Hacker News new | ask | show | jobs
by zabuni 3155 days ago
I think what's telling here is that the blog post does not point to Protonmail's own threat model.

https://protonmail.com/blog/protonmail-threat-model/

Which says don't use it if you are up against state actors and: "Sensitive business communications – You have sensitive business information that you want to make sure is protected from competitors and other malicious parties. For example, you fear a competitor may want to sue you under false pretenses to get access to sensitive data. In this case, ProtonMail offers a great deal of protection. ProtonMail will not release ANY data unless provided with an enforceable Swiss court order. To get such an order, the case must first work its way through the Swiss courts where stricter privacy laws might result in a different ruling. Even if an adversary went through the expensive and time consuming procedure of obtaining such an order, ProtonMail’s zero access cryptography means we would only be able to release data that is encrypted since we do NOT hold the decryption keys."

Given that they have Javascript to handle the decryption keys, couldn't they demand ProtonMail change the code delivered to your browser session to give up the keys? This would make the only extra security provided by this scheme would be the multiple court jurisdictions and the less tested legality of a court order making their product less secure, ala the FBI and Apple.
2 comments
tony101 3155 days ago
I'm not sure there is a legal mechanism to force ProtonMail to add a backdoor...

> "Nearly every country in the world has laws governing lawful interception of electronic communications. In Switzerland, these regulations are set out in the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) last revised in 2012. In the SPTT, the obligation to provide the technical means for lawful interception is imposed only on Internet access providers, so ProtonMail, as a mere Internet application provider, is completely exempt from the SPTT’s scope of application. This means that under Swiss law, ProtonMail cannot be compelled to backdoor our secure email system."

https://protonmail.com/blog/switzerland/

link
benwilber0 3155 days ago
If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA, say Verisign, to generate a fake certificate that they can use to MITM a browser session, and deliver key-stealing javascript to the user? I'm not sure what the state of certificate pinning is, but it seems that for the "uber security conscious users" they have instructions to check the SHA-1 fingerprints[0] manually. I feel like there are just an infinite number of technical ways a state actor with unbounded resources and legal access to basically every authority and pipe that operates the internet could MITM a service like this without compelling ProtonMail to do anything.

[0]https://protonmail.com/support/knowledge-base/protonmails-ss...

link
geocar 3154 days ago
> If a government really wanted access to a specific user's ProtonMail account, couldn't they get a court order from a domestic CA

Why bother?

If they can MITM ProtonMail, they might as well use letsencrypt which just requires you control the domain name (for some definition of control).

> I'm not sure what the state of certificate pinning is,

    Public-Key-Pins-Report-Only: pin-sha256="Jh0ZSUYEc97HRYcwZIOkH2jKOUpmQhLO48MYd1s5pRM="; pin-sha256="2ZnCTNQBrKShr4c1olKfwNG53KiL6qoNcQi65YGRBn8="; pin-sha256="1D76xWwHug9p4iQWVBiDZF+e3UcxtPte/ig5pkYnmRU="; max-age=300; report-uri="https://protonmail.com/pkp-report"
Looks like they want to know about violations...
link
tony101 3154 days ago
EV certificates must be submitted to CT logs, which means ProtonMail and the public will be able to detect the malicious certificate. If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice. That said, if a powerful government is after a user specifically, it is just a matter of time and effort before the government gets in.
link
pfg 3154 days ago
> If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice.

This is often used as an argument by EV advocates, but it doesn't hold up under scrutiny. An attacker with access to a non-EV certificate can selectively intercept only connections for subresources of the targeted site (i.e. JavaScript). The "main" connection would still use the EV certificate and thus show the browser indicator. This attack was first made public in 2008[1] and has been further refined in later work[2].

HPKP and the Expect-CT header provide some viable mitigations for this. That said, it seems unlikely to me that a nation-state adversary would choose to attack at the Web PKI level in this scenario. Compromising ProtonMail or the user's device would probably cheaper and less likely to be detected.

[1]: http://w2spconf.com/2008/papers/s2p1.pdf

[2]: https://www.blackhat.com/presentations/bh-usa-09/SOTIROV/BHU...

link
chmars 3155 days ago
ProtonMail has never painted an accurate picture of the surveillance requirements in Switzerland – and laws have been and are changing too.

Switzerland is not an island of privacy with regard to state surveillance – and with regard to private data privacy, it basically mirrors the European Union’s standard. According to Snowden documents, Swiss intelligence and security services are close partners with the NSA and other foreign services.

link
ryanisnan 3155 days ago
> ProtonMail has never painted an accurate picture of the surveillance requirements in Switzerland – and laws have been and are changing too.

Do you think that's partly because, like most countries, the truth is... obfuscated.

link
pmoriarty 3155 days ago
IANAL, but that just seems to say that under that particular law (SPTT), Internet access providers have to provide the technical means for lawful interception. It does not say that no other entity has to provide the technical means for lawful interception.

In other words, the law does not say that ProtonMail is exempt for having to provide lawful interception. They might still have to do so, based on some other law.

Further, it's quite conceivable that unlawful means (such as blackmail, threats, or bribery) could be used to coerce ProtonMail. That's not to mention perfectly lawful means of enticing them -- like appealing to their patriotism, willingness to help in a critical investigation, or demonstrating some credible threat.

link
Canada 3155 days ago
This attack actually happened years ago at a company called Hushmail. Law enforcement had the encrypted email provider serve malicious code to the target which leaked the secret key.
link
mzzter 3155 days ago
Hushmail operates out of Canada, though. Jurisdiction matters a lot here since Switzerland has a reputation for making it difficult for foreign governments.
link
chmars 3155 days ago
There is no such reputation.

Swiss authorities and security services cooperate closely with partners all over the world including the NSA. And there is a longstanding and working network of mutual legal assistance including the Convention on Cybercrime (CCC).

link
oldengoldie 3155 days ago
Cooperation isn't quite the same as cooperation. There's a world of difference between sharing intelligence on other countries and working together when conducting espionage elsewhere, vs actively attacking domestic targets. Rule of law is taken seriously, and government hacking is a thing - but the scope is very very narrow.
link
tvaughan 3155 days ago
This.
link