undefined | Better HN

0 pointssodality23y ago0 comments

> But if independent security audits with no major issues uncovered cannot make you claim something is secure, when can you claim something as secure?

Nothing at all; it's a broken model. The server can at any time start serving malicious payloads [0]. The server hosts your mail but they also serve the webapp. The clientside decrypts the mail, but the server hosts the client code...

It's a fundamentally flawed idea, trying to retrofit encryption into email in this way, when the server essentially has to hold all of your mail. In this case, the only thing that would make me feel secure in using it, is a third-party OSS client that downloads the mail without using the webapp, using only client-side code. And even then, of course, the mail can simply just be not encrypted when being ingested by Proton. So even then I wouldn't really trust it without external encryption like PGP. In which case, why bother?

To be clear I do use private email services (protonmail, tutanota) but I am simply not going to fall for the illusion of guaranteed privacy; I just trust that they are what they say they are. They are still a better option IMO than something like Gmail, but I don't think they're a silver bullet.

[0]: If you think this is unlikely, see this: https://news.ycombinator.com/item?id=25337507

0 comments

prophesi3y ago

This is why I'm excited for 9elements and Mullvad's System Transparency[0][1] project. The goal is to let the end users know that your server is indeed running the code it says it's running. Of course, open firmware and hardware also plays a role in this as a server running binary blobs still has the potential for malicious code to be unknowingly run.

[0] https://mullvad.net/en/blog/2019/6/3/system-transparency-fut...

[1] https://www.system-transparency.org/

dane-pgp3y ago

> The server can at any time start serving malicious payloads

True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different).

In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers don't natively have a nice way of pinning specific versions of a web app, but there is the clever hack of SecureBookmarks[0] (if you're prepared to sacrifice the UX), or, more realistically, you can pin the web app version using some sort of browser extension.

Examples of the latter include the Signed Pages extension[1], and Code Verify[2], which is the result of a collaboration between Meta and Cloudflare (for securing the WhatsApp Web code, currently, but should eventually support other sites like Proton's too). Of course, it would be much better if this capability was natively included in browsers themselves, but hopefully adoption of this technology will pressure browsers and standards bodies to take ownership of this.

[0] https://coins.github.io/secure-bookmark/

[1] https://github.com/tasn/webext-signed-pages

[2] https://github.com/facebookincubator/meta-code-verify

uselpa3y ago

Secure email is snake oil; no amount of cruft can make it both reasonable secure and useful (as in federated). Other protocols better fill that space because they were designed for security needs.

chrismorgan3y ago

I wouldn’t call secure email snake oil: it meets some of the characteristics, but not all. “Snake oil” implies at least in part inefficacy and deceptive marketing; yet secure email is possible, though there are typically rather severe caveats (mostly around the question of which parts are being encrypted, and usability).

What is actually snake oil, and distressingly rarely realised as such, is first-party end-to-end encryption. That’s what sodality2 is actually talking about. And when you stop and consider it in this light, you realise that the significant majority of stuff that’s advertised as having E2EE is first-party and thus, to put it mildly, not robust.

In the context of email, here’s Fastmail’s take on it: https://fastmail.blog/advanced/why-we-dont-offer-pgp/.

gruez3y ago

I agree that I wouldn't use Protonmail if Signal was an option, but there are many situations where Signal isn't an option (eg. transactional email, people who don't use signal). In those contexts it's still better to use encrypted mail rather than ad-supported mail (eg. gmail, outlook), or even commercial mail (eg. fastmail), which are both unencrypted.

sodality2OP3y ago

End to end secure email definitely is, I agree. No matter what you have to trust the server. (Maybe a Tor-based email system would be better, where each user is their own server? reminds me of `cables`).

If you do trust the server then it can be acceptably secure.

upofadown3y ago

It appears the audit was applied to the Android and iOS apps. So no comment is being made here about the security of the webapp.

sodality2OP3y ago

I thought that was just a wrapper around the website, to be honest. But regardless, the app still loads JS from the website and executes it, so it's still a backdoor possibility.

j / k navigate · click thread line to collapse

0 pointssodality23y ago0 comments

> But if independent security audits with no major issues uncovered cannot make you claim something is secure, when can you claim something as secure?

[0]: If you think this is unlikely, see this: https://news.ycombinator.com/item?id=25337507

0 comments

prophesi3y ago

[0] https://mullvad.net/en/blog/2019/6/3/system-transparency-fut...

[1] https://www.system-transparency.org/

dane-pgp3y ago

> The server can at any time start serving malicious payloads

[0] https://coins.github.io/secure-bookmark/

[1] https://github.com/tasn/webext-signed-pages

[2] https://github.com/facebookincubator/meta-code-verify

uselpa3y ago

Secure email is snake oil; no amount of cruft can make it both reasonable secure and useful (as in federated). Other protocols better fill that space because they were designed for security needs.

chrismorgan3y ago

In the context of email, here’s Fastmail’s take on it: https://fastmail.blog/advanced/why-we-dont-offer-pgp/.

gruez3y ago

sodality2OP3y ago

If you do trust the server then it can be acceptably secure.

upofadown3y ago

It appears the audit was applied to the Android and iOS apps. So no comment is being made here about the security of the webapp.

sodality2OP3y ago

I thought that was just a wrapper around the website, to be honest. But regardless, the app still loads JS from the website and executes it, so it's still a backdoor possibility.

j / k navigate · click thread line to collapse