45

As someone who has read plenty of discussions about email security (some of them in this very community), including all kind of stuff (from the company groupie to tinfoil-hat conspiracy theories), I have decided to put ~~too many hours~~ some time to discuss the different threat models for email setups, including the basic most people have, the "secure email provider" one (e.g., Protonmail) and the "I use ~~arch~~ PGP manually BTW".

Jokes aside, I hope that it provides an overview comprehensive and - I don't want to say objective, but at least rational - enough so that everyone can draw their own conclusion, while also showing how certain "radical" arguments that I have seen in the past are relatively shortsighted.

The tl;dr is that email is generally not a great solution when talking about security. Depending on your risk profile, using a secure email provider may be the best compromise between realistic security and usability, while if you really have serious security needs, you probably shouldn't use emails, but if you do then a custom setup is your best choice.

Cheers

all 22 comments
sorted by: hot top controversial new old
[-] cygnus@lemmy.ca 7 points 2 months ago

Nice post. My two cents:

  • Can you make the images clickable? They're impossible to read at that size.
  • This paragraph should probably mention that this won't work if the provider uses E2EE: "Using secure email providers means that a lot of trust is placed into the provider itself. A failure or a breach of the provider can result in the content of your emails being disclosed, which means you should choose a provider you trust, ideally with a good track record and some formal certifications that attest at least basic security. However, the attacks that are specific to this setup are complex and expensive. Unless you are a high profile target, it's very unlikely they will ever be relevant to you."
[-] loudwhisper@infosec.pub 3 points 2 months ago

Thanks!

Can you make the images clickable? They’re impossible to read at that size.

I will look into it, there might be a zola option for it. If there is, sure!

This paragraph should probably mention that this won’t work if the provider uses E2EE

That paragraph is in the context of what I call "transparent encryption", which means E2EE works until the provider is not compromised and the E2EE is effectively broken by delivering malicious software or disclosing the key. E2EE is as resilient as the security of the provider, which is why picking a trusted one is important. Of course, compromising the provider and breaking the E2EE is quite complex.

[-] cygnus@lemmy.ca 2 points 2 months ago

I suppose, but is there any documented occurrence of that? It seems like a whole stack of what-if scenarios required for that to happen. At that point you should be more concerned with someone beating your password out of you.

[-] loudwhisper@infosec.pub 3 points 2 months ago

Not that I know, which is the reason why I essentially didn't consider those threats relevant for my personal threat model. However, it's also possible it happened and it was never discovered. The point is that there are risks associated with having the same provider having access to both the emails (and the operations around them) and the keys/crypto operations.

The cost of stealthily compromising a secure email company is simply disproportionate compared to the gain from accessing my emails. Likewise, it's unrealistic to think some sophisticated attacker would target me specifically to the point that they will discover and then compromise the specific tooling I am using to access/encrypt/decrypt emails. Also, a $5 wrench could probably achieve the same goal in a quicker and cheaper way.

If I were a Snowden-level person, I would probably consider that though, as it's possible that the US government would try to coerce -say- Proton in serving bad JS code to user X. For most people I argue these are theoretical attacks that do not pose concrete risk.

[-] slice@feddit.org 4 points 2 months ago

Thanks for all the effort. Looks really nice :)

[-] loudwhisper@infosec.pub 2 points 2 months ago

Thanks a lot! Hopefully at least someone finds it helpful!

[-] sugar_in_your_tea@sh.itjust.works 3 points 2 months ago

At the end you ask people to email you, but after just talking about PGP, you don't provide a PGP key for people to use when they email you.

[-] loudwhisper@infosec.pub 1 points 2 months ago

Yep, I am aware of the contradiction. I used to, but since then I moved to an alias as it was not worth wasting a domain for a single address. I may spend eventually the time to setup PGP for the alias itself, but I just didn't. It's a Proton alias, so I get anyway PGP encryption, though (obviously without all the features, but good enough for the near-zero volume I currently have).

[-] sugar_in_your_tea@sh.itjust.works 1 points 2 months ago

It’s a Proton alias, so I get anyway PGP encryption

That's only true if you're talking to other Proton users. Proton does encrypt emails at rest, but that's basically the same as TLS + trusted server. Whether they use PGP on the BE or not is irrelevant.

Publishing your PGP public key next to your email doesn't require "wasting a domain" or anything like that, it merely gives others an option to contact you w/ PGP encryption. Since you already get near-zero volume, you probably would get even nearer-zero PGP volume (the few that would email you probably won't bother using your PGP key), but it would at least show that you're open to E2EE. You can even generate a special key that's only used publicly, and Proton should handle decryption automatically for you.

Anyway, I'm part of that group that probably wouldn't bother using your PGP key anyway, I just thought it was amusing that you didn't seem to actually follow your own advice. Perhaps that's just more evidence that email should simply be avoided.

[-] loudwhisper@infosec.pub 1 points 2 months ago

With Simplelogin integration Proton does PGP encryption because effectively all emails are forwarded by a simplelogin address. I have just tested to be sure, and I can confirm it is the case. I agree though that this only protects "my side", which is why I said that it doesn't provide all the PGP features.

Publishing your PGP public key next to your email doesn’t require “wasting a domain” or anything like that

It does if I don't have any key that I use for emails. My key(s) is bound to the Proton account with the other domains I use, so for this domain I would need to either add it (back) to Proton (easier option, but "wastes" a domain) or just generate and manage a key myself, that I can then even add manually to Proton, but I didn't bother doing this just yet. I am not going to use any other public key I have because I wanted specifically to keep this domain separated from my identity.

I just thought it was amusing that you didn’t seem to actually follow your own advice.

FWIW, I do follow the described setup for everything personal, which is what matters to me. As I said, ~1/2 months ago I did have my PGP key because I enrolled the domain into Proton, which if anything is a testament to how annoying it is having to manage keys myself (which I already do for signing commits etc.). Maybe I will spend some time to polish the setup, eventually.

[-] sugar_in_your_tea@sh.itjust.works 1 points 2 months ago

Ah, I thought this redirected to your Proton account.

No worries, PGP is hardly necessary for random emails from random people. If they really want to start an E2EE conversation w/ you, they can always just ping you asking for it before getting into specifics.

[-] hades@lemm.ee 2 points 2 months ago

Nice article!

You seem to be missing the word "by" in the table introducing threat T04. Also, the threat summary table uses ✅ and ❌ in a way that was counterintuitive to me: initially I thought ✅ meant the encryption approach protects against the threat.

A bigger issue IMO is how you describe email encryption in transit as a matter of fact, but according to Google transparency report[1] there are still domains that do not support in transit encryption, and, what's worse, when you send an email you can't tell if it will be encrypted or not.

[1] https://transparencyreport.google.com/safer-email/overview?hl=en

[-] loudwhisper@infosec.pub 2 points 2 months ago

Thanks, I will go and double check, I am sure there are more typos!

I honestly didn't think at all about the use of checkmarks/crosses and the fact that it can be misinterpreted, I will add a disclaimer.

A bigger issue IMO is how you describe email encryption in transit as a matter of fact, but according to Google transparency report[1] there are still domains that do not support in transit encryption, and, what’s worse, when you send an email you can’t tell if it will be encrypted or not.

you are right. The reason why I took that for granted is because I assumed the scenario in which people use the "mainstream" providers. I was looking at data and I think Outlook and Gmail alone make up more than 50% of the market share. I made an assumption which I considered fair, as 99%+ of the users do not need to worry about this at all. However, this is interesting data and I might add a note about it as well, so thanks!

[-] wazoobonkerbrain@lemmy.world 1 points 2 months ago

An attempt to a comprehensive threat model for emails

That's the subtitle, is it missing a word?

[-] loudwhisper@infosec.pub 2 points 2 months ago

I don't think so, does it sound weird? Not a native speaker, so maybe it does :)

[-] sugar_in_your_tea@sh.itjust.works 2 points 2 months ago* (last edited 2 months ago)

It would sound better as one of the following:

  • An attempt at a comprehensive...
  • An attempt to create a comprehensive...

I don't think it's grammatically incorrect (native speaker, but not a grammar expert), it just sounds odd.

[-] wazoobonkerbrain@lemmy.world 2 points 2 months ago

I considered recommending "attempt at" but "an attempt at a model" still sounds weird. OP went with "to create" which sounds better 🙂

[-] wazoobonkerbrain@lemmy.world 1 points 2 months ago

It does. How about

An attempt to summarize a comprehensive threat model for emails

Or, in place of summarize - define, or outline?

[-] loudwhisper@infosec.pub 3 points 2 months ago

Thanks, I have taken @sugar_in_your_tea@sh.itjust.works's suggestion and I have added "create".

[-] wazoobonkerbrain@lemmy.world 1 points 2 months ago

Aw how come you always take his ideas instead of mine it's not fair

[-] loudwhisper@infosec.pub 2 points 2 months ago

Sorry about that :) But you get the credit for spotting the problem! Thanks for that!

this post was submitted on 24 Aug 2024
45 points (95.9% liked)

Technology

59174 readers
2111 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS