- ProtonMail is a new email service that is developed by a team of scientists working at the European Center for Nuclear Research (CERN) in Geneva, Switzerland. Our goal is simple: we want to protect people around the world from the mass surveillance that is currently being perpetrated by governments and corporations around the world.
I contributed to https://www.mailpile.is/ and am hopeful for this sort of encryption to become ubiquitous. I wont go so far to say that relying on SSL over https to protect data is dangerous, but I will say that client side encryption of email is much less vulnerable to attack.
I was able to sit in on a talk about the basics of cryptography every programmer should know and they explained some of the vulnerabilities of SSL over https which I never realized.
Can someone explain to me how the NSA wouldn't be able to access a person's mail? Seems like, considering the number of CAs they have access to, they could just do a man in the middle attack, even if the connection is over HTTPS, and replace the client-side JS with an evil copy that also sent them the information, or didn't encrypt the information so they could proxy it, or any number of things.
Most people aren't aware that the government does actually have 'global certificates' that the CA's are required to always respond to as valid specifically for MITM attacks. However, HTTPS is for transport level encryption. You can encrypt the data specifically so that even if someone is able to decrypt at the transport level, they still have to decrypt the data itself. Think of it this way. A highway is a transport level. A vehicle is data. HTTPS is akin to the vehicle driving in a tunnel. Anyone outside the tunnel can't see into the vehicle. encryping the data is akin to tinting the windows of the vehicle. Even if someone is inside the tunnel, they still can't see into the vehicle. The problem is, of course, that you have to communicate the keys to decrypt the data, and if you do that via the compromised transport layer, you're still no better off than you were. To be truly secure in this manner, you need to have an 'out of band channel', meaning, some way to send them the key using a different mechanism than the compromised transport layer. And this is where true security runs headlong into usability and convenience, and it's why most discussions on security also need to discuss the tradeoffs in terms of usability/convenience. When people talk about secure, they really mean "secure enough for some use". If you can control both ends of the communication, being secure is a lot easier, but most communications have at least 1 end you don't control. At which point it becomes about who you trust. Personally, I don't like the idea of the government being able to initiate a MITM attack on me at any time, OTOH, if I had to choose, I'd rather it be the government with some guarantees against random people, than the other way around. PS
This is also why you implicitly trust the network you're on when you don't encrypt the data and instead rely on transport level encryption. That coffee shop could very well be snooping on you via MITM, as could the company whose office you're in.
The first thing I did after seeing this link was checking the certificate. It's issued by SwissSign which is a welcome surprise. It's almost rare these days to encounter a certificate that is issued by a company that is not based or owned by another company in the US.