In this and two following articles I'd like to take a look at three different areas of personal data storage, how I see a majority of people handling these three issues and what my personal theoretical approaches regarding them is. This is going to be purely about data storage and security, not transport security, which is another topic on its own.
The questions mainly are:
First of all, the three distinctions of data storage I'd like to make, and also how I'm splitting the articles, are the following:
Let's start with email storage. Where are your emails stored? The vast majority of Internet users have an email account with one of the big free email providers or they might have an account that is provided by their Internet Service Provider (ISP). Maybe you even use some shared web hosting somewhere which comes with shared email servers. Whichever of these is the case: your emails are effectively stored with a third party, an ISP that is not you.
Let me ask you this: where is your mail stored? And by mail I actually refer to physical mail: letters. Where are they received? Surely you have a mailbox at your home, or you might have a post-office (PO) box. Most likely you'll be receiving your mail at your mailbox in front of your house and then store it safely inside your home. Would you want your letters to be sent to a third-party that is sending you a copy but also storing all your letters within their own house? Probably not.
I believe we have a major misunderstanding how we are treating Email currently. We are giving away our email data to big companies that make a living with it (among with other services). Always keep in mind that you're most likely not the customer when using a free service, you might be the actual product. If events in the last years regarding the NSA and Edward Snowden have shown us anything, it's that our data stored at big ISPs is most likely easily accessible by governments.
Instead of using such a centralized infrastructure, we should be decentralizing Email in the same way our usual mail system works. When you go back looking at the development of email, it actually was meant to be exactly like that.
My suggestion for email therefore is this:
This just a very brief overview of why I suggest hosting your own email server. There are lots of other things to consider and running an email server is by no means an easy task, I understand that.
As a concluding suggestion, I'd like to introduce the website PRISM Break which lists free and open alternatives for all kinds of proprietary and closed solutions. Specifically for mail servers: PRISM Break Mail Servers
In my next article I'll be taking a look at preference storage, where to save application preferences, what to do with browser syncing and phone syncing.
Article NSA parody logo cc by EFF. Article title in reference to "All your base are belong to us".
This article is a follow up to Germany's E-Pestbeef. I suggest reading that in case you haven't already.
I found a flyer for Deutsche Post AG's E-Postbrief in my mailbox the other day. I've found some of those there before but always tossed them immediately (with the rest of the advertisement crap I don't need). This time I actually went through it however. The idea was to have a laugh. Instead I ended up raging.
It is just ridiculous what claims they make in there. What upsets me the most is how they try to deceive normal people who have no clue about the matter into registering and using their "secure" system. I will comment on some quotes taken from the flyer. The original quotes are in German and I will include them in brackets after the translated quote. Let's take a look:
"Conventional emails are too insecure - you never know who else might be reading. Michael's solution: the E-Postbrief." ("Einfache E-Mails sind zu unsicher - da weiß man nie, wer alles mitliest. Michaels Lösung: der E-Postbrief.") - Aktuelles zum E-Postbrief 12/2011 page 8
So conventional emails are not as secure as the E-Postbrief. I beg to differ. First of all it depends on how you define "conventional email".
Let's say "conventional email" means unencrypted emails then I'd say conventional emails and E-Postbrief are pretty much on the same level. Yes, E-Postbrief uses encryption. But what encryption? We don't know.
Who encrypted it? Not you.
Update: Actually this wasn't quite correct to prove my point. It's more like: Who decrypts it? Not you, they decrypt it for you on their system.
Meaning: a third party being not you nor the recipient knows how to decrypt the message. Insecure crap.
Let's say "conventional email" means an encrypted email with GPG/PGP. You created your key, the recipient created their key, there is no third party involved. The message has been encrypted with well known and proven security standards.
Which would you choose now? Of course they're not telling you that, though. This is exactly what makes me rage: they're telling people their system is secure and some who don't really know a lot about the matter will believe and trust them. However in reality their system is NOT secure at all. It's a freaking lie.
"Your documents are stored permanently and securely like in a giant safe at www.epost.de." ("Ihre Unterlagen sind bei www.epost.de wie in einem riesigen Safe dauerhaft und sicher abgelegt.") - Aktuelles zum E-Postbrief 12/2011 page 5
Yes, permanently alright. Since once you delete something it actually is not deleted. Securely, huh? Let's see...
"The high quality and security standard of the E-Postbrief platform is even approved and certified by TÜV." ("Der hohe Qualitäts- und Sicherheitsstandard der E-Postbrief-Plattform ist sogar vom TÜV bestätigt und zertifiziert.") - Aktuelles zum E-Postbrief 12/2011 page 5
This one actually makes me laugh and die a bit inside. Security certified by TÜV. Want to know software that has also been certified by TÜV?
Internet Explorer 8 and Internet Explorer 9 (OMFG, are those spaces in the URL?)
What a guarantee for security and quality! Trollolololol.
DON'T USE THIS SERVICE. I can't say it often enough. It is NOT secure, it is NOT private, it's all a big freaking lie.
Also have a look at this nice list of companies who apparently seem to be as incompetent as Deutsche Post AG (since they are all already using and supporting E-Postbrief).
At least they're maintaining a handy blacklist. Vote with your wallet.
Note: Due to copyright I'm not publishing the whole flyer on here. I have a copy however, in case you want to have a look at it, simply contact me.
First of all, what's "E-Postbrief" supposed to mean? The "E" stands for electronic, just like when talking about conventional emails. I was wondering how to translate "Postbrief" so I consulted a dictionary to help me out:
E = electronic
Post = mail
Brief = letter
So, that would make it "electronic mail letter". Awesome.
Now, what's the difference between a conventional email and this new E-Postbrief? You can send usual letters with it, either completely electronic (should your second party also use E-Postbrief) or have them printed and sent as a normal, written letter. Both options cost a minimum of 0,55€ though. Also the electronic delivery is limited to a size of max. 20MB. The idea is to have an email with legal ground, which is legally binding, so you can get doctor's bills, etc. via E-Postbrief and save them digitally instead of having to deal with printed letters.
My first thought: Hell no, I'm not going to pay 0,55€ for each mail. But really, that's still the least of my concerns with this service.
Because what I didn't mention so far: the service is supposed to be secure and encrypted!
And how does that work? Well, not with your own public and private keys like PGP or GPG, that's for sure. Instead, it's made simple for the average citizen. That is: Deutsche Post AG is doing all the work for you. They encrypt and decrypt everything for you. Anybody else noticing this weird smell?
In case you're at least wondering what encryption algorithms they're using, well, you won't know. Because they're not telling.
Security through obscurity. Except that this pretty much equals having no security at all.
Also they claim that it's "not possible" for Deutsche Post employees to read any E-Postbrief saved in your account. The second sentence corrects that down in a way though by saying it's secured against access by "unauthorized" people. Who is authorized?
In case you're still not convinced that this is some utter insecure crap, by accepting the terms of services you agree that Deutsche Post may forward your mails (unencrypted!) to law enforcement agencies in case public security is being endangered. (aka terrori- ohshit, I'm scared.) (9. 9(3))
Did I mention your emails are mirrored and not deleted once you delete them? Yes, that's right, they'll only be deleted after an unspecified period of time. You may not see them anymore in your inbox but they're still there. That's of course just because you might delete something by accident. (2. 2(5))
Because of all the criticism, Deutsche Post added a service so you can generate your own private key and a signature. Funny though: they claim this key is only accessible to you, but who guarantees that? The key is generated on their servers, you simply download it from them. The only way to have a real secure private key is by generating it on your own machine, not anywhere else.
I only raise one question: When they reserve the right to forward mails to law enforcement agencies in an unencrypted format, how is it not possible for any employee to read mails? They have the ability to decrypt them, they have the ability to forward them, but they don't have the ability to read them? Blind employees, the security concept of the future. Germany's always one step ahead.
So, to recap these awesome features of E-Postbrief: Costs money, insecure, totally unnecessary, insecure, did I mention insecure already?
Leave it, don't use it, is my suggestion. Stick to GPG/PGP and once again: Stay private.