[tptacek]

Except for the option of a secret question (ie: a password), none of these countermeasures seem useful. The one-time link in particular; an attacker will collect the email, then spoof a replacement site containing the email to make the surveillance mostly (or entirely, depending on how well the operator of this email-in-a-box service configures TLS) transparent.

The idea that a captcha protects anyone from mass surveillance is probably unworthy of discussion.

[jrnvs]

It's certainly not a watertight solution against targeted surveillance, but why wouldn't it be effective against mass surveillance?

If someone were to open all these one-time links (and manage to fill in the captcha's automatically), people would start to notice very soon when the intended recipients complain and the Own-Mailbox interface shows that the email-URLs were opened by some dodgy IP address.

[tptacek]

Captchas aren't even effective against fraud.

I think you missed my sketch of how the attack against single-use URLs (or, for that matter, pages that show what the last IP address to access the account was) works.

[nitrogen]

Mass surveillance can probably be turned into mass MITM. As tptacek said, intercept mail, alter link to point to attacker-owned server or account, proxy messages via the original link. An intermediate Rails developer could put it together with a couple of gems.

[vidarh]

However that requires a compromised client, a compromised cert, or a compromised ca. While all of those are possible, they do substantially raise the bar in terms of who may have the capabilities.

It's a classic tradeoff in terms of who you care about being secure against and how badly you want it.

[c22]

If the client is compromised then the mitm can be performed on the client itself. And barring that wouldn't the cert or the ca have to be compromised in order to intercept the message at all?

[nitrogen]

If the original message is delivered via SMTP, it's supposedly fairly easy to force unencrypted SMTP if you have a MITM. Then you can just rewrite the URL in the message to a domain for which you have a valid cert, or rewrite it to use http instead of https and intercept/proxy the http requests.