Snake Oil warning
- From: ikouna <oh@xxxxxxx>
- Date: Fri, 29 Feb 2008 05:44:54 +0100
That is a very good point, if the email is encrypted how can they run
a spam filter on it? They may explain it by just reading the headers
but then that would not explain how the antivirus does it.
I will probably raise this issue with them
You do that. lol
Well here goes their LONG reply:
-----------------------------------------------
As for your second question, we virus and spam scan messages when they arrive at our server.
Our asymmetric encryption feature then encrypts the message with your public key before saving it to disk.
Once its been encrypted, it can then only be decrypted if you know the password (since the private key is
protected using the password and AES256). Naturally if someone compromises the password, they compromise the
account, but we take steps to prevent this from happening on our side (we require SSL for these accounts, we
only keep the password around in memory for a minimum amount of time, and we purge the memory before releasing
it back to the system). Its not a perfect system (were open to ideas for improving it), but it accomplishes our
goal.
Our goal with this system wasn't to provide end to end security (for example, most messages arrive at our server
unencrypted). It also wasn't intended to mask someone's identity. The system was developed in response to the
PATRIOT Act. Basically we didn't like the promiscuous way other services were sharing private information with
employees, other companies and the government. The goal was to create a system where if someone did come to us
with a court order looking for information, we'd have very little private data to surrender.
Our suggestion is that if want to disconnect yourself completely from the account, you only connect to our service
through Tor. Use of Tor should guarantee that you can't track a user account back to a specific person, and a person
back to an account (if their local computer is equally secure).
----------------------------------------------------------
I have to give to them that they really took its time writting it so at least customer care seems OK, but
it stinks to snake oil peddler, they claim on their webpage they can't access your email it does not look like it
since they have your password.
They also give away your IP when sending email that was the first question I asked and they said:
-----------------------------------------------------------------------
We've wrestled with the sender IP question many times. Currently we don't log the IP your sending from on the server.
We _only_ log it in the message itself. The logic behind this was that if your attempting to scam someone,
they should have the ability to discover the IP address you sent the message from.
--------------------------------------------------------------------------------
So now they claim they don't log your IP, they probably think we are all stupid, I find it hard to believe.
.
- Follow-Ups:
- Re: Snake Oil warning
- From: piter
- Re: Snake Oil warning
- From: Anonymous
- Re: Snake Oil warning
- References:
- Re: New email privacy kid on the block [link]
- From: ikouna
- Re: New email privacy kid on the block [link]
- From: Non scrivetemi
- Re: New email privacy kid on the block [link]
- From: ikouna
- Re: New email privacy kid on the block [link]
- From: Ari
- Re: New email privacy kid on the block [link]
- Prev by Date: Re: WARNING: Some "AES" USB drives actually using easy-to-crack XOR
- Next by Date: Re: Snake Oil warning
- Previous by thread: Re: New email privacy kid on the block [link]
- Next by thread: Re: Snake Oil warning
- Index(es):
Relevant Pages
|
