• Aikido
  • Healthcare/Clinical
  • LINK-12
  • Pandora’s Box
  • Tin Foil
  • What is Michael?
  • Projects
    • Personal Projects
  • IPv6 Secure Project

The Krypt

The Krypt

Tag Archives: mining

On StartMail and Email Insecurity in General

07 Friday Jun 2013

Posted by Michael in Communications

≈ 2 Comments

Tags

communication, data, email, google, ixquick, mining, national, nsa, privacy, security, server, startmail, startpage, surveillance, yahoo

Some interesting news this way comes, via UWN Thesis (again): StartPage/IXquick is launching its own email service near the end of this month, which I gather has been two years in the making. It also came just before news of the Verizon handover and NSA’s PRISM broke.

What makes this particularly newsworthy is IXquick is promoting StartMail as ‘The World’s Most Private Email’, and as with its search engine, the privacy of its users is a basic design principle. As I understand it, if two people were to communicate through StartMail, both having the software client to encrypt what they send, the emails would be accessible only to them. In other words, emails are encrypted from one communicating party to another, and this solves one of the fundamental security problems intrinsic to most email services.

But this is a short-term fix. We’re still reliant on servers to store, or at least relay, practically all our Internet communications, and often it’s only our connection to those servers that are encrypted – the communications are usually stored in plaintext.
So, Google, Yahoo and perhaps Microsoft routinely scan our personal communications, but that’s not a big deal as it’s just for targeting more relevant ads, right? Well no, because the data’s also being warehoused, handed over to governments and God knows what else. We also don’t know where Google’s obsession with surveillance and data harvesting is leading, the exact reason the National Security Agency is building its giant facility, or what the consequences might eventually be. Get over the idea of the authorities requiring a warrant – the emails aren’t stored on your property.
Sometimes communications are actually being read by someone other than the intended recipient, like that Google engineer who was caught prying into the accounts of several teenagers back in 2010. Sure, there would have been policies and procedures in place, but no technical measures that prevented him breaching them anyway. That same absence of protection exists with practically every major service.

Somewhere along the line most of us have apathetically (and perhaps ignorantly) given up some fundamental rights, and now there’s no expectation of privacy where most email comunication is concerned. A situation that would have been unthinkable 20 years ago.

Where Next
After much thought over the years, I’ve reached the conclusion that only a totally encrypted next generation client-to-client Internet (which I’m sporadically working on) could truly solve this – StartMail is a partial step in that direction.
Solving the technical challenges is the easy part. Countless P2P, encryption and darknet technologies are already out there, but almost none of them offer the same convenience as Google’s services, and neither are they marketed effectively outside the hacker scene. Even Tor is barely mainstream. This will be a huge challenge for the StartMail team, who must either tailor their service to those who aren’t prepared to sacrifice convenience for privacy, or take the lion’s share of those who are already concerned about their privacy.

A Parting Thought
Things aren’t always how they appear in this privacy/surveillance thing, and there are many parties, factions and motives (particularly financial) at work here. Be very careful who you trust.

Advertisements

Share this:

  • Twitter
  • Facebook
  • Google
  • Reddit
  • LinkedIn
  • Email

Like this:

Like Loading...

Menu

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.com

Categories

  • .NET
  • Communications
  • Cryptography
  • Development
  • Forensics and Investigation
  • IPv6
  • Linux OS
  • Martial Arts
  • networking
  • privacy
  • Python
  • Systems Integration
  • Uncategorized

Profile

Michael

Michael

My name is Michael, and I’m a software developer specialising in clinical systems integration and messaging (API creation, SQL Server, Windows Server, secure comms, HL7/DICOM messaging, Service Broker, etc.), using a toolkit based primarily around .NET and SQL Server, though my natural habitat is the Linux/UNIX command line interface. Before that, I studied computer security (a lot of networking, operating system internals and reverse engineering) at the University of South Wales, and somehow managed to earn a Masters’ degree. My rackmount kit includes an old Dell Proliant, an HP ProCurve Layer 3 switch, two Cisco 2600s and a couple of UNIX systems. Apart from all that, I’m a martial artist (Aikido and Aiki-jutsu), a practising Catholic, a prolific author of half-completed software, and a volunteer social worker.

View Full Profile →

GitHub

Blogs

  • Alexander Riccio
  • Brian Krebs
  • Bruce Schneier
  • Chris Lansdown
  • cypherpunks
  • Daniel Miessler
  • Dimitrios
  • Dirk Rijmenants
  • EXTREME
  • George Smith
  • Jeffrey Carr
  • Jericho@Attrition
  • Krypt3ia
  • Light Blue Touchpaper
  • MNIN Security
  • Pen Test Lab
  • Strategic Cyber LLC Blog
  • Tech Antidote
  • The Pro Hack
  • UWN Thesis
  • Volatility Labs
  • W.M. Briggs

Catholica

  • Bible Gateway
  • Brandon Vogt
  • Catholic Answers
  • Jacqueline Laing
  • Patrick Coffin
  • Rational Catholic
  • Rosary Confraternity
  • Strange Notions
  • Theology Like a Child
  • Thomas Aquinas' Works
  • Vericast
  • Word on Fire

Cryptography

  • Cipher Machines and Cryptology
  • Crypto Museum
  • Matthew Green

Developers

  • CodeAcademy
  • Codemanship
  • Hacker News
  • Puneet Kalra
  • SWLUG

InfoSec

  • Airbus Cyber Security Blog
  • Cryptome.org
  • Fuzzy Security
  • Linux Security
  • OSVDB
  • Packet Storm Security
  • PHRACK
  • Qjax Blog
  • RISKS Digest
  • SecTools.org
  • Strategic Cyber LLC Blog

Interesting Stuff

  • 27b/6
  • Attrition Online
  • Frank Langbein
  • Learn WordPress.com
  • Theme Showcase

Martial Arts

  • AikiCast
  • Aikido Journal
  • Aikido Sangenkai
  • AikiWeb
  • Welsh Aikido Society

ISTQB Certified Tester

Update by RSS

  • RSS - Posts
  • RSS - Comments
Advertisements

Create a free website or blog at WordPress.com.

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: