[jrnvs]

There are several options, ranging from making the link one-time only to requiring a captcha or password.

From TFA: ➜Can you explain more in details how Private Link Message (PLM) works? Private Link Message (PLM) allows you to send and receive messages from people who don't use GPG.

In order to send a message you can send a secret HTTPS link to your correspondent. It will look like https://test.nospy.co/n3FVgtFwR2cp839nX6dkQGzGjF38bJ5VwiX86u... .

The link is temporary: once clicked by your correspondent it is too late to spy, the link does not work anymore.

You can also, optionaly, setup an expiration date for the link. If your correspondent did not access the message before this date, it is too late to read.

The link is filtered by a question. Depending on the level of surveillance you think you are in, the question can be a simple captcha to avoid bots, a secret question that your correspondent can answer but not the NSA, or a request for a password previously exchanged with your correspondent, or no question at all.

Your correspondent will have a web interface to answer your message privately. You can also activate a permanent HTTPS interface for anyone to send you a message privately at any time.

In practice a simple captcha will allow you to be safe from mass surveillance, since only targeted surveillance can be done by human beings. On top of that any spy will be detected, and have his IP address revealed. On our test, no PLM has ever been spyed even with no question at all.

[tptacek]

Except for the option of a secret question (ie: a password), none of these countermeasures seem useful. The one-time link in particular; an attacker will collect the email, then spoof a replacement site containing the email to make the surveillance mostly (or entirely, depending on how well the operator of this email-in-a-box service configures TLS) transparent.

The idea that a captcha protects anyone from mass surveillance is probably unworthy of discussion.

[jrnvs]

It's certainly not a watertight solution against targeted surveillance, but why wouldn't it be effective against mass surveillance?

If someone were to open all these one-time links (and manage to fill in the captcha's automatically), people would start to notice very soon when the intended recipients complain and the Own-Mailbox interface shows that the email-URLs were opened by some dodgy IP address.

[tptacek]

Captchas aren't even effective against fraud.

I think you missed my sketch of how the attack against single-use URLs (or, for that matter, pages that show what the last IP address to access the account was) works.

[nitrogen]

Mass surveillance can probably be turned into mass MITM. As tptacek said, intercept mail, alter link to point to attacker-owned server or account, proxy messages via the original link. An intermediate Rails developer could put it together with a couple of gems.

[vidarh]

However that requires a compromised client, a compromised cert, or a compromised ca. While all of those are possible, they do substantially raise the bar in terms of who may have the capabilities.

It's a classic tradeoff in terms of who you care about being secure against and how badly you want it.

[c22]

If the client is compromised then the mitm can be performed on the client itself. And barring that wouldn't the cert or the ca have to be compromised in order to intercept the message at all?

[nitrogen]

If the original message is delivered via SMTP, it's supposedly fairly easy to force unencrypted SMTP if you have a MITM. Then you can just rewrite the URL in the message to a domain for which you have a valid cert, or rewrite it to use http instead of https and intercept/proxy the http requests.

[chinathrow]

A one time click link also does't not work well with some mail scanning applications which pre-fetch every link seen within a mail.

[whoopdedo]

Also KDE that downloads an URL to determine the mime type before sending it to an application. Doesn't the HTTP spec say that GET requests have to be repeatable?