Own-Mailbox, the first 100% confidential mailbox

12 réponses [Dernière contribution]
alejandro_blue
Hors ligne
A rejoint: 11/07/2013

Hi there!

What's your opinion about this project?

https://www.own-mailbox.com/index.php#about

Do you think it's a good idea to support it?

By the way, this is the Crowdfunding page:

https://www.kickstarter.com/projects/1547898916/own-mailbox-the-first-100-confidential-mailbox

Jookia
Hors ligne
A rejoint: 08/01/2015

I had a bit of a rant about this on IRC the other day so I'll post a cleaned up version here of me reading between the lines:

> Own-Mailbox is a personal email server you can run in your own home

You better hope it doesn't break or have downtime, and trust that your home network is secure enough to handle anyone intruding through this internet facing service.

> Your email address will be like name at domain. The domain name name.omb.one will belong to your for free for life and will automatically point to your Own-Mailbox, even when you change IP.

Once we go out of business you're screwed. You also have to trust us not to proxy and snoop your traffic.

> Some ISP will block only port 25, but allow to forward other ports. In this case we will offer a free port tunneling service for 5 years for port 25.

So we'll actually proxy your traffic maybe. Just trust us not to snoop?

> you can seamlessly send and receive encrypted emails

Great, you won't know when you're not encrypted.

> through a smartphone app, or using external email software

Man it'll sure be easy making all this software work together properly.

> Own-Mailbox automatically encrypts your emails using Gnu Privacy Guard, a strong encryption software. This is the same software that has been used by Edward Snowden

If we use GPG as part of software that makes the rest of it secure, right? Also Edward Snowden used some software we're going to use, so by extension it makes our engineering practices secure.

> Own-Mailbox allows you to send and receive 100% confidential messages even with people who don't use email encryption yet.

Impossible, you both need to be using authenticated encryption to have confidential messages. If it's not authenticated, it's easy to attack. I might want to add here that the project throws around that '100%' figure a lot. 100% open hardware, but it uses an Allwinner A13 board, so you still have a nonfree chipset. It says 100% free software too which is kinda weird given Allwinner has a history of GPL infringement, though they might be able to avoid those parts given how the device just needs networking.

> For this purpose we introduce PLM, a new technique that allows you to send a filtered and temporary HTTPS link to your contacts. This link points to your private message hosted on your Own-Mailbox.

New crypto techniques? This isn't good either. Who hosts the link database?

> The link is temporary: once clicked by your correspondent it is too late to spy, the link does not work anymore.

Or if someone's man-in-the-middling it they can just show it before it was destroyed.

> The link is filtered by a question. Depending on the level of surveillance you think you are in, the question can be a simple captcha to avoid bots, a secret question that your correspondent can answer but not the NSA, or a request for a password previously exchanged with your correspondent, or no question at all.

That's somewhat useful since you do get some authentication. I hope the secret question and password filters actually encrypt the link or the people hosting the database can see right through it, just like with CAPTCHAs or no question at all.

> In practice a simple captcha will allow you to be safe from mass surveillance, since only targeted surveillance can be done by human beings.

We already have problems making CAPTCHAs to filter spam bots, but obviously the most equipped surveillance agencies on Earth won't be able to get by them.

> On top of that any spy will be detected, and have his IP address revealed.

Detected how? As for the IP address, wouldn't governments just use Tor to mask themselves? If that's so above them, why don't we just block government agency IP blocks? Mass surveillance solved!

> On our test, no PLM has ever been spyed even with no question at all.

Those sound like famous last words.

jei
jei

I am a member!

Hors ligne
A rejoint: 02/18/2015

I think you raise some good points, and I wanted to add some thoughts of mine to them. Maybe you can evaluate how valid they are.

>You better hope it doesn't break or have downtime, and trust that your home network is secure enough to handle anyone intruding through this internet facing service.

That goes for pretty much any kind of server you host from your home, right? Whether it be kids hosting their Minecraft servers, or people sharing some files with friends and family via FTP. (I don't condone playing proprietary video games btw.) Of course that's more dangerous than not hosting anything, but is there an alternative when you decide that you want to self-host and have this level of control over the server hardware? Not everybody has their own data centers.

>Once we go out of business you're screwed. You also have to trust us not to proxy and snoop your traffic.

I think this "feature" (which I personally wouldn't like to use) is mainly for people that can't into DNS or want to pay for domains. You can still use this box with your own domain that is not associated with the makers of it. But yeah that's definitely something they should make clear to the user during set-up or so.

>So we'll actually proxy your traffic maybe. Just trust us not to snoop?

I think this would be a manual setting, not necessarily happening automatic and "maybe" without you knowing. And while you definitely lose some privacy by using a proxy in this case, as long as the connection is still end-to-end-encrypted, at least the content itself would be still safe. (Metadata is of course still a serious issue.)

>New crypto techniques? This isn't good either. Who hosts the link database?

I think this database could be easily hosted by your box itself, and that would make the most sense to me. This technique they're using at least can only end up better than sending plain unencrypted mail, and I think is the same that services like Tutanota are using, so it's not completely unexplored territory.

>We already have problems making CAPTCHAs to filter spam bots, but obviously the most equipped surveillance agencies on Earth won't be able to get by them.

True. I wouldn't trust a Captcha for a second. Well, and thanks for your remarks about the hardware, I didn't know much about that aspect of this project. If you have any more information that's maybe not obvious to someone reading their website, I'd appreciate it. I'm still kind of curious about this.

Jookia
Hors ligne
A rejoint: 08/01/2015

> is there an alternative when you decide that you want to self-host and have this level of control over the server hardware

Self-hosting doesn't really gain much in my eyes besides pushing the burden of a broken system on to people. You shouldn't need to bother with things like DNS, GPG or other garbage, you should just be able to find someone by their public key whether through friends or through a public directory. Messaging should also be anonymous. We should be moving to serverless end-to-end encrypted technologies like bitmessage or i2p-bote.

> (Metadata is of course still a serious issue.)

I hadn't thought about this though in a sense it's actually worse than you might think: Self hosting means you stand out and can be pinpointed which is actually worse than something like gmail. I'm sure surveillance agencies have graphs of who talks to who, but this makes it easier to find real identities.

> And while you definitely lose some privacy by using a proxy in this case, as long as the connection is still end-to-end-encrypted, at least the content itself would be still safe.

Ironically proxying would help give you privacy in this case.

> I think this database could be easily hosted by your box itself, and that would make the most sense to me.

I don't know why I didn't think of that. That does make sense.

> This technique they're using at least can only end up better than sending plain unencrypted mail, and I think is the same that services like Tutanota are using, so it's not completely unexplored territory.

This is true, but you have to remember that this is being marketed as 100% confidential and good enough for whisteblowers.

moxalt
Hors ligne
A rejoint: 06/19/2015

> Self hosting means you stand out and can be pinpointed which is actually
> worse than something like gmail.

Self hosting is still infinitely better than using Gmail, for a number of
reasons: you need to actually have a warrant issued to search your own
machines, as opposed to Gmail being all to happy to hand over your data (of
which Google will have collected a lot more) to the NSA on the slimmest of
pretexts. Secondly, despite the fact that intelligence agencies sweep e-mails
during transmission and so will get their hands on all e-mails anyway, at least
you won't be creating profiles of yourself to sell yourself out to other
corporations, unlike Google. You also have complete control over your own data,
which allows you to implement full encryption of all stored e-mails, unlike
Google's services. Though Google actively abuses its users, people are unlikely
to abuse themselves in the same way.

This concept of one being 'pinpointed' out of the crowd by intelligence
agencies doesn't really carry much weight, because you will just have all your
information handed over to the NSA anyway if you use Google and one can just
use head-to-toe encryption on servers you actually control. You don't need to
run your own mail server for the NSA to be able to find you, because they
already have everyone who uses Gmail from day one.

tomlukeywood
Hors ligne
A rejoint: 12/05/2014

so it would be best to host your own server and encrypt everything

JadedCtrl
Hors ligne
A rejoint: 08/11/2014

I saw the exact same product (other people with the same idea) on Reddit a few weeks ago...
And what if this thing breaks? I can imagine it being less than simple to fix it, as it's designed to be a set-up-and-forget mailbox. Heh, literately. It's a box.
But yea. You're much better off setting up your own mail server on Trisquel or some such thing.

lynx
Hors ligne
A rejoint: 09/05/2015

I'm not sure why this service really even raises eyebrows. Dynamic DNS has been around for many years, so it's always been possible to host your own email. Admittedly, Own-Mailbox makes the process of doing so (potentially) trivial even for those not technically inclined. And as Jookia said, one should almost certainly be weary of security/crypto that has not seen rigorous scrutiny.

But I guess the real question is if one really wants to run his or her own email server? And what protections does one seek from OM that aren't currently addressed by existing mail services? My sense is that any protection currently afforded by hosting/storing your own email on your own equipment rests on the premise that such emails are legally your property. But this is a legal protection, which only means it potentially limits what can be admitted as evidence in the courts, and nothing more. Technically, there is a lot that can go wrong here, and the OM user is utterly dependent on the expertise of OM to configure his equipment correctly/securely without any real assurances they have done so. (After all, if you have the expertise to test the security of their equipment, then you probably are sufficiently competent to not really need what they are offering, yes?)

Personally, I think one remains better off--both legally and technically--using a proper email provider with servers located outside the country's borders. Preferably, a provider that has shown a genuine interest in the privacy of its users.

jxself
Hors ligne
A rejoint: 09/13/2010

Why run your own server? There are lots of reasons why someone might want to run their own server, but I think the important ones boil down to freedom, privacy, and autonomy. If you're not sure why you should run your own server, Eben Moglen does an excellent job of explaining why everyone should:

http://www.softwarefreedom.org/news/2010/feb/08/audio-and-video-eben-moglens-talk-freedom-cloud-no/

I recommend this recording to become familiar with the issues.

lynx
Hors ligne
A rejoint: 09/05/2015

Fascinating and lucid talk. Thank you for pointing it out!

But speaking of the trio of "freedom, privacy, and autonomy", it still is not evident to me how Own-Mailbox affords its owner/user more than perhaps a token degree of additional autonomy. Unlike the distributed/decentralized model promoted by the FreedomBox, there seems to be nothing particularly special about this box apart from the simple way it promises to be able to include non-gpg users in encrypted correspondence. (Which would be a cool trick!) The internet mail network employed seems to be exactly the same internet mail you know and love (whether encrypted or not), which means that the user/owner of an OM mail server remains just as marginalized as before in receiving mere copies of her mail data as the last delivery point in what is typically a chain of mail servers/relays. So unless I am misunderstanding something, it would seem to me that an OM user/owner's mail and metadata remains potentially just as easy to collect by intermediaries as it is now through a traditional non-OM mail service. Those logs & data, then, will remain out in the wild stored on x number of mail relays, existing outside said user's control. And the mail stored on your own OM server are almost undoubtedly not the only copies of that mail in existence. (Although GnuPG will hopefully render them permanently unreadable to third-parties, but this is not by any means unique to OM.) And accessing your private mail server from outside your LAN will remain just as UNprivate as it ever was.

In short, OM is a small step forward, perhaps, but it is by no means the decentralized model for mail that Mr. Moglen was talking about. It does not address most of "the issues."

jxself
Hors ligne
A rejoint: 09/13/2010

No, it doesn't change the fundamental nature of email. You can't do that without breaking email. The Freedombox that Eben was talking about could also very easily run an SMTP server too just as the OM does. That the OM is only intended for email and the Freedombox more general doesn't make it less good. At the same time nor do I say it's a magic bullet that magically solves all problems. To the extent that it helps people move their email off of third party services like Gmail with their "untouched by human hands semantic analysis of your email" as Eben put it (even if it's "just" one -- email) and back into people's home then that's good and helps with the issues Eben was talking of: Encouraging decentralization. Imagine that everyone is equivalent to their own mail server.

In short, it doesn't have to be a full solution in order to be supportive of it. Every little bit helps. :)

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

That little box is so cute and I want one right now!

That being said, whatever the provider, or even if it is self hosted, make sure you encrypt the mail on your computer and send it. That's all you need to make sure if you want privacy..

jxself
Hors ligne
A rejoint: 09/13/2010

This seems relevant: http://ebb.org/bkuhn/blog/2015/09/15/email.html

Start pushing back and using your own email servers!

IRC quote about the article: "It's been hard to express why email hosting has become so exhausting, and how frustrating that it is that we as a society could have let it get this bad... and to hand this much power away."