Hacker 10 – Security Hacker

Tag: encrypted email

  • Review privacy email provider Posteo

    Review privacy email provider Posteo

    Posteo is a paid privacy email provider based in Germany. I signed up with them after a recent Fastmail price increase and my concern about Fastmail being an Australian company with servers in the USA.

    I briefly considered Yandex, a free Russian email service with interface in English, but it does no good to me to trade NSA illegal spying for Russian Federal Security Service (FSB) illegal spying.

    I came to the conclusion that all countries spy and the only way I was going to protect myself from that is by using an email service that is transparent about logs, has encrypted storage with the email provider locked out of them, with no access to the keys, and end to end encryption. What is known in the privacy industry as zero knowledge, and if the company is based out of the Five Eyes wiretapping alliance (UK,US,CA,AUS and NZ) even better.

    Posteo fulfilled all the requirements I had in mind and I also liked that they do not have a Facebook page, it shows they really care about customers privacy.

    How to open a Posteo account

    Opening an account with Posteo took me around one minute, the company does not want to know your name, address, back up email or phone number.

    You only need three things to sign up for a Posteo account:

    1. Pick a username
    2. Pick a password
    3. Pay with cash, Paypal, wiring, credit card or voucher (payment methods are anonymised)

    Posteo payment

    I used Paypal to buy the account, I know Paypal stores all transactions for years and the NSA probably has a direct feed to them but the transaction does not show your Posteo email address, the only available record in Paypal is the date and amount of money you sent to Posteo, your inbox or username is never printed anywhere in the receipt.

    Posteo Paypal payment
    Posteo Paypal payment (5 years prepaid)

    Futhermore, Posteo payment system automatically assigns a code to the inbox so that usernames can never be linked by the company with a payment. Tax laws compel Posteo to keep payment information for 10 years, this includes your name if you used bank transfer o Paypal to buy the account, but it never includes what your email address is and if the company was asked for this they are unable to provide the information, there is no law forcing Posteo to keep that data.

    Specific details on how your payment is anonymized is very well explained with screenshots within Posteo’s FAQ.

    One of my favourite things from this company is that their help pages disclose in plain English (German&French) the security measures they take to protect customers from illegal spying by government agencies, what logs Posteo keep, how long for and what happens if they receive a subpoena, as well as some background  information about Germany privacy laws.

    There are no trial Posteo accounts, payment is taken from day one, but if you are not happy with the service you have the right to revoke it within 14 days and credit will be refunded.

    If I had to criticise anything from the payment system is that they do not accept Bitcoins.

    Posteo email basics

    You can access your email via web, IMAP or POP3, attachments are a generous 50MB and the initial inbox is 2GB with a couple of aliases, all of this can be increased according to needs.

    Posteo has a single basic email package that is prepaid, if you feel like you need more storage space or more email aliases you can go to account settings and move a slider bar to add extras, as you do this the screen shows you how much more this will cost you, for example, an alias currently costs €0.10 a month, if you need four email aliases that is €0.40 more a month, if you no longer need them next month, you delete it and monthly price comes down again.

    The way Posteo pricing is set up you don’t have to pay for things you don’t need, you customize it to your needs, it works out cheaper than paying for an oversized email package that subsidizes heavy or business email users.

    The account includes a decent online calendar, that can be optionally be shared with a public URL, address book and notes, all of which can be encrypted, in which case sharing is no longer be possible.

    Posteo email calendar
    Posteo email calendar

    Consider carefully if you need your inbox encrypted, after you enable it some functions like email searching will no longer work and if you lose your password Posteo support can reset your account but you will not be able to read your old email messages without your old password as Posteo has no way to decrypt them.

    For example, because I only plan on using Posteo in the browser I activated the additional email account protection that eliminates IMAP access, and this stopped notes from autosaving so I had to reactivate it. Next to each encryption setting you will see a box that tells you what features stop working if you choose security over functionality.

    Posteo email security

    There are a ton of security measures, and nearly all of them can be configured, Posteo is ideal for advanced privacy email users that like to have control and spend time tinkering with their security settings. It took me a good couple of hours of reading understanding all that Posteo had to offer.

    This company is one of the first email providers to implementing DANE, a DNS based authentication method that checks the digital certificate fingerprints of other email providers, this detects bogus certificates replaced by sophisticated hackers, state sponsored operatives have been known to do this trick in the past.

    For DANE to work other email providers must support it too, when sending an email to somebody a small green check box in Posteo let’s you know if the server you are communicating with is DANE compliant. Tutanota supports it and Protonmail has plans to have DANE this year, but the big NSA back doored email providers, like Gmail, Yahoo and Outlook, have no DANE support.

    Encrypted email provider Posteo
    Encrypted email provider Posteo

    Another setting activates a TLS-sending guarantee, with the checkbox ticked your messages will not be delivered to any TLS insecure email server, if Posteo comes across one you get a warning and have the option of sending the message without proper encryption in transit or not sending it.

    To use PGP you need to install MailVelope addon browser, after that a new button that says “Compose&Encrypt” magically appears in the webmail interface.

    You can add your public encryption key to Posteo keyserver and activate “encrypt all incoming email“, this means that all messages you receive will be automatically encrypted with your own PGP key at the door, on top of the encrypted inbox.

    You might want to do this if you don’t trust Posteo’s own encryption, you add an extra layer with your own keys, however if you lose your private keys you will not be able to read the messages again and every time you click on an email in your inbox you are required to to enter the decryption password in MailVelope.

    I found incoming encryption too burdensome, I would only propose it to the most paranoid kind not concerned with quick email access.

    Posteo PGP encryption Mailvelope
    Posteo PGP encryption Mailvelope

    Hat tip to Posteo for automatically bouncing my public encryption key back to my inbox with a warning that it did not conform to security.

    During key generation I made the mistake of adding my first name to the public encryption key and Posteo very rightly rejected it in their keyserver as the name can be used to track down your identity, I was only able to add the key to the server after changing the name field with a non descriptive text, like my email address.

    Two factor authentication is possible too, Posteo works with any open standard TOTP app, like Google Authenticator, but the company recommends FreeOTP because it is open source (developed by Fedora), or if you own a Yubikey you can use it for two factor authentication, the help pages come with clear instructions and screenshots about how to set it up.

    Posteo downsides

    It put me off Posteo that they don’t own the .com of their email address, I had people in the past sending me messages to a .com version of my address, it is a common mistake many people do. I find it very short sighted that a company like Posteo, offering a choice of 30 different domain names for your email aliases, does not have a single neutral .com that you can pick for an email address. You can have a @posteo.af address, country code from Afghanistan, and a @posteo.jp country code from Japan, but .com is not an option.

    I would have appreciated a non descriptive .com domain which URL does not resolve to Posteo homepage that can be used as an alias.

    Another downside for me is that Posteo does not have a Spam folder and you can not have one. Posteo drops all spam silently and you must trust they do it correctly.

    My experience with email providers so far has been that no spam filter is 100% perfect and I have no way of finding out if a message is not getting to my inbox because it was flagged as spam by mistake or because it was never sent.

    You can whitelist addresses in the filter but there is no way of whitelisting something you don’t know about.

    Posteo advantages

    Posteo comes with Mailvelope preconfigured, after installing the addon in my browser a new encryption button appears in the webmail interface and this gives me the ability to communicate with other PGP users holding my own encryption keys instead of Posteo doing that.

    The encrypted email inbox and being able to encrypt all incoming messages with my own private encryption keys is a huge perk too.

    Posteo message filtering
    Posteo message filtering

    It takes time time to encrypt messages yourself, entering passwords, selecting the right keys, etc, if you are tight on time and security is not that important for you it might be best that your email provider does all of that, but if you want to err on the cautious side and trust nobody with your encryption keys, owning your own keys is they right way to do it.

    I also liked the email filtering, being able to file messages into folders as they arrive, according to subject, sender, etc.

    Posteo support

    Support is not suited for businesses, but I think that an individual will be ok waiting one or two days for a reply. You can contact Posteo by email during German working hours.

    I sent Posteo support an email to ask a question about my settings and it took 24 hours to get a reply that solved my question.There is no ticketing system, this might unnerve some people, because you keep wondering if the email was ever received, but not having a ticketing system is advantageous for those who value privacy and a very good idea

    The company barely keeping records of anything means that the information can not be lost or stolen and you can always check the “sent receipt” box if you email support, this way you will know they have received your inquiry.

    Posteo vs Protonmail

    I like Protonmail design and them forcing two different passwords to access the encrypted inbox. The main reason why I did not buy a Protonmail premium account is that their paid accounts cost five times more than Posteo. Protonmail has a bigger inbox but I wasn’t going to use it.

    It also put me off a bit knowing that in 2015 Protonmail had paid ransom to some cybercriminals DDoS their servers, it shakes my trust on how much of a fight the company is willing to put up for what it is right when I see Protonmail selecting the easy way and pay up to avoid problems.

    Posteo vs Tutanota

    I was really close to buying a Tutanota premium account, they offer more aliases than Posteo, both companies are based in Germany, and cost the same, plus I like a couple of features Tutanota not found in Posteo, like being able to send links to password protected messages.

    I finally went for Posteo because of their Mailvelope pre-configuration and because I wanted a company that will not go bust. Posteo has been around for more years than Tutanota and they do not offer loss making free accounts which makes it more likely that they will survive.

    Posteo review conclusion

    If you are comfortable managing your own PGP encryption keys, want an email service with an encrypted inbox that does not keep logs or records your identity and it comes with lots of features at a cheap price, I think that Posteo is unbeatable, far cheaper than other paid providers (€12/year).

    You should also pick Posteo for an email provider with calendar, notes and aliases that will respect your privacy and if you need a mailing list provider, this is still in beta but it should be rolled out soon.

    But if you rather have your email provider do to all PGP encryption for you at the back end don’t pick Posteo and if you wish to pay with Bitcoins Posteo should be out of limits for you too.

    Visit Posteo email

  • Free encrypted webmail service Tutanota

    Free encrypted webmail service Tutanota

    Tutanota, meaning secure message in Latin, is a German based free webmail service with end to end encryption. Your email messages, attachments and subject are all encrypted in your browser using Javascript with a cipher combination of RSA 2048-bit and AES-128-bit before uploading data to Tutanota mail servers in Germany. The encryption keys remain in your power at all times, the company can’t see anything in plain text, they can’t restore your password or reset your account, anybody forgetting their password loses access to the messages.

    If German authorities ever serve Tutanota with a court order to hand over a customer’s email inbox content, the company will of course comply with the warrant but all they will be able to deliver will be ciphered files with no decryption key. According to the email exchange I had with Matthias Pfau, one of Tutanota founders, they do not log IP addresses and only keep timestamps, the details are stored anonymously without any reference to your user account. Each mail in your inbox also contains the mail addresses of the recipients in clear text, kept until you delete the email, Tutanota has some ideas about how to hide the recipients address but it has not been implemented yet.

    Encryped webmail Tutanota
    Encryped webmail Tutanota

    You can open a Tutanota email account with minimal details, choose a username and password and that is it. During the very short registration you will find a link to a Wikipedia page with instructions on how to choose a strong password, a coloured meter on the page lets you know if your password is secure enough to withstand brute force attacks.

    I appreciated the clean smooth webmail interface giving one click access to the different tabs and folders, with a security tab where you can see a list of of the successful and failed account logins with timestamps, no computer IPs are associated with customer accounts since no IP logs are kept.

    Sending an encrypted email in Tutanota is effortless, it does not require customers to manage encryption keys or know much about security. The system is compatible with insecure email services like Gmail or Yahoo. When you send a secure email to somebody who is not on Tutanota, instead of receiving the full text, they receive a message with a link inviting that person to visit Tutanota servers to read the encrypted email, only readable with the correct password and decrypted locally in the browser.

    By not sending the email message body, any organisation monitoring Internet traffic will not be able to intercept a copy of the encrypted data. A terrific way to stop mass surveillance on the Internet is to never let the data out on the wild web. The same security system that CIA director General Petraeus was using to communicate for an extramarital affair, he used a dead drop email account and never allowed messages to travel the Internet.

    One can assume that the CIA director has classified knowledge to know how to best avoid surveillance, and presumably General Petraeus applied that privileged information to protect his own life, it is possible to learn a lot from observing the experts and copycat them.

    Tutanota encrypted email exchange
    Tutanota encrypted email exchange

    Tutanota free email service is a major improvement over the dead letter box communication system, the company adds an encryption layer, and the people you communicate with do not have to change anything, they can securely reply to you using the same window where they are reading the received message.

    Another important security fact about Tutanota is that they hired a German penetration testing company called SySS to try to find security vulnerabilities in their mail service, like cross site scripting. Tutanota was given an all clear certificate attesting that during the network scan and manual hacking that was attempted by security experts it was not possible for SySS to access any confidential data. If that is not reassuring enough, Tutanota source code is available for download released under the GPL license, you can use it to build your own email client or check it for bugs.

    The zero knowledge approach of this email service, their no logs no decryption keys available policy, located outside of the UK and USA, very easy registration and utilization make Tutanota one of the best alternatives to Hushmail.  If I have to complain about anything, is that, not being German myself, I do not like getting a .de email address (@tutanota.de), I prefer a .com domain to stop people from assuming I am German.

    This security model is the future, spy agencies are not going to stop monitoring data travelling across the Internet, so, you just don’t send it, leave it on the server for others to  fetch, superb.

    Visit Tutanota homepage

  • ETHICmail, the legal resistant email service

    ETHICmail, the legal resistant email service

    ETHICmail is a secure email service that aims at stopping massive and illegal surveillance orders. ETHICmail secures your connection to their servers with SSL Perfect Forward Secrecy, 4096-bit digital certificates and their proprietary SecureStorage AES 192-bit encryption engine for data storage.

    One unique ETHICmail feature not found elsewhere is emergency remote full data wipe of your email messages by sending a mobile phone SMS code to your account. ETHICmail also has a specialist legal team that reviews and challenges unfounded surveillance orders, Gmail claims to have that too so I would not call the last feature unique but ETHICmail notifies the individual when they receive a warrant against him whenever it is possible.

    ETHICmail legal resistant email
    ETHICmail legal resistant email

    ETHICmail email login interface has a banner on top listing a help phone number in Switzerland and displaying how many surveillance warrants have been served to them up to date, divided by interception and data seizure warrants.

    Their email interface is clearly a customized cPanel UI, offering you Horde, RoundCube, SquirrelMail and ETHICmail logins, each one with a different layout, if you have used cPanel before you feel comfortable using it. If you wish, you can use your own domain name, it is easy to add, ETHICmail customer panel is based on WHM, a standard administrative web host manager deployed by most hosting companies.

    Your emails are kept encrypted with ETHICmail SecureStorage but you have to encrypt messages before sending them out, this is not done by ETHICmail for you like Hushmail or Countermail do, you need to be familiar with PGP encryption and manage the whole process.

    ETHICmail headquarters are in the Seychelles, a very privacy friendly jurisdiction, but I found out that part of their staff is is based in Gibaltrar, a territory ruled by British law. Being Britain NSA best buddy and a country where mass surveillance is routinely carried out with full government support, I wasn’t exactly thrilled. I am not sure how it affects legal subpoenas having the distribution centre offices in the United Kingdom.

    A disturbing problem with ETHICmail is that the company claims that they only accept 10 type of surveillance orders, ranging from terrorism to copyright infringement. The accepted interception orders cover every single kind of crime, from the most severe to the most minor.

    ETHICmail SecureStorage IP restriction
    ETHICmail SecureStorage IP restriction

    I don’t believe that any email service should help break the law, but when you start accepting surveillance orders for crimes that do not even carry a prison sentence, what is the point of paying extra for a self-proclaimed “legally resistant email service“. Not surprisingly law enforcement has been know to lie, there is no way ETHICmail can know if the copyright infringement really occurred or if it is something made up by a spy agency to get hold of the data.

    Positive ETHICmail points are that emails are stored encrypted with your own private key to which the company has no access and they claim to be unable to recover encrypted data, you can wipe your account remotely with an SMS message and there is computer IP control restriction to whitelist account access.

    Negative ETHICmail points are having part of their business in British soil, not providing automatic OpenPGP encryption when you send email like some of their competitors do and very expensive prices. ETHICmail legal assistance addon worth thousands of dollars is only affordable to big corporations.

    If you are an individual, you can find better price and features in Countermail, Hushmail or AnonymousSpeech. If you are corporation with a huge budget maybe you want to consider ETHICmail but not managing OpenPGP keys would bother me because the average employee does not have a clue about PGP and without it you are open to illegal in transit email wiretapping, another big blunder is that I could not see the interface being mobile device friendly

    Visit ETHICmail homepage