12

After the recent disclosure of several major email providers cooperating with NSA, is there any real security benefit of not using these email services and choose some alternative instead? Such as picking a local email provider or hosting an email server myself?

All emails are publicly visible as they pass through routers, and I suppose security agencies are monitoring all Internet backbones anyway.

Deer Hunter
  • 5,327
  • 5
  • 34
  • 50
Petr
  • 507
  • 2
  • 10
  • 3
    See this [answer](http://security.stackexchange.com/questions/37491/a-secure-email-host-architecture/37497#37497). E-mail over public networks is intrinsically not secure. – Deer Hunter Jul 08 '13 at 12:21
  • Security isnt free. If you want "more" secure email then the free providers can provide have your own web server which hosts your own email where both the files on the system disk are encrypted and all outgoing emails are signed and encrypted. You can't do anything about inbound emails not being encrypted, but the container files, will be encrypted. – Ramhound Jul 09 '13 at 15:06

5 Answers5

18

More recent leaks and evidence suggests that the email providers themselves are, as a rule, not cooperating with the NSA. Rather the telecom companies such as AT&T are. The NSA wholesale captures and analyzes all the traffic upstream of companies like Google and Yahoo, and through that get implicit access to anything that isn't encrypted. So the critical detail is this: Which companies encrypt their traffic?

I did some tests, and here's what I came up with:

Email Encryption Availability

Forced:         +++   
On by default:  ++  
Off by default: +  
Not available:  -  
Outbound Only:  +*

                  Gmail     Microsoft   Yahoo      AOL
Web Interface     +++       +++         +          -
POP3/IMAP         +++       +++         ++         ++
SMTP              ++        -           +*         +*

So Gmail does encryption everywhere it's possible, and won't even let you connect unencrypted if you're fetching your email.

Microsoft (Live/Hotmail/Outlook.com, etc.) Forces you to encrypt to retrieve your mail, but does not support STARTTLS on port 25, neither inbound or outbound, so all mail to and from them is unencrypted.

Yahoo supports SSL across the board, but it's off by default on the web interface.

AOL doesn't even support SSL on their web interface, but does support it on the backend.

There's no "default" on/off state for SSL on POP3/IMAP, so I gave everyone the benefit of the doubt there.

Possibly most interesting: GMail will encrypt everything if you allow it, including server-to-server. Microsoft will not encrypt server-to-server, while Yahoo and AOL both do something odd: Both will encrypt server-to-server outbound email, but do not support STARTTLS on inbound email. So mail going from Yahoo or AOL will be encrypted if the destination supports it (e.g. Gmail), but mail going to Yahoo or AOL cannot be encrypted.

But with respect to server-to-server encryption, there's a catch: unencrypted connections are always supported, which makes a man-in-the-middle attack trivial. Simply MITM the connection on PORT 25, and filter out the line where the destination server advertises STARTTLS availability. Also, since certificate validity is rarely checked by mail servers, you can MITM the TLS session as well with a self-signed certificate.

Caveat Emailor
Remember that email is inherently insecure in its very design. Using your ISP's email service or setting up your own may not be any better. Remember that its the network backbones that are getting tapped, not the mail service providers. So we're all similarly vulnerable. Use S/MIME or PGP/GPG if you need email security.

tylerl
  • 82,665
  • 26
  • 149
  • 230
  • I checked Yahoo! and AOL using https://www.checktls.com/perl/TestReceiver.pl and neither of them seem to advertise STARTTLS. (So far Gmail and FastMail.fm seem to be the only exceptions among popular free mail services.) – ȷ̇c Jul 09 '13 at 14:17
  • @JCChu Hmmm. I just rechecked and got similar results; I also rechecked *outbound* mail and got the SAME results as before. I'm revising my report accordingly. – tylerl Jul 09 '13 at 16:31
  • 1
    "it's the network backbones being tapped..." From Washington Post: Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” – mgjk Jul 09 '13 at 20:41
  • @tylerl How did you check AOL’s outbound encryption by the way? I tried sending from AOL’s web interface to Gmail but apparently STARTTLS was _not_ used. – ȷ̇c Jul 10 '13 at 08:01
  • 1
    @JCChu I set up a mail server that supported STARTTLS, and sent myself an email from AOL. I packet-captured the traffic and watched what happened. – tylerl Jul 10 '13 at 18:48
  • @JCChu just tried sending email directly from AOL to Gmail. It was encrypted as follows: `Received: from omr-d08.mx.aol.com .... (version=TLSv1 cipher=RC4-SHA bits=128/128)` – tylerl Jul 10 '13 at 18:52
  • @tylerl Aw sorry, my bad; yes I got the same result: “from omr-d03.mx.aol.com … (using TLSv1) by na3sys009amx241.postini.com”. – ȷ̇c Jul 11 '13 at 00:18
6

Using almost all methods of communication via Internet is possibly monitored. That is not the problem. The problem is, why you don't encrypt your messages.

Emailing is just like writing post-cards, worse than writing a letter, the latter having at least an envelope. But you can use encryption, rather than writing plain letters in Emails. PGP is one of such softwares that helps encrypting emails, or messages being posted into Internet publicly. The encryption is done in your own computer, and decryption in your friend's computer, which is secure unless your computer or your friend's is also monitored by agencies(malicious software from agencies installed, CPU with secret circuits reporting, etc.). Luckily ciphers like AES and RSA is up to now secure enough, even for NSA.

I personally believes no means of communication is not being monitored. But cryptography helps to securely communicate via insecure communicate methods.

Lucifer Orichalcum
  • 725
  • 1
  • 5
  • 11
  • 4
    Thanks. Yes, encryption is a solution, but I'd say 99.9% of email users are not capable of doing so. – Petr Jul 08 '13 at 10:36
  • 2
    TLS is commonly used to secure, protect and encrypt messages going to and from different email hosts. If done well enough it can act like PGP when looking at it on the wire, and if you trust the admins of each MTA. See also this: http://security.stackexchange.com/questions/160/what-type-of-content-better-not-to-transfer-by-email/982#982 – makerofthings7 Jul 08 '13 at 14:55
  • @PetrPudlák the idea that reinventing the wheel of communication doesn't solve the problem. In my eyes however, utilizing existing service providers is convenient enough. To avoid NSA's monitor, either shut up talking about things really interest NSA in Internet, or use cryptography(with or without Internet), or try something like quantum communication(which is seemingly not completely impossible). When messages being transmitted very very important like a spy's report, use [one-time-pad password](https://en.wikipedia.org/wiki/One-time_pad) at least. – Lucifer Orichalcum Jul 08 '13 at 15:01
3

It may provide some protection, but without knowing specifically what you are trying to achieve in terms of "security", it is hard to say.

As others have said, you could encrypt all your messages so that they can not be read as they are going through the wire. Of course, that means that the people who you are writing emails to needs a way to decrypt everything you are writing, and you can imagine how this would be both tedious and not very viable unless you only email several people. This does have the benefit of making it so that even if someone else were to be able to see your emails they would unlikely be able to read them.

The other solution you posted, hosting an email server yourself would only be partly useful, because in the end you will be emailing other people and presumably you are not going to only email people who use your email server. The same can be said for local email providers.

However, when it really comes down to it, when thinking about security you need to think about the resources, both monetary and temporal, of the adversary. Now, if you realize that the government has essentially infinite resources(they can ACTUALLY print money!) there is nothing you can really do to stop them from spying on you if they really wanted to.

Sure, you can take measures so that it would make them use more resources, but on the other hand, doing things to protect your privacy supposedly makes them more interested in knowing what you are doing, potentially giving them more legal rights to spy on you from what I've read. In the end, I just don't the effort is worth it.

Synderesis
  • 181
  • 3
3

Depends on your jurisdiction and your business.

IANAL, but as a security professional, here's my undestanding of it:

PRISM is legal because it is not applied to U.S. citizens/residents (http://thenextweb.com/insider/2013/06/07/president-obama-says-prism-does-not-apply-to-u-s-citizens-or-people-living-the-us/). If you live and work in the U.S. and do business in the U.S., then you and your contacts are protected and held to U.S. law. Perfectly okay to use the services. Law enforcement could always issue warrants and you always knew that.

If you live and work outside the U.S., then U.S. law doesn't protect you. You're a non-citizen, non resident who's exported their data to foreign soil. The data can be used against you, your friends and family arbitrarily and indefinitely with all dealings with the U.S.

Precedent of this kind of government intelligence behaviour can be seen in Iran where people have been arrested for the actions of their family members on Facebook (e.g., http://www.iranhumanrights.org/2012/07/yashar-khameneh/) or in China where gmail accounts of dissidents were evesdropped on possibly leading to their execution http://techcrunch.com/2010/01/13/china-hacking-gmail-secure/

I moved to a domestic (non US) Exchange service for calendaring and business email after PRISM. If the U.S. wants my data, they need to use their law-enforcement treaties to compel my ISP to release the data.

I suggest that businesses which deal with sensitive information of interest to the U.S. house their information outside the U.S. (e.g., embassies, doctors, government contractors, lawyers involved in U.S. federal cases, etc.).

mgjk
  • 7,545
  • 2
  • 21
  • 34
1

The main difference I can see is that it gives a better idea of what you actually do with the e-mails that reside with the service provider. They can tell if you immediately deleted the message or if you read it and moved it to your "How to take over the world" folder.

As far as seeing the messages going to the server though, you are correct that it makes no difference and encryption would keep the contents secure either way. The only thing you are giving up is what information is available about what you do after it reaches your e-mail provider's server.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110