Uploading files to the cloud and Security
kaie at kuix.de
Thu Nov 24 20:30:53 UTC 2011
During MozCamp Berlin I listened to JB's presentation about TB.
He presented the idea, instead of sending large files by email, TB could
assist the user by uploading the files to a Cloud service, and sending
the email containing a link.
I like that idea in general, but I would like to comment from a
security/privacy point of view, and give some additional inspiration.
Email is a point-to-point communication. Using a Cloud service adds
another party to the communication, and could easily lead to
unintentional publishing of information.
I believe most email used today is unencrypted. But still, unless there
is a man-in-the-middle that is deliberately watching all your
communication, sending a personal email usually won't result in
automatic uploading or publishing.
Worse, if the person is actually using encrypted email (either using the
built-in S/MIME or using an Add-On such as Enigmail), the user might
forget about the fact that the intended attachment will travel without
Because of these risks, I would like to propose to combine Cloud
uploading with some sort of automatic encryption.
Here is a proposal how it might work. On sending:
- TB automatically creates a random symmetric key
- TB encrypts the file using the key
- TB uploads encrypted file
- TB sends email that contains both an URL and the key required for
This would retain the current point-to-point semantic of email, and the
current level of security.
- If an email is sent in plaintext, then the protection will be
identical to today - all receipients can find and access the file, and a
MITM can, too
- If an email is sent using S/MIME or Enigmail encryption, then the
password protecting the cloud file is protected in the same way
The remaining question is about the receiving side.
If the recipient uses TB, too, then TB can offer to automatically
download from the cloud and decrypt it.
In addition, for users not using encryption, the same could be achieved
using a Firefox Add-On for decryption.
For example, the availability of Add-Ons like
demonstrates that having an Add-On to decrypt a file should be doable.
Receipients, not using TB, could be offered to download the file using
their preferred way, and use Mozilla+Add-On for decrypting.
More information about the tb-planning