Hacker News new | ask | show | jobs
by _mhp_ 4575 days ago
There is no actually secure - that's the problem. The best you can do is secure against specific threat models. Up until recently, most people didn't necessarily view government intrusion as a particularly credible threat, so didn't spend the extra time/effort/money mitigating against it.

One of the best things to come out of all these revelations, in my opinion, is a revised view of what threats we should consider which were previously dismissed as paranoid ramblings.
2 comments
maffydub 4575 days ago
You're right that we may have been naive about trusting our governments.

What I don't understand is why anyone trusted businesses (such as CertiVox and Lavabit) to keep their emails secure?

If the businesses themselves couldn't decrypt these emails, there's nothing the government could usefully ask them for.

link
rhizome 4575 days ago
What I don't understand is why anyone trusted businesses (such as CertiVox and Lavabit) to keep their emails secure?

Because they didn't consider "because terrorism" to be a security threat that could penetrate privacy and property laws. Lavabit has proven that the Third-Party Doctrine means that once you give data to a business, you're giving it to the government.

link
maffydub 4575 days ago
Sorry, maybe I wasn't clear.

I have an email I want to be secure.

Why am I giving this data to Lavabit in a form that they can decrypt? (Forget the government for the moment.)

Why aren't these systems engineered to mean that only _I_ have the key to decrypt them?

link
rhizome 4575 days ago
I don't know. Why aren't you running your own email server?
link
maffydub 4574 days ago
Me personally? Because I don't actually need secure email (and so didn't use Lavabit or CertiVox).

My point is that if I did want secure email, I wouldn't trust a company whose email system architecture meant that they could read my email.

A personal email server might be a good solution, but then you have to maintain it. It seems as though it should be possible for a company to build an email system (and offer it as a service to customers) whereby they _couldn't_ read user's email.

This seems like a good thing. (And as a nice side-effect, the government can't then issue them with a warrant to read your email. Although that's not to say they can't read your email in other ways.)

link
rhizome 4574 days ago
I'm not aware of any companies providing double-blind encrypted email services, but they may be out there. Certainly they would eventually be accused of providing harbor to terrorists and other unsavories. At best, it sidesteps the problem of the lack of legal privacy protections when using a service provider of any kind.

http://www.legaltechnology.com/latest-news/data-security-in-...

link
JulianMorrison 4574 days ago
You can trust an established business with a reputation to lose, not to defecate where it eats.

The upset in the threat model is that you can no longer trust that a business is free to choose according to self interest. You have to assume the government will be force-feeding it laxatives.

link
spindritf 4575 days ago
Sure, but they don't seem any more (technically) secure than any other decent webmail provider.
link