E-mail's Big Privacy Problem: Q&A With Silent Circle Co-Founder Phil Zimmermann

The surprising takeaway for me is that PGP is so astoundingly crappy to use that <i>even Phil Zimmerman</i> asks people to send him plain text mail. We&#x27;ve got to do something to improve the state of things here.

Whenever I see a thread about the security of email these days, I think we&#x27;re missing the point by a large margin.<p>Yes, email is insecure. It is not possible for a company like Silent Circle to provide perfect security for email, therefore it was a wise move to drop it. However, the average person should want to prevent large scale&#x2F;dragnet surveillance of the entire population and themselves, rather than aim for perfect security.<p>The problem we have now is that email is very easily trackable <i>because everyone is using the same two email providers</i>. All the NSA has to do is get their hands on Gmail, and 50% of the people who use email will have it compromised (since they only need to get one side to read the other, too).<p>We have an email server monoculture. If everyone started using their own mail server (with TLS enabled), large-scale tracking people would be much, much harder. There&#x27;s not much people can do if they&#x27;re specifically tracked, anyway, so using your own email server gets you all the convenience with <i>a lot</i> more security.<p>I think the best thing to do now would be to create a mail server package that someone can deploy with one command. &quot;docker run whatever&#x2F;mail&quot;, for example, to get you a TLS-enabled server, configured properly to stop spam attempts, etc. We don&#x27;t need to use GPG to make large-scale surveillance harder, we just need to use more email servers.

Most people are stunned by the way the internet email system is set up. I probably have to explain SMTP error codes on a weekly basis to people who don&#x27;t get why it doesn&#x27;t &quot;just work&quot;.<p>A common conception is that it works like the telephone system - you make connections all the way through, then send the message. Bounces? Delays? How could those happen?<p>It&#x27;s stunning to talk to newcomers about how things were before the internet came to exist as we know it. Mail routing via bang path with UUCP? How many people on HN even have seen that?<p>The problem is that we need a forklift replacement for SMTP and mail envelopes, both of which which have crypto built into it at a fundamental level.<p>Switching everyone over to SSL wrapped SMTP would be a good stopgap for the transport portion of this, even if it&#x27;s just self signed, with some sort of HSTS style cert persistence.

Zimmermann advocating Hushmail. That&#x27;s curious. Also imho deleting user data without warning is kinda non-pleasant even in todays climate. Of course you should have had everything backed up, but I&#x27;d guess many people didn&#x27;t.

Problem is the mobile end device is incredibly insecure. You&#x27;d have to custom build an o&#x2F;s to NSA fishbowl specs and then drop in Silent Circe, but even that wouldn&#x27;t guarantee privacy since all of us have SIM cards with unknown carrier installed apps on them, and unknown software running on the baseband (which is typically in ARM supervisor mode w&#x2F;no NX bit)<p>Also interesting the inventor of PGP and guy who once went against the gov tells people to mail him in clear text and uses a closed source OSX blackbox.

Email should have end to end encryption via a peer to peer system.<p>* Problem with message encryption solved, as long as the OS is not compromised. I currently use GnuPG but very few of my friends do.<p>* Header information The &quot;topic&quot; of an email can be encrypted without problems. We still have the problem that a sniffer knows WHEN, HOW MUCH and with WHOM you communicate. Encrypting this information just for the next knot will make it harder for a sniffer. Also such a P2P email client could randomly send out stuff and connect with random other clients. Basically a special form of spam that gets ignored by the receiving client. The idea behind this &quot;spam&quot; would be to lower the singal&#x2F;noise level.

&gt; &quot;[...] so what are you suggesting those customers do now?&quot;<p>&gt; <i>&quot;Hushmail has a fairly secure email service. [...]&quot;</i><p>Pretty surprising, coming from a guy like him. A little reminder: <a href="http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/" rel="nofollow">http:&#x2F;&#x2F;www.wired.com&#x2F;threatlevel&#x2F;2007&#x2F;11&#x2F;encrypted-e-mai&#x2F;</a>

Interesting that Forbes interview him and the Lavabit founder. Honestly I expected far less from this rag regarding computer and privacy issues given other links here and elsewhere, but there is always time to be surprised.