Re: Thunderbird and end-to-end email encryption – should this be a priority?
brong at fastmail.fm
Wed Aug 26 10:42:49 UTC 2015
On Tue, Aug 25, 2015, at 19:31, R Kent James wrote:
> In one conversation, at the “Open
Messaging Day” at OSCON 2015, I brought up the issue of
whether, in a post-Snowden world, support for end-to-end
encryption was important for emerging open messaging protocols
such as JMAP. The overwhelming consensus was that this is a
non-issue. “Anyone who can access your files using interception
technology can more easily just grab your computer from your
house. The loss of functionality in encryption (such as online
search of your webmail, or loss of email content if certificates
are lost) will give an unacceptable user experience to the vast
majority of users” was the sense of the majority.
As a lead "voice" on this, I'd like to expand a bit on what I said about
it, and also address the next point.
> In a second conversation, I was having dinner with a friend who
works as a lawyer for a state agency involved in white-collar
crime prosecution. This friend also thought the whole
Snowden/NSA/metadata thing had been blown out of proportion, but
for a very different reason. Paraphrasing my friend’s comments,
“Our agency has enormous powers to subpoena all kinds of records –
bank statements, emails – and most organizations will silently
hand them over to me without you ever knowing about it. We can
always get metadata from email accounts and phones, e.g. e-mail
addresses of people corresponded with, calls made, dates and
times, etc. There is **alot** that other government employees (non
NSA) have access to just by asking for it, so some of the outrage
about the NSA’s power and specifically the lack of judicial
oversight is misplaced and out of proportion precisely because the
public is mostly ignorant about the scope of what is already
available to the government.”
> So in summary, the problem is much bigger than the average person
realizes, and other email vendors don’t care about it.
That on the other hand, is a mis-characterisation of at least the email
vendor that I represent.
Basically you have two choices - make it really absolutely impossible to
get at any content of any emails, with all the associated inability to
pretty much support ANYTHING. Seriously, I've debugged issues where
emails were undeliverable if the user had a sieve rule with a regex
match in it, and the email size was an exact multiple of 4096 bytes -
because it was using in an mmap with slop, and if the mmap size matched
exactly, a string read would run off the end of the mapped area.
You can do what StartMail do:
Which sounds awesome, except that every time you log in or hold an IMAP
connection open (we have tons of customers who hold connections open
all the time) then all your data gets decrypted. An NSA or similar
attacker will get access at that point if they have compromised the
MOST people access their email every day. I did some stats to check -
over half our users have logged in within the past 24 hours. So it
doesn't take long to insert the attack at the vendor end and get access
to the data.
Which means that all their crypto is a bunch of expensive security
theatre. We do it too, except at the full disk level - for a couple of
reasons. One is the "if someone came and took all our servers, they
wouldn't be able to read anything" - it's an unlikely risk, but a nasty
one. The real win is that we can ship failed disks back for RMA without
worrying about leaking data. That's a big win overall, because those
things aren't cheap, and shredding them isn't cheap either. So we
encrypt all our disks just so that we don't have to shred them.
The incentives just aren't aligned for a real "secure" server. If your
attacker has millions of dollars budget, and you're being paid
$60/year/user, they'll find a way in. StartMail is compromisable if
you can co-opt the Dutch Government, or even just blackmail one of
(if you can control two of their senior staff, you can get at every
account via the key recovery mechanism - you need one of those, or you
lose everything when you forget your password - and people forget their
So we have a choice between an infeasably complex perfect world, or a
bunch of pointless theatre. I love the theatre as much as the next guy,
but not while I'm trying to work on real security.
Your only choice is to either have full end-to-end encryption (which is
really Thunderbird's world - and the only way that it would influence
JMAP at all is that you would cut down some of its capabilities that
don't make sense if you can't access message metadata on the server, and
treat it as a dumb blob transport).
Or you can find a provider that you trust - in a jurisdiction that you
feel comfortable with. We at FastMail do provide data to the Australian
Federal Police upon presentation of the appropriate warrant (and want to
- I believe in the rule of law, and courts, and the whole system. I
prefer it to the alternative of total lawlessness, and I don't want to
place myself above the courts either)
But what we ARE trying to do with JMAP is counter the rise of
proprietary protocols, and the associated consolidation of email into
just a few big providers - because that makes dragnetting significantly
more simple, and doesn't allow users a good ability to choose between
giving up their privacy or not playing at all.
We're also putting significant development effort into the Cyrus server,
with a goal of making it easier to run your own server.
> Should this be a focus for Thunderbird development?
That is outside my scope as a server side and vendor advocate :) I do
quite like the look of some of the stuff the Matrix guys are doing for
instant messaging. Perhaps integrating that with Thunderbird and
talking to them about an email/MIME transport for matrix messages would
be an interesting project.
Meanwhile, low hanging fruit... does Thunderbird ever send passwords in
plaintext over the wire without you doing an arcane dance in
Will it connect to servers with self-signed certificates without you
doing a similar dance?
Are you still embedding a giant complex browser engine from an
organisation which doesn't give a shit about making sure they aren't
breaking your tree or removing things that you depend on, and isn't
making security fixes for your branches a priority?
brong at fastmail.fm
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tb-planning