go ahead. There will be a big enough market in this climate to make it financially viable.
 
  • Like
Reactions: Darth Shiv and cliffordcooley
Whoooooooo CARES!!??!?!

If you dont want the Government to monitor your emails, DONT EMAIL STUFF YOU SHOULDNT BE!!!!

If you are doing something illegal, You Deserve To Be Caught!
 
Guest said:
Whoooooooo CARES!!??!?!
If you dont want the Government to monitor your emails, DONT EMAIL STUFF YOU SHOULDNT BE!!!!
If you are doing something illegal, You Deserve To Be Caught!
Click to expand...
And everyone deserves to pay higher taxes, so that a large department of people can monitor everything everyone does. Meanwhile hardly anyone gets caught, especially the ones that are causing the most harm. Sheesh give me a break with the BS.
 
  • Like
Reactions: hammer2085
Lurker101 said:
it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols
Click to expand...
I can't be the only one who instantly thinks "well develop new protocols, then". If it means you have to develop new client software instead of having it browser accessible, go ahead. There will be a big enough market in this climate to make it financially viable.
Click to expand...
The assumption that's necessary to "keep compatibility with existing protocols" is the problem.
Keeping compat does allow the meta-data problem discussed in the article. Tossing compat and we would get a better, faster, secure and more private email system. The email client solution would not be so difficult, but adoption by the Internet and rollout time/costs would be excessive. IMO, the web-based email access would be fare more difficult as the server side changes would be more complicated than the client side.

Now you know WHY there has not been a new email protocol favoring security.
 
The easiest part of the email to secure is the actual content, but the rest of the metadata must go unencrypted if the email is to be read by standard messaging protocols. This means that, regardless if you use a web client or a more secure desktop client, it's possible to intercept some information about an email conversation, such as the sender's IP address, to and from fields, the time of sending, subject lines, and encryption protocols used.
Click to expand...

So create an email address called YahooDailyDeals12561@yahoo.com and make your subject line 'New Items on Sale!!!' then send it from some free wifi or public library PC. If you're that serious about privacy then take some extra precaution.
 
Why doesn't somebody create a messaging system that works the same way that Bitcoin does? Sure it will still have some issues but as far as my knowledge of bitcoin goes, it could work pretty well..
 
amstech said:
If its online, its accessible.
Click to expand...

I have to agree with this statement. If you want to keep things private, keep it off the internet. If you want to keep items 100% private on your computer, throw a whole disk encryption on there and never connect it to the internet... you can even go as far as removing the LAN port and Wireless chipset.
 
The idea is to minimize what the government can monitor. The fact that we even need to do this is ridiculous. We're suppose to have a right to privacy. Bogus loopholes, and then the people who mindlessly support anything our government does. "It's for our protection" ... No.


"Those who surrender freedom for security will not have, nor do they deserver, either one."
-- Benjamin Franklin
 
Lurker101 said:
it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols
Click to expand...
I can't be the only one who instantly thinks "well develop new protocols, then". If it means you have to develop new client software instead of having it browser accessible, go ahead. There will be a big enough market in this climate to make it financially viable.
Click to expand...
Yes agreed. It is not rocket surgery.
 
"Accessible doesn't mean readable though."

Well maybe if we lived in a world where the internet was simple and reading the contents of an email was the only issue... maybe. Also, anything is readable if it's readable in the first place. Any algorithm we use today can be hacked. ANY ALGORITHM. Maybe not practically, but that maybe DOES go both ways.
 
You must log in or register to reply here.

Similar threads

TechSpot
Top 10 Private and Secure Email Services
Replies
7
Views
398
pixelfree
pixelfree
D
Apple secures iMessage against threats from quantum computers
Replies
1
Views
160
erickmendes
erickmendes
Bubbajim
Real-time, AI monitoring at work: Major brands are snooping on employee conversations
Replies
18
Views
406
Kam7r
K

Latest posts

Back