Author Topic: For better security, maybe it's time to abandon e-mail? (Read 29851 times)

Stoic Joker · « **Reply #25 on:** December 23, 2014, 01:03 AM »

Depends on the jurisdiction I think. Here it only applies to "covered" communications. Many US corporations are now operating on a minimal retention policy. They only retain as much and as long as the law requires. With the exception of regulated securities-related communications; and tax documents and/or communications with government revenue services - which I have been told need to (or should be) be retained indefinitely.
-40hz (December 22, 2014, 01:21 PM)

BINGO!

Not to mention that legal issues are frequently exacerbated by excessive documentation. Like Sony who obviously could have massively benefited from a teensie bit more delete button action. Sure, it might piss a judge off a bit ...(if he knew about it)... But if there are no incriminating/scandalous records...then there's no reason to be talking to a judge.

You just need an established policy, that allows enough latitude, to let folks delete their junk mail ... Savvy??

app103 · « **Reply #26 on:** December 23, 2014, 05:01 AM »

Just for conversation's sake... what would that look like from the abstract? Maybe we can hash it out? Any thoughts?

My requirements for adoption are simple. Not real-time, and not brief form- though it would support almost real-time and brief form communications.
-wraith808 (December 22, 2014, 12:12 PM)

So far we have:

not real-time - but timely
not restricted to brief form

I'll add:

fully decentralized - no persistent servers or trackers
non-logging protocol
encrypted end-to-end, with primary encryption done on the local machine -
(note: additional encryption layers may also be added further down the chain)
some type of "trust" mechanism between peers to minimize risk of "man in the middle" attack vector
which ideally would also serve to identify "poison" peers
mechanism to identify tampering attempts with messages
integral tombstone/self-destruct mechanism available for all messages with "delete after reading" as the default. "Save this message?" must be specifically invoked (a simple push button, check box, or right-click will do) for each message in order for it to be retained.
to preserve message store security, encryption is "always on." Messages are only in an unencrypted state when being displayed. Unopened messages are left encrypted. Saved messages are automatically re-encrypted on close. Deleted message are zero overwritten in background.

What else?

-40hz (December 22, 2014, 12:42 PM)

What else?
-40hz (December 22, 2014, 12:42 PM)

How about an option to totally disable the receiver from saving the message?

"This message will self-destruct in 5 minutes" (or upon closing).
-Deozaan (December 22, 2014, 04:39 PM)

There goes most support desk software and the best monitoring & training mechanism for support desk personnel. Without being able to import requester messages into a system, pass those messages between agents, keep a permanent, searchable log of all incoming messages and their responses, tying those individual conversations to customer accounts, etc. a lot of what support desk agents do via things like Zendesk, will not be possible.

40hz · « **Reply #27 on:** December 23, 2014, 07:32 AM »

There goes most support desk software and the best monitoring & training mechanism for support desk personnel. Without being able to import requester messages into a system, pass those messages between agents, keep a permanent, searchable log of all incoming messages and their responses, tying those individual conversations to customer accounts, etc. a lot of what support desk agents do via things like Zendesk, will not be possible.
-app103 (December 23, 2014, 05:01 AM)

Very good point! But I think this may be an example of a boundary situation that wouldn't affect most users.

However...

In this scenario, I don't think it would be unreasonable for a tech support agent to briefly explain why a message would need to be retained - and request that the sender turn off any blocks on message retention. That's no different than "your call may be monitored" when doing it by phone.

You could also employ tit-for-tat (after briefly explaining why message retention is so important) by saying that the ability to retain and use the message to provide better quality service, now, and in the future is a condition of receiving tech support via e-mail. (Whether or not that's a genuinely valid argument I'll leave for another time. There's an awful lot of ingrained "we need to save everything" habits we're up against here. Just look at the NSA!) Doing it this way clearly defines and negotiates the "what" and "why" in an interaction. Something that is too often assumed - or decided unilaterally.

Most people (from my experience) are quite reasonable when given good reasons. The key factor here is "good reasons" rather than the more common and rather obnoxious: "I'm sorry you feel that way, but that's OUR policy!" sort of response we receive far too often. (note: while "Because I said so!" may be an appropriate response to a petulant child, it's a demeaning and insulting thing to say to the average adult. One way to reduce childish behavior is to stop treating adults like they're children. And to also stop acting like children ourselves.)

This sort of courtesy and rapid negotiation leaves both sides in control of how they want to handle their interaction. No different than how we do things F2F dozens of times a day. Why should e-mail or texting be any different? (note: This may also help reduce some of those Jekyl/Hyde behaviors some people display when communicating electronically.)

Opt-in plus tit-for-tat. It's a wonderful thing. Add in courtesy and we're setting the stage for a new Golden Age of e-communication.

40hz · « **Reply #28 on:** December 23, 2014, 07:53 AM »

Opt-in combined with a non-confrontational and measured tit-for-tat game strategy! It's a very powerful and attractive concept once you start thinking along those lines.
-40hz (December 22, 2014, 05:32 PM)

All very good points. I'm assuming also that since media connects to an unknown resource, it would be media unfriendly? And what about attachments and such?
-wraith808 (December 22, 2014, 09:33 PM)

Haven't a clue at this point. Anybody out there care to suggest something?

Innuendo · « **Reply #29 on:** December 23, 2014, 09:11 PM »

Text messaging is just as insecure though, and ultimately no communications of that type is ever going to be secure because you can always compromise the device or compromise the server processing that information in order to see it anyway.
-SeraphimLabs (December 22, 2014, 07:59 AM)

Just to clarify the point I was trying to make....Yes, text messaging is just as insecure, if not more so. The general public at large does not care about privacy or security on any large scale at all. I could detail a laundry list of thing that people do every single day without giving a second thought to the security and privacy they are giving up.

People don't care until something happens that personally affects them in an adverse way.

40hz · « **Reply #30 on:** December 23, 2014, 10:06 PM »

Just to clarify a few of my earlier points:

"Chat" or "text" is being used more as a metaphor; or an exhortation to do things differently. It's not an argument that adapting chat or text is the only - or even a desirable approach to take to fix the problem.
We need to think outside the box here. We don't want something else. We need something new.

40hz · « **Reply #31 on:** December 23, 2014, 10:18 PM »

The general public at large does not care about privacy or security on any large scale at all.
-Innuendo (December 23, 2014, 09:11 PM)

Nor should they have to IMHO. That's what responsible professionals in our field exist for.

People don't care until something happens that personally affects them in an adverse way.
-Innuendo (December 23, 2014, 09:11 PM)

See above.

I could detail a laundry list of thing that people do every single day without giving a second thought to the security and privacy they are giving up.
-Innuendo (December 23, 2014, 09:11 PM)

To be honest, that's their prerogative. We attempt to educate as best we can. If we warn, and we're ignored, that's the limit of the responsibilities we can be expected to assume. After that, since we're professionals, it's just more billable time for us.

But we're not out to save the world here. Nor are we trying to come up with the "perfect" solution. We're just looking to make things significantly better than they are now. "Pretty good" will do for a start.

Shades · « **Reply #32 on:** December 24, 2014, 06:35 AM »

Google Wave was a (half-hearted) attempt. And it got got flamed down, before it even got a chance to come to fruition.

As it was in development still, encryption could have been a building block, instead of a bolted-on thing for almost all other forms of communication.

40hz · « **Reply #33 on:** December 24, 2014, 06:57 AM »

Google Wave was a (half-hearted) attempt. And it got got flamed down, before it even got a chance to come to fruition.
-Shades (December 24, 2014, 06:35 AM)

In fairness, Waves (like Chandler) struck me as fairly half-baked concept that was rather vague about exactly what it was supposed to be. And both Products included "features" and requirements that the users had made clear they didn't care for. Those objections from the users were mostly ignored since the devs too obviously had their own agenda.

So much for opt-in and tit-for-tat, right? That's a sure formula for failure with something that requires hordes of enthusiastic supporters to be successful.

Shades · « **Reply #34 on:** December 24, 2014, 08:56 AM »

Granted, I went along with the promise from Wave at that time.

Being vague didn't help their cause, but I didn't think they expected the back-fire it got. Most people are quite entrenched on the tools and software they already have (learned to use).

Getting people out of that way of thinking and into another, safer way of communicating...without an already existing, somewhat useable concept in front of their noses? Good luck with that.

With hindsight 20/20, I agree Wave wasn't the answer and tried to do too much. However, the idea remains (in my head at least) that with more time, something could have spun off that base/concept with a better chance of adoption as a more secure communication environment.

Getting things (exactly) right the first time around is not easy and it will surely fail without a chance to evolve. So what if it didn't do things better than existing solutions. It was a fresh code base that arguably is easier to protect than all other products from different creators, each with different kinds of "baggage" regarding backwards compatibility, coding standards, protocols, etc.

Just sayin'.

Then again, 2009/2010 was not that long ago, but it feels like it was a different time then.

Innuendo · « **Reply #35 on:** December 24, 2014, 09:03 AM »

Nor should they have to IMHO. That's what responsible professionals in our field exist for.
-40hz (December 23, 2014, 10:18 PM)

Unfortunately, people have evolved to the point where they are much akin to electricity in that they will always take the path of least resistance. Until the 'responsible professionals in our field' can come up with something new while at the same time come up with something that makes every insecure method more inconvenient for the end users that will cause them to jump ship to the new method, nothing will change.

It doesn't help that most attempts at making things more secure, but easier to use for the end user usually end in disaster. WPS stands as a shining example of that. It was implemented as a way for end users to have a secure home network without having to worry about long passkeys. Of course, it didn't take long for the 'bad people' to find vulnerabilities in WPS which has prompted everyone with half a brain to recommend turning that feature off when you configure your router.

Unfortunately, for all, everyone without half a brain vastly outnumbers those who do and they merrily continue to use vulnerable implementations because people would rather have easy than secure.

Just look at SnapChat. One of the most insecure programs in the history of computing run by a company who simply does not care about the security vulnerabilities in their product and yet there is no sign of SnapChat's popularity waning. An endless string of security professionals *and* media outlets have reported that it is insecure and vulnerable to hacking. The general public have declared they do not care and continue to use it.

Any solution that requires downloading, installing, and/or configuring something that just provides a secure method of something that's already installed on people's PCs or devices is doomed to failure out of the gate.

I admire the intent of this thread & have often wished for the same, but the idiocracy has spoken.

wraith808 · « **Reply #36 on:** December 24, 2014, 10:35 AM »

Google Wave was a (half-hearted) attempt. And it got got flamed down, before it even got a chance to come to fruition.

As it was in development still, encryption could have been a building block, instead of a bolted-on thing for almost all other forms of communication.
-Shades (December 24, 2014, 06:35 AM)

Knotable is wave like, but also interacts with e-mail. And I still haven't found as much of a way to use it as e-mail.

40hz · « **Reply #37 on:** December 24, 2014, 11:19 AM »

I admire the intent of this thread & have often wished for the same, but the idiocracy has spoken.
-Innuendo (December 24, 2014, 09:03 AM)

That remains to be seen I think. My great grandfather felt the same way about telephones. Why would anybody in their right mind want to talk into a piece of unsanitary plastic when they could just send someone a nicely written letter through a perfectly good postal system for one one-hundredth the cost?

He was firmly convinced phones were just a passing fad. And he never willingly used one, even though he did on rare occasion. My family just smiled at "Grandpa Roy" and called him on the phone if we were in a hurry - or sent him a nice note through the mail if we weren't.

My feeling is it doesn't make sense to let ourselves get bogged down with those who are happy with what they've got for whatever reason.

It's important to remember we're designing this sort of thing primarily for us and for our needs. If there's enough who truly want it - and it actually does what it's intended to do - there will be more than enough critical mass to make it happen.

Just look at e-mail and the Internet. They were once the exclusive playground of the "cool kids." These proto-geeks felt it was all much too complex for the average person to ever use. Then along came AOL and Tim Berners-Lee.

As I said earlier, one key requirement is that we let our machines handle the grunt routine tasks and do the heavy lifting. That frees us up to do the things we non-machines are better suited for.

Or so it seems to me.

Stoic Joker · « **Reply #38 on:** December 24, 2014, 12:45 PM »

Unfortunately, people have evolved to the point where they are much akin to electricity in that they will always take the path of least resistance.
-Innuendo (December 24, 2014, 09:03 AM)

This IMO is indeed the crux of the problem.

Until the 'responsible professionals in our field' can come up with something new while at the same time come up with something that makes every insecure method more inconvenient for the end users that will cause them to jump ship to the new method, nothing will change.
-Innuendo (December 24, 2014, 09:03 AM)

Okay, this part made me giggle. Not because it's wrong...because it isn't. But because of the above stated issue ... People are lazy. The classic AOL class End (L)user wants to simply click on the magical 'Deliver me from all evil nastiness that is or will ever be' button one time when the computer comes out of the box. ...And then that should - and is to must be - the absolute complete and most utterly totally impenetrable shield of magical protection that is defended by winged demon monkeys that instantly fly to the rescue while they blindly click on any and every idiotic god damn thing that flies across the screen.

I'm on vacation ... But never the less I get an email from the brass who's in panic mode because of some browser window that appeared making them think someone else was looking up stuff on their workstation. My "responsible professional' response... was simply to state that this is why it is recommended to lock a station before walking away from it so we don't ever need to have conversations like this. It ain't like I haven't mentioned this little nuance like 14,000 times in the past ...(high-five for guessing why)... Derp!

Security is something that is practiced. It cannot be installed, or baked in to any degree of absolution (pun intended). Computers will never be totally secure, for the same reason that the roads will never be perfectly safe. Because no matter how much protection you build into the vehicle, you still can't compensate for the fact that the pilot is freaking stupid.

TaoPhoenix · « **Reply #39 on:** December 24, 2014, 12:52 PM »

Thinking in terms of a decentralized non-logging P2P approach is a good start. It won't be totally secure since nothing really can be. But it can be made secure and difficult enough to capture that the cost-benefit ratio tilts in favor of letting something go unless dealing with a demonstrably "high value" target. At the very least it makes broad-sweep data gathering less attractive and far more costly in terms of storage and analysis. You can only raise taxes so much to fund a hopeless project. Even the U.S. military, who wrote the book on money pits, knows that. Merged with known strong encryption (if that means anything now - or will continue to mean much in the near future) makes it even more of a challenge to would be interceptors.

As far as "if people would just ______" I can only say: not gonna happen. And I'm enough an old-school computer guy that I was taught (and believe) that if it always needs to be done, a person shouldn't need to do it at all.

No-exceptions, boring, "always" is what we created machines for. Computers don't always handle exceptions well. But they're champs at mandatory and routine tasks. So lets let our software take care of the heavy lifting. Drudge work is what we originally built the little ogres for in the first place. (Who in their right mind wants to spend years of their limited lifetime calculating ballistics tables for field artillery no matter how good they are at math - or how much they enjoy it?) Let all those expensive chips we built keep busy instead of running endless NOPs when they don't have anything better to do than waste electricity and sit around waiting to be hacked.

Just my for now. ("It's a 'three pipe' problem, Watson.")

-40hz (December 22, 2014, 08:51 AM)

I'm a good test case. I admit I am as lazy as the rest of them, and 20% as ignorant. If you ran one of those "biased" surveys, ~~no one~~ very (very) few people would gleefully want all their email to be had by hackers. (Rule ___ : The minute you say no one wants X, someone in the four billion plus people online wants that, for wonderfully obscure reasons!)

So what I'd like to see for example is something like a plugin to _____ so that I log into my Yahoo mail and it looks just fine on my end, and all mail I get looks just fine, but it is somehow encrypted and all that behind the scenes, with nothing much harder than installing a Firefox/clone plugin.

Innuendo · « **Reply #40 on:** December 24, 2014, 07:39 PM »

My great grandfather felt the same way about telephones. Why would anybody in their right mind want to talk into a piece of unsanitary plastic when they could just send someone a nicely written letter through a perfectly good postal system for one one-hundredth the cost?
-40hz (December 24, 2014, 11:19 AM)

Again, 40hz, it's the path of least resistance. Why sit down, compose your thoughts, put them to paper, find an envelope, purchase postage, and drop it in a mailbox to await days (weeks?) for a reply when you can just pick up a piece of plastic and have instant gratification?

People want what they want straight away and want to put forth the least amount of effort to achieve that goal.

40hz · « **Reply #41 on:** December 24, 2014, 07:55 PM »

People want what they want straight away and want to put forth the least amount of effort to achieve that goal.
-Innuendo (December 24, 2014, 07:39 PM)

I'm not sure that’s universally true. For a lot of people, the journey itself is the reward rather than the destination. And many people would rather "do it right" than merely "do it right now."

My experience is that most non-technical people simply use what's available. Not something they actually like - or think is good.

40hz · « **Reply #42 on:** December 27, 2014, 10:30 AM »

One offering that is attempting to shake up the whole team communication/sharing formula is something called Slack. Their security policy is a good first step in the right direction for this sort of endeavor.

Slack isn't the complete solution by any stretch. But I think it is something to look at, think about, and possibly learn and borrow from.

Onward!

Innuendo · « **Reply #43 on:** December 27, 2014, 07:05 PM »

I'm not sure that’s universally true. For a lot of people, the journey itself is the reward rather than the destination. And many people would rather "do it right" than merely "do it right now."
-40hz (December 24, 2014, 07:55 PM)

No, of course that's not universally true. I did qualify my statements at the beginning by saying 'generally speaking'. There are always people that rise to the top, but there are always people who sink to the bottom as well.

40hz · « **Reply #44 on:** December 29, 2014, 07:36 AM »

I'm not sure that’s universally true. For a lot of people, the journey itself is the reward rather than the destination. And many people would rather "do it right" than merely "do it right now."
-40hz (December 24, 2014, 07:55 PM)

No, of course that's not universally true. I did qualify my statements at the beginning by saying 'generally speaking'. There are always people that rise to the top, but there are always people who sink to the bottom as well.

-Innuendo (December 27, 2014, 07:05 PM)

Understood. But if things get bogged down too much in an orgy of mocking and blaming the endusers, it becomes a distraction from what you're trying to accomplish. Perhaps there's ultimately nothing to be done because of user behavior. (Which I disagree with btw.) But I'd prefer to empirically determine that's the case rather than accept it as a given. There's a little too much smug and self-serving assumption in doing that for either my taste or experience.

Behavioral psychologist B.F. Skinner made an interesting point in his novel Walden Two. When the lead character Frazier was asked what did the community planned on doing to deal with members who didn't embrace the community's ideals or plan he replied: What do you do with a mare that you can't socialize? Let her run until she drops. In the meantime, lets see what we can do with her lovely little colt. That (IMO) was the only truly profound insight to be found in Skinner's otherwise highly flawed concept for a community.

You'll always have some (or more) who don't want to know - or learn. But they seldom constitute the majority of your target demographic. And I don't think they do here. Besides, we're not looking for the 'perfect solution' that will handle all eventualities. We're only looking for something else that's significantly better than what we have, and how we're doing it now.

That's not an impossible goal.

Renegade · « **Reply #45 on:** January 06, 2015, 05:52 PM »

Ick... IoT is going to be a dystopian nightmare. Has good applications? Sure? Has bad applications? Yup - and they're going to be at the forefront of reality.

In other news, Phil, Jon, Mike, and Ladar:

http://arstechnica.c...l-secure-by-default/

Ladar Levison is probably most well-known to Ars readers as the founder of the secure e-mail service Lavabit, which he shut down in mid-2013 in an effort to avoid being forced to comply with a US government demand to turn over users’ e-mails. But his latest project is a lot grander in scope than a single hosted e-mail service: Levison is attempting, with the aid of some fellow crypto-minded developers, to change e-mail at large and build encryption into its fundamental nature.

As one of the members of the Darkmail Technical Alliance, Levison—along with Jon Callas, Mike Janke, and PGP designer Phil Zimmermann—is working on a project collectively referred to as DIME, the Dark Internet Mail Environment. DIME will eventually take the form of a drop-in replacement for existing e-mail servers that will be able to use DMTP (the Dark Mail Transfer Protocol) and DMAP (Dark Mail Access Protocol) to encrypt e-mails by default.

More at the link.

http://darkmail.info

Best of wishes to them with that.

Shades · « **Reply #46 on:** January 06, 2015, 07:22 PM »

Looks like we need to look for some obituaries soon...

TaoPhoenix · « **Reply #47 on:** January 06, 2015, 07:58 PM »

Internet of Things makes me think of and want to write a couple stories about a "sideways singularity" - not that any one bot is "smarter" than people, but *everything* is a quarter as smart as an "average" person in a lopsided computer way.

So we'll treat it as just fine and ho-hum that my apartment plays a mean game of chess, manages my music and suggests new songs once in a while, has the hots for Stephen's garden shed, and is an active member of a charity that keeps up with pen pal printers in Ghana.

40hz · « **Reply #48 on:** January 06, 2015, 08:25 PM »

IoT is going to be a dystopian nightmare.
-Renegade (January 06, 2015, 05:52 PM)

Yes.

Renegade · « **Reply #49 on:** January 07, 2015, 01:53 AM »

Looks like we need to look for some obituaries soon...
-Shades (January 06, 2015, 07:22 PM)

Could be. But they'll just be accidents, like straight-laced Michael Hastings -- who didn't drink, do drugs or jaywalk, but one day decided on a nice high-speed collision with a tree - and then a couple months later hackers demonstrated how to remote control cars like Mike's, or suicides, like Gary Webb -- who shot himself in the head - twice.