Nicolas314

All my geeky stuff ends up here. Mostly Unix-related

Posts Tagged ‘dropbox

GMail considered a liability

with 2 comments

Your digital life is online

Since free webmail providers have emerged, it has become common to enjoy universal e-mail access from every computer without restriction. This makes e-mail ubiquitous, giving us the power to delve into our oldest archives to retrieve pictures, messages, links or conversations whenever we want to access them.

Storing all of your digital life with a single webmail provider like GMail, Yahoo or Hotmail makes you more reactive and also provides this warm safe feeling that all your private information is always within reach. Yet it is also unfortunately a single point of privacy failure. If you can access all of your e-mail history, so does anybody with either your password or administrator access at your webmail provider, whether they are regular admins or successful hackers.

Convenience kills security

Webmail services suffer from security issues. In short:

Administrator access

Anybody with admin privileges at your webmail provider can read your e-mail. Why would a GMail administrator want to access your e-mail history? After all there are millions of users, why would your mailbox be more interesting to them than any other?

Thing is: the very fact that an unknown person (or software) potentially has complete access to your e-mail history should be enough to make you nervous. There are now laws in the US that enable government bodies to access anybody’s e-mail history without having to reveal their investigation, i.e. you will never be told that your messages have been used to gather evidence about you. This is an issue for everybody since GMail, Yahoo and Hotmail are storing a copy of all their users’ data on servers located in the US, where this law is applicable. Still not nervous?

Security breaches

A quick search on the web for webmail security breaches should be enough to convince you that no matter how hard they try, webmail providers will never be able to protect their users’ data with 100% security. See for example:

No matter how hard they try, a webmail system with millions of users will always have flaws and there will be people to exploit them. Securing a network is a very hard task, perfect security does not exist.

Stealing your password

There are many ways to steal somebody’s password. Shoulder-surfing is the most obvious one: observe a user when they type their password, in general you get enough clues to make an educated guess pretty quickly.

If you do not know the person, targeted phishing can be very successful. Send an e-mail to your victim containing a link to a web site you own. This web site displays a fake webmail error page about an expired session and invites the user to enter their credentials again. Done.

This may seem far-fetched but this kind of attack is actually very easy to put together and has been demonstrated to work exceedingly well with all kinds of population, including unwarned security experts. Believe me, I recently tried. Getting a GMail password is just a matter of setting up a tiny web site and sending an e-mail. And if you do not feel like doing it yourself you can hire somebody to do it for you. For a price between $50 and $200 you can get anybody’s webmail password in clear within a couple of days. True story.

Another phishing method was recently described. I believe this is virtually impossible to thwart except by pure chance. What this means is: sooner or later your webmail password will be known to other people than yourself. Prepare for that day or prepare to suffer.

Privacy breach

A privacy breach could destroy lives. Getting access to somebody’s e-mail history will give you more than just a view into their hearts.

To take a parallel, what if starting from now, everything you said was recorded forever and could be used against you at any time in the future with sentences taken out of their context? What if the database of everything you ever said was made public and searchable?

Keeping full control on your e-mail history should be considered an absolute priority. Possible outcomes from a privacy breach are broken lives.

What must be protected

Hardly any e-mail you send or receive is in itself a privacy liability in itself. There are of course countless examples of disastrous reply-to-all messages that were intended for a single person and unfortunately sent to a whole mailing-list, but this tends to remain a negligible part of the e-mail flow. Additionally, the reply-to-all catastrophe can also be avoided with better e-mail clients that warn you before sending messages to a list.

Take one embarrassing e-mail out of my mailbox, publish it on public forums and I will either ignore or deny it. You will not have enough information to embarrass me or if you do I will simply call you a liar.

Take my whole mailbox and the e-mail history it contains for several years and you have enough information to impersonate me with as much precision as you like. You will probably be able to gather a list of additional accounts I have on every web site I have been to, know my most intimate friends and thoughts, and probably be able to reconstruct my personal life day by day.

e-mails become a privacy treasure:

  1. When they gather in an archive
  2. Simply over time, by the very fact that they document past events

An e-mail is something instantaneous. It is written within a very focused and narrow context and may later acquire much more importance than the very message it carries. Think of the many books from famous authors that are only made of letter exchanges they had with their friends and families: the insight they give you about their authors teaches you infinite treasures about the context when they were written, both about the writers and the situation they were in. The whole is worth far more than the sum of its components.

E-mail encryption?

Encrypting individual e-mails would solve the issue but is obviously overkill. Individual messages taken separately are not really a danger.

PGP and S/MIME

If you want to take the encrypted e-mail path, PGP and S/MIME are two well-designed systems but quite impractical if not implemented seamlessly for the end-user. When you do activate PGP encryption on your mail client, you always ask yourself before sending any message “is this message sensitive enough that I need to encrypt it?”. The answer is almost always “no” and you quickly learn to forget how to use e-mail encryption.

Most importantly, e-mail encryption needs both sender and receiver to agree on an encryption mechanism, something that just cannot be asked from any user. Either it happens at the lowest level without users knowing, or it is not used. Neither PGP nor S/MIME are there yet.

Hushmail

Hushmail is a service offering a free public webmail with limited inbox size for non-paying users. Their whole business is designed around encryption built into their system and it turns out to work pretty well between Hushmail users. Unfortunately it quickly gets impractical or totally unusable when you need to communicate with anybody outside of Hushmail.

Despite heavy advertising on their encryption capabilities, Hushmail has lost a lot of credibility when it was revealed that they had at some point handed over the keys to US government agencies for “security reasons”.

So much for privacy…

While I have no doubt that authorities have good reasons to invade some user’s privacy, it shows that there are technical means to access user mailboxes. What does a determined attacker need to get the same access rights as lawful bodies? I do not have the answer to that question but I’d rather take no risk.

Damage control

Perfect security systems do not exist but disasters can be mitigated. Free webmail providers are convenient and there must be ways to keep using them without loosing all the benefits. What can we do?

Use encrypted e-mail storage

Use asymmetric cryptography and let the users choose their own keys. This way, no administrator could access your e-mail history. This kind of service is actually sold by http://www.lavabit.com for a modest fee.
The level of webmail functionality between lavabit and GMail just cannot be compared though. GMail’s web interface is beautiful, lavabit has the bare e-mail functionality. Apples and oranges: Google is the most powerful corporation on the planet, lavabit is not.

Roll your own

Stop archiving e-mails with your webmail provider!

A very simple solution is to keep your mail archive out of your webmail provider’s reach. Make it a habit to download all of your inbox to a local folder at regular intervals and make sure all archives are deleted on the webmail site.

For GMail, this implies downloading your mailbox off the GMail/[All Mail] box through IMAP. Make sure your IMAP client deletes mail really instead of just sending it to the Trash folder where it will still live for 30 days. I do not use Yahoo or Hotmail but there must be equivalent procedures.

Ok, now that you got your e-mail archive off the web you are a bit safer. There are two other topics you want to address though:

  1. Make sure that only you can access your e-mail archive
  2. Enable mail archive browsing from any of the computers you use, ideally from your e-mail client.

First topic can be addressed using any disk encryption tool. Second topic can be addressed using services like Dropbox that take care of replicating the same data on all computers registered to your account.

One possible solution

I have spent a bit of time testing and tweaking and finally came to a workable solution:
Pre-requisites:

  • A Dropbox account. If you do not know Dropbox check out this previous post: dropbox love
  • Get TrueCrypt from http://www.truecrypt.org/. TrueCrypt is free and open-source, it works on Windows, Mac and Linux.

Initial procedure:

  • Create a TrueCrypt container and populate it with your e-mail archive.
  • Copy the TrueCrypt container to your Dropbox folder and let it sync.

This is going to take a while, depending on the size of your TrueCrypt container and available upload bandwidth. But fortunately this only happens once. Dropbox and TrueCrypt work fine together: when you change just one bit of a file in the encrypted container, only the difference are sync’ed, not the complete file.

Daily procedure:

  • Keep using your webmail as usual

Accessing archives to read or update them:

  • Start dropbox, make sure your encrypted container is sync’ed to the latest version, stop dropbox.
  • Mount your encrypted container with TrueCrypt
  • Start your e-mail client and browse your e-mail archive. You can move mails from your webmail archive to your encrypted container at that point.
  • When you are finished: stop your e-mail client, unmount your encrypted contained. To upload your modifications: start dropbox, let it sync.

This solution is by no means ideal, it requires a number of interactions with three pieces of software: TrueCrypt for encryption, Dropbox for synchronization, and an e-mail client to move mail around. But in the end it is incredibly safer than anything I have seen so far. Taking matters into your own hands guarantees that:

  1. Your e-mail archive is only available to you
  2. You have multiple copies of your e-mail archive on all computers you use, and one at Dropbox.
  3. Your e-mail archive is integrated with your e-mail client.

There are probably more convenient solutions but for now this is the best I found. Suggestions are welcome.

Have a safe e-mailing day!

Advertisements

Written by nicolas314

Monday 21 June 2010 at 5:15 pm

My 2c on Amazon

with one comment

Hide the family jewels

As an early adopter I have enjoyed digital cameras at home for over 12 years now. This translates into about 20Gb of JPEGs on my home partition which I absolutely do not want to loose. I had the painful experience of getting burglarized a few years back and was lucky enough to recover my computers from the police station a couple of days later. The hardware itself has no importance to me but the pictures are of course priceless. This calls for a drastic solution: backup, backup, and remote backup. First two steps are easy: multiply the copies of your pictures using rsync on various hard drives around the house and you are covered against single hard drive failure. Make sure you take the habit of sync’ing them all every time you get a new bunch of pics and you are set. Now what are the solutions for remote backups?

Store it at work

The obvious solution is to encrypt a disk and leave it somewhere in my office, but that has obvious drawbacks. First is that I have to think about bringing the disk home every time I add more data. I tried it for a while and could never think about updating the drive. Second point is that there are lots of people going through my office every day. Even if I trust my colleagues, it is always tempting to borrow a USB hard drive you have seen sitting around the office for ages. The contents are of course encrypted, which makes the drive appear as unformatted to the untrained eye.

I do not want to lock stuff in drawers. Last time I did, I lost the keys and had to destroy a drawer to get to my stuff. Kinda cryptography in the real world, except brute force actually works.

Network storage

Network storage solutions are a dime a dozen and literally exploding these days. I tried a lot of them and came to the conclusion that Dropbox is by far the best in terms of usability and functionalities. It is the only solution I tried that has clients for Windows, Mac and Linux and that can dig through the firewall and http proxy at work without me configuring anything. It also has an iPhone app to review your files on the go and this is absolutely gorgeous. I can finally have the illusion of having the same disk at home on all machines, at work, and in my pocket.

I will probably become a paid subscriber at some point. The remaining detail I have to fix is to figure out how to upload 20 gigs of data to their servers with my puny 100kB/s home DSL connection. Dropbox also does not offer encryption, I have to figure out a way to encrypt everything on the fly but still make contents accessible for easy retrieval like an index or equivalent.

Amazon S3

Another shot at network storage solutions brought me to Amazon S3. This service offered by Amazon is mostly aimed at developers who want to host large amounts of data like a database backend for a dynamic web site. It is a bit rough around the edges. Lots of people have tried disguising the whole thing as a network disk without much success. Reviewing existing Python APIs and fuse-based stuff did not reveal anything revolutionary or stable. Anyway, I felt I just had to try it out.

My tests consisted in creating a dedicated directory (a bucket in Amazon terms) and upload 100 Mb of data to see how easy it would be. I want both to be able to sync my picture directories and encrypt all contents on the way up without having to recode too much stuff. I ended up with a little bit of Python glu around rsync and gpg that was not too satisfactory. It worked for basic tests but I would not have relied on my own code for production :-)

Amazon S3 is not a free service, but it isn’t expensive either. Doing my whole test set ended up with a bill for less than 2 euros. Fair. But this is where it hurts: Amazon billed me in US dollars and that triggers international charges on my credit card that are far above these 2 euros. In the end I might make my bank richer and will not bring anything to Amazon.

Pained by what I had discovered on my bank monthly slip, I decided to close the lid on the S3 experience and deleted all data from the bucket I created. Next month I was charged $0.02 for this operation, which turned into an absolutely ridiculous amount in euros with a fair charge attached from the credit card because they did not appreciate my micro-payment.

This is probably the last time I ever use S3. I really do not understand why Amazon can bill me in euros for books (even when I buy in the UK) and not for services. Another good idea could be for them to cumulate bills until they reach a reasonable sum like 10 or 15 euros. It would not change much to their cash flow and would really avoid un-necessary bank feeding.

My 2c on Amazon S3 have cost me more than my phone bill this month.

Written by nicolas314

Thursday 10 December 2009 at 11:09 pm