topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 8:17 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: For better security, maybe it's time to abandon e-mail?  (Read 27558 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
For better security, maybe it's time to abandon e-mail?
« on: December 21, 2014, 03:47 PM »
Interesting article by Jordan Pearson who argues that the time may have arrived where we need to seriously consider abandoning e-mail in favor of a 'designed to be secure from the ground up' chat paradigm. Food for thought. Even if chat isn't the answer, something seriously needs to be done about our present e-mail technology. Simply bolting encryption on after the fact is a stopgap "solution" at best.


The Biggest Lesson from the Sony Hack? We Need to Replace Email


by Jordan Pearson Contributor, Canada
December 19, 2014 // 03:50 PM EST


The most striking discovery of the Sony hack wasn’t that studio head Amy Pascal had an intensely personal meltdown or that the feds were collaborating with the company on the ending of The Interview—it was that all of these things existed together in one, utterly defenseless spot, just waiting to be hacked and leaked.

We use email for everything now: newsletters, professional collaboration, and jokes to grandma. But email wasn’t designed for the age of hackers that can—apparently, god help us—bend skittish corporations to their will.

It might be time to consider a world with less email, where secure chat apps that can send messages to each other rule online communication. Unless you want to leave a paper trail, that is. <more>

 8)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #1 on: December 21, 2014, 03:54 PM »
Bonus side effect: No spam!(?)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #2 on: December 21, 2014, 05:26 PM »
Yes. Email is broken. It was always broken. It was designed with small networks in mind, and not what we have now.

I used to rant about email being broken for many years, then gave up. But it's nice to see that some people are noticing just how broken it is.

Only something entirely new will work.

For something interesting to look at, check out Bitmessage.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #3 on: December 21, 2014, 06:27 PM »
Email addresses and email being used as the SOLE link for authentication -- no good.  An appropriate (devil is in the details) alternative would be welcome -- one that does not require the use of email for starters.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #4 on: December 22, 2014, 07:31 AM »
Well, email could be reasonably secure if everyone would take up the time to set up secure authentication in their email clients and use things like GPG to encrypt and digitally sign all correspondence.

However, we are a species who, generally speaking, didn't care we had flashing clocks on our VCRs for *years* so...none of what I just said is probably going to happen. :)

As for the replacement of email, though, text messaging has all but done that.

SeraphimLabs

  • Participant
  • Joined in 2012
  • *
  • Posts: 497
  • Be Ready
    • View Profile
    • SeraphimLabs
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #5 on: December 22, 2014, 07:59 AM »
Text messaging is just as insecure though, and ultimately no communications of that type is ever going to be secure because you can always compromise the device or compromise the server processing that information in order to see it anyway.

Probably the only thing I've seen out there remotely close to being secure and of similar functionality to email is in fact bitcoin, which allows you to attach a text message to a transaction that is encrypted as it is carried by the blockchain and is only viewable by the intended recipient.

But people are already worried about blockchain bloat, if you attached email's traffic volume to the blockchain the storage requirements would increase exponentially.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #6 on: December 22, 2014, 08:51 AM »
Thinking in terms of a decentralized non-logging P2P approach is a good start. It won't be totally secure since nothing really can be. But it can be made secure and difficult enough to capture that the cost-benefit ratio tilts in favor of letting something go unless dealing with a demonstrably "high value" target. At the very least it makes broad-sweep data gathering less attractive and far more costly in terms of storage and analysis. You can only raise taxes so much to fund a hopeless project. Even the U.S. military, who wrote the book on money pits, knows that. Merged with known strong encryption (if that means anything now - or will continue to mean much in the near future) makes it even more of a challenge to would be interceptors.

As far as "if people would just ______" I can only say: not gonna happen. And I'm enough an old-school computer guy that I was taught (and believe) that if it always needs to be done, a person shouldn't need to do it at all.

No-exceptions, boring, "always" is what we created machines for. Computers don't always handle exceptions well. But they're champs at mandatory and routine tasks. So lets let our software take care of the heavy lifting. Drudge work is what we originally built the little ogres for in the first place. (Who in their right mind wants to spend years of their limited lifetime calculating ballistics tables for field artillery no matter how good they are at math - or how much they enjoy it?) Let all those expensive chips we built keep busy instead of running endless NOPs when they don't have anything better to do than waste electricity and sit around waiting to be hacked.

Just my :two: for now. ("It's a 'three pipe' problem, Watson.")
 8)
« Last Edit: December 22, 2014, 05:59 PM by 40hz »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #7 on: December 22, 2014, 09:18 AM »
A secret is safe with three, if two are dead. This is the only thing that struck me regarding the Sony/Email fiasco.

The message format/fact that it was an Email is IMO irrelevant. Because... If there exists a document, that contains damning/damaging information - that you have within your power the option of destroying with impunity - what the hell did you save it for?!?

This to me is a people problem.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #8 on: December 22, 2014, 09:24 AM »
Probably the only thing I've seen out there remotely close to being secure and of similar functionality to email is in fact bitcoin, which allows you to attach a text message to a transaction that is encrypted as it is carried by the blockchain and is only viewable by the intended recipient.

But people are already worried about blockchain bloat, if you attached email's traffic volume to the blockchain the storage requirements would increase exponentially.

e.g. Bitmessage. :)

It's a start. Y'know... eating an elephant and all? NOM~! NOM~! :P


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #9 on: December 22, 2014, 09:41 AM »
As someone who *hates* chat and *hates* real-time communication (even text message/phone), as broken as e-mail is, the alternative solutions that are being proposed don't solve the same problem, IMO.

We use chat clients at work... and I ignore most communication over them unless it is appropriate for a real-time communication mechanism.  People tend to abuse the medium and just reach out with no consideration for what the person on the other end might be in the middle of with chat/phone anything real-time, I've found.  The thing I love about e-mail is the same thing I formerly loved about letter writing (and the reason I play PbEM instead of the more immediate roll20 and such), the act of formulating the response is a mental exercise.

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #10 on: December 22, 2014, 10:36 AM »
Thanks, wraith.  I'm glad to know I'm not the only one who feels this way.  :up:

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #11 on: December 22, 2014, 11:30 AM »
I don't care for chat either. It's easier to just pick up a phone AFAIC. I'm not afraid to actually talk to a live person. (My age must be showing. ;))

But in this scenario, I think "chat" is more a metaphor for the system-wide changes needed rather than an actual endorsement for chat technology.

Had e-mail been left using text, it wouldn't be much of an issue. But once it was web and script enabled "for your convenience and greater productivity" it became a ticking bomb. And a great target of opportunity since the underlying protocols were (as noted earlier) never designed to be secure - nor intended to be used in situation where security was a consideration. Apparently most people, businesses, and government agencies didn't get copied on that memo. And when you add in how sloppily coded most e-mail apps were coded, it was only a matter of time. Especially when they're capable of calling all these nifty black-box APIs and services that let them do more than just allow you to compose, edit, send, and read messages.

When you go Rube Goldberg, you get Rube Goldberg.

The important takeaway is that you need a decentralized message transport mechanism that has strong encryption and security coded in from the get go. That an an intrinsically more secure and better engineered protocol for it to run on top of. SMTP and POP ain't it. And IMAP is a central server approach that isn't any better when it comes to security concerns.

It's not so much we need to abandon e-mail. It's more that it's time we realize what we call e-mail is a lot more than just text messages. And it's time to get serious about it instead of limping along with an outdated and half-assed solution that is making more and more problems for all of us.

Again, this is just my :two:

(Add in that penny for your thoughts and we'll have a shiny nickle! ;D)

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #12 on: December 22, 2014, 11:30 AM »
most secure
Just don't communicate with anybody  ;)


40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #13 on: December 22, 2014, 11:33 AM »
@rg - LOL! That would certainly work for me. ;D ;D

Half the time I get into a 'discussion' these days I feel like I'm a character in this comic strip:

small_moon.png

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #14 on: December 22, 2014, 11:46 AM »
@40 - to respond to both of yours in a cheeky manner...

But... chat clients aren't text only anymore either.  So don't they have the same ticking bomb?

 ;D ;D ;D

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #15 on: December 22, 2014, 11:54 AM »
@Wraith - didn't I say "metaphore" earlier? ;D

I'm of the opinion we don't need something else. We need something new. 8)
« Last Edit: December 23, 2014, 07:51 AM by 40hz »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #16 on: December 22, 2014, 12:12 PM »
Just for conversation's sake... what would that look like from the abstract?  Maybe we can hash it out?  Any thoughts?

My requirements for adoption are simple.  Not real-time, and not brief form- though it would support almost real-time and brief form communications.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #17 on: December 22, 2014, 12:31 PM »
This to me is a people problem.

Absolutely. It always is.

Reduced to its essence, the main problem boils down to the fact there are basically three types of people in this context:

  • people who just want to use and enjoy their computers
  • people who want to sell these people software and services to run on their computers
  • and people who want to fuck with the people who use computers

None of that is going to go away.

But if we can curtail the range of motion and minimize the opportunities for harm from that third group, that's a decent enough win. And probably as good as it will ever get short of caving in and instituting a fully regulated and monitored global network. Which is a cure far worse than the disease. Especially now that we know our own governments are in the habit of straying more and more into that third group of people. So handing them the keys and absolute authority won't help matters. It will only make things worse by an order of magnitude.

But that's not to say we need to roll over and accept what we currently have as the way things are or need to be.

No system will likely ever be completely secure. But almost everything we're currently using could be made considerably more secure. Because we don't need a "perfect solution." A better one will more than do for starters - even if it doesn't catch all boundary cases.

Getting one user's data is probably not ever going to be completely preventable. But getting things to where obtaining one user's data no longer so easily allows you to use that subset to get at every other user's data certainly is. That's just employing better engineering. Like our electrical codes - they can't prevent every single fire or accident. But they do reduce the number of incidents to a very tiny statistical probability. Because they contribute to enforcing "known good" standards and "best" practices that minimize the damage when an incident actually does occur.

And that's good enough for day to day use AFAIC. :Thmbsup:

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #18 on: December 22, 2014, 12:42 PM »
Just for conversation's sake... what would that look like from the abstract?  Maybe we can hash it out?  Any thoughts?

My requirements for adoption are simple.  Not real-time, and not brief form- though it would support almost real-time and brief form communications.

So far we have:

  • not real-time - but timely
  • not restricted to brief form

I'll add:

  • fully decentralized - no persistent servers or trackers
  • non-logging protocol
  • encrypted end-to-end, with primary encryption done on the local machine -
    (note: additional encryption layers may also be added further down the chain)
  • some type of "trust" mechanism between peers to minimize risk of "man in the middle" attack vector
    which ideally would also serve to identify "poison" peers
  • mechanism to identify tampering attempts with messages
  • integral tombstone/self-destruct mechanism available for all messages with "delete after reading" as the default. "Save this message?" must be specifically invoked (a simple push button, check box, or right-click will do) for each message in order for it to be retained.
  • to preserve message store security, encryption is "always on." Messages are only in an unencrypted state when being displayed. Unopened messages are left encrypted. Saved messages are automatically re-encrypted on close. Deleted message are zero overwritten in background.


What else?

« Last Edit: December 22, 2014, 01:01 PM by 40hz »

SeraphimLabs

  • Participant
  • Joined in 2012
  • *
  • Posts: 497
  • Be Ready
    • View Profile
    • SeraphimLabs
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #19 on: December 22, 2014, 01:03 PM »
A secret is safe with three, if two are dead. This is the only thing that struck me regarding the Sony/Email fiasco.

The message format/fact that it was an Email is IMO irrelevant. Because... If there exists a document, that contains damning/damaging information - that you have within your power the option of destroying with impunity - what the hell did you save it for?!?

This to me is a people problem.

Its also a legal problem. Strictly speaking you are required by law to keep record somewhere somehow of all company internal written communications as much as is practical. At least in my understanding of business law anyway- I've seen quite a few cases where the courts order a company to present such.

Thus they were legally obligated to keep that information on record becase on the off chance they got investigated, it could be held as evidence in the courtroom and whoever was involved would be effectively screwed by the discovery of its contents.

All that happened here was that a hacker simply did without proper warrants what a courtroom could order if it suspected illegal activity happening under Sony's roof.

Even if it had been a message carried over the bitcoin blockchain, a hacker could have compromised the private key of an endpoint and still leaked that same message.

Just the nature of the beast- if it is connected to the internet, it is with certainty hackable.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #20 on: December 22, 2014, 01:21 PM »
ts also a legal problem. Strictly speaking you are required by law to keep record somewhere somehow of all company internal written communications as much as is practical. At least in my understanding of business law anyway- I've seen quite a few cases where the courts order a company to present such.

Thus they were legally obligated to keep that information on record becase on the off chance they got investigated, it could be held as evidence in the courtroom and whoever was involved would be effectively screwed by the discovery of its contents.

Depends on the jurisdiction I think. Here it only applies to "covered" communications. Many US corporations are now operating on a minimal retention policy. They only retain as much and as long as the law requires. With the exception of regulated securities-related communications; and tax documents and/or communications with government revenue services - which I have been told need to (or should be) be retained indefinitely.

Many companies have discovered that the old exhortation to "keep copies of everything to CYA" often backfires and makes much to be discovered in the event of a lawsuit or investigation.

There actually are recommended "retention schedules" issued by the government that cover most business documents and communications. Very few items on those schedules fall under the "retain indefinitely" category.

The trick is to religiously follow whatever schedule you adopt. If you claim you rigorously purge all internal memos every three years, you can't keep some and later destroy them if they're subpoenaed, citing your policy and stating they're "more than three years old." That's obstruction and destroying evidence. And it can also create the appearance your policy was specifically designed to impede and evade the law. Judges here don't usually like that very much.

My understanding is it's still a fairly open question here however. The current "best practice" to minimize "legal exposure" seems to be (got this from an attorney) to retain only what you absolutely must by law, and generally try to get rid of everything else as soon as is practically possible.

« Last Edit: December 22, 2014, 01:27 PM by 40hz »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #21 on: December 22, 2014, 01:58 PM »
Just the nature of the beast- if it is connected to the internet, it is with certainty hackable.

True. In a purely mathematical model. But there are possibilities for success, and there are likelihoods of success. To reduce the liklihood of success to the point of where it statistically borders on the impossible is certainly attainable. Single-use cypher pads have already come very close to that ideal.

Even if it had been a message carried over the bitcoin blockchain, a hacker could have compromised the private key of an endpoint and still leaked that same message.

Agree. The chain is only as strong as the weakest link. That's the real challenge here. How to make that weakest link incredibly strong.

I'm guessing some mechanism, whereby 'people' are removed from certain parts of the equation, is where it will need to go. With humans out of the picture in certain key areas, a major source of weakness is removed. It's no longer so much a "people problem" (i.e. insoluble) if there aren't people left in. QED.  ;)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #22 on: December 22, 2014, 04:39 PM »
What else?

How about an option to totally disable the receiver from saving the message?

"This message will self-destruct in 5 minutes" (or upon closing).

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #23 on: December 22, 2014, 05:32 PM »
What else?

How about an option to totally disable the receiver from saving the message?

"This message will self-destruct in 5 minutes" (or upon closing).

Sounds good. But in order to make it more equitable for both sides I'd like it more if such a message announced itself as being a read-once message and then ask the receiver if they wish to accept or reject that condition. That keeps everything on an opt-in basis. If the receiver accepts, it works as the sender specifies. If the receiver rejects that restriction, it bounces back to the sender with a notification that "the intended receiver of your message did not agree to your read-once provision and has elected not to receive your message as sent."

Sort of like what sometimes happens when you block your phone's caller-ID. Some phone numbers (mine for one) will play a message that says my phone does not accept calls from parties that have blocked their caller-ID. It then suggests the caller temporarily unblock their caller-ID and try again.

Opt-in combined with a non-confrontational and measured tit-for-tat game strategy! It's a very powerful and attractive concept once you start thinking along those lines. 8)

tft1.png
« Last Edit: December 22, 2014, 06:04 PM by 40hz »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: For better security, maybe it's time to abandon e-mail?
« Reply #24 on: December 22, 2014, 09:33 PM »
Opt-in combined with a non-confrontational and measured tit-for-tat game strategy! It's a very powerful and attractive concept once you start thinking along those lines. 8)

All very good points.  I'm assuming also that since media connects to an unknown resource, it would be media unfriendly?  And what about attachments and such?