Shooting the ambulance

It seems that there's a national sport among crypto nerds, and it's shooting the ambulance. Yeah, I know, I've been kind of naive thinking that some people with common sense could be more vocable than the people who enjoy ranting on stuff, saying that this is shit, and that only them know the truth.

I'm speaking specifically about the own mailbox project and the torrent of flame and more or less accurate accusation it received from @aeris in this three posts. I also like to point out that the answers provided by the Own Mailbox team doesn't makes them right. There are issues with the project, but I do not think it's a reason for burning them alive, but instead would have been interesting to help them to improve.

This is something aeris have an issue with - I already pointed that out in the way Crypto Parties are ran around here in Paris.

The point he's missing in those articles is - as always - what is the threat model own mailbox tries to solve; as well as mixing up a lot of things (blaming a mail server for the insecurity of TLS or for the possibility of MitM attack is … out of scope).

So, let's try to think about that.

Everything is broken

First, as Quinn Norton once wrote, if you pretend to work in the security and tries to improve the safety of people, you have to acknowledge that: Everything is brooken. It basically states that there's no way to have a secure system. It does not exists, it will not exists any time soon.

If you look at a project like own mailbox, where you will display decrypted text on an end-point - because if you're not you're either using bad crypto or no-one is actually reading the content.

Eventually, you'll have decoded data - sensitive data - displayed and stored at least in memory of a computer. A computer which is flawed by malware, spyware, adware and other nasty things. Whatever your crypto level is, even if you have a fully patched computer with as few software as you need, you'll probably have some 0-day active that a motivated attackers can exploit to get access to this memory.

It means that, with a sufficient amount of time and of motivation, someone else than the emitter and recipient of the message would be able to get their hands on your data, for the simple reason that - at some point - you need to read it.

And if you have a bullet-proof mailbox - which is the promises made by own mailbox - well, it's way much easier to target the end-node and to read the mails at the same time as the user.

After all, Hacking Team was doing basically exactly that. And there's no reason to believe that they were the only one to do that.

And no, free software will not save you there, with so many attacks on web browser, or PDF, it's not enough to run free software on your computer. One way to solve this issue is to use an air gap computer, a computer that have never been and never will be connected to a network of a kind. It means you need to burn your mails on a CDRom or a DVDROm and to check them onto the airgap system.

And this is something you cannot do with the general public. Because maintaining such a computer - set asides the financial costs - requires time. Like at least one hour a day. Every day. And to get a good understanding at how the computer works. Which is something a lot of people - because they do not want to or because they cannot to - won't do.

Also, assuming that the average computer/smartphone/tablet/whatever security is higher than the one of a small brick that cannot be easily improved and extended is a hell of a mistake. Key generation whould only be done on airgap computer with hardware random number generator if you want to have really secure keys - and stored on a read-only devices.

Never forget Jessica

This is the second most important error done I think. We forget about Jessica. Specifically we make two mistakes. The first one, that everyone is willing to spend a lot of time figuring out their safety and to protect themselves and their relatives against a theoretical threat.

Let's stand back a little bit. We already have hard time to have people using simple means to protect themselves against a real threat like AIDS, syphilis or other STI - use condoms people. Seriously - how would we have them protect themselves against philosophical and political threats?

Especially if we expect them to understand things that could take some months or years to get by? What is the point of full-encrypted mail? What means end-to-end? What's the NSA/GCHQ/insert-your-own-agency-here doing exactly? And why they're doing it? They're trying to protect us, of course. Against terrorism. That's what they said.

If you want user to actively use crypto, you need them to not think about using it. And if you focus only on the technical issue, you're missing the point that it's a political one. Because if your government wants to spy on you, they will sub-contract a hacking team like, and you'll be screwed.

This is what - I think - aeris is missing. The people who'll actually get the own-mailbox are people who already understand why they need to protect themselves (yay, there's actually some of them out there), but who can't afford to host themselves another way - essentially by a lack of time and of skills.

People who will get these kind of devices are not the hard core activists who tries to avoid cops enter their house to seize computer look-a-like devices. Because, in this situation, hosting your mail in your office is useless at best, dangerous at worst.

So, most of the people who will use this kind of device or services aren't really people at risk of being sent in jail because they sent an email. They're probably the one who will use it as a nice gadget, on a side.

This kind of devices have no chance to ever be used in life or death situation. And even if they were, crypto won't protect you from bullets.

Also, everyone seems to think actual people uses email. They're not. Less and less. We're using Facebook messenger, twitter DM, GMail (which is less and less compatible with third-party clients), WhatsApp, SnapChat, SMS, etc …

I'm not saying that it's a good thing. I'm trying to understand who are the people who're gonna use this. And it won't be the social-media addict who only uses a Mac and GMail, it won't be the Uber Nerd who uses only mutt and emails, nor will it be company - because they can't handle the load on those devices.

It won't neither be the poorest people who do not have access to a correct enough ADSL line. So it will be people who already understand what it means to being watch and wants to add a little bit more security on their devices.

The thing is, we won't get everyone doing key management the perfect way for - at least - two reasons. The first one being that no one know what is perfect key management. The second one being that even the crypto nerds fails at it on a regular basis.

So this is it.

I really think that own-mailbox commercial team have an issue. Their answer is out of scope. There is some issues to be addressed. The funnier one is pretending that needing JavaScript for a webmail client would be a security issue … it will be if you're living in a place where there is MitM interception on the line + a way to tamper with TLS. Which is typically the case where you do not want to have a box with all your emails in your houses.

But going after them, saying that the devices is blatantly flawed without even having one at hand in the first place is kind of stupid and counter productive. There's an issue around the terms used (100% secure is always false), but I believe that - since it's a free software project - aeris could have, at least, open bugs or ticket. I did not find a repo for own-mailbox though - didn't look for it hard neither.

But aeris choose to get out for blood. Yes, this porject is far from perfect, but it's still a plus, and if it gets some people to use more opportunistic crypto, then it's fine enough for me.

aeris, you really should understand that no, no one can use the tools you're using as part of their regular routine. And in most case it's not even a matter of will, but a matter of means.