Brother, can you spare a DIME for holy grail of secure webmail?

Lavabit man's new project: One of security's thorniest problems

Beginner's guide to SSL certificates

Feature Lavabit founder Ladar Levison promised attendees at security conference DefCon that he'd carve out a secure messaging service from the wreckage of the email service favoured by rogue NSA sysadmin Edward Snowden within six months.

The Dark Internet Mail Environment (DIME) project is promising, but recent problems experienced by others attempting to put together snoop-proof email platforms show that Levison and his partners at Silent Circle are grappling with one of the most difficult problems in computer security.

Levison pulled down the shutters on Lavabit rather than handing over crypto keys that would have given the FBI access to everyone's email on the site – and not just those of their presumed target, NSA leaker Edward Snowden.

The Lavabit founder earned the respect of privacy activists, and the ire of the Feds, by responding to a court demand to hand over SSL certificates by printing the keys in 4-point font described by one prosecutor as "largely illegible". He eventually complied with the order before closing the service.

Can you spare a DIME?

The Dark Mail Alliance, announced last year, has evolved to become the Dark Internet Mail Environment (DIME). Levison unveiled the latest plans for the project at DefCon.

DIME aims to be so secure that not even its administrators can read messages sent and received by its clients.

The service will come with three security modes: Trustful, Cautious and Paranoid. When using Cautious and Paranoid modes, a user's email messages will be encrypted by keys that don't leave their device. DIME's operators will never have access to these keys, a move that is also designed to make the service more resistant to government-backed spying and over-arching law enforcement requests.

Messages sent through DIME will be segmented so that only the recipient and sender see the full contents of each email's headers. Headers are encrypted and envelope information is separated out so that each node has only enough information to get to the next hop.

The approach is designed to minimise the generation of metadata around the comms.

Encryption key management has traditionally been a bug bear for secure email users. DIME is adopting cryptographic profiles, dubbed "signets", that could be shared with trusted users and would operate much like PGP. The DIME client - called Volcano - is a fork of the Thunderbird open-source email client developed by Mozilla.

It is hoped that a beta for the new service might be ready in time for next Chaos Communications Congress in Germany.


Dozens of products and services have emerged to fight spying and restore privacy in the wake of the Snowden revelations. The discovery of severe flaws in two webmail services touted as "spy-proof" has illustrated the difficulty of providing secure email.

Both ProtonMail and German startup Tutanota were forced to acknowledge that their webmail services were vulnerable to a cross-site scripting bug despite boasting it offered an "NSA-proof email service".

The flaws, which created a means for attackers to inject malicious JavaScript into victims' browsers, were both discovered by German security researcher Thomas Roth.

Both websites perform message encryption and decryption in the browser, keeping the crypto keys in the hands of the users and out of reach of hackers and spies, at least in theory.

Roth told El Reg that the whole model of delivering secure webmail is flawed.

"The problem with encrypted webmail is always [that] the whole application is supplied by the server and not locally installed. If the server is hacked it's game over: an attacker can just serve modified JavaScript that extracts passwords/keys/data," Roth explained. "The companies often say that they are able to secure their servers but in the end it's just one more thing that can go wrong."

Part of the problem is that secure webmail services leave unnecessary ports open, increasing the potential for attack. For example, Protonmail left FTP, SSH, VNC and a DELL OpenManage console ports open, according to Roth. But the problem goes wider than that, according to the German security expert.

"As long as a hacked server can cause a compromise of the users, I won't use or recommend secure webmailers," he concluded.

Crypto researchers have previously uncovered flaws in Lavabit, which even Edward Snowden trusted (at least up to a point).

Gold standard devalued

PGP has been held up as the gold standard for email security for decades, despite problems with key management and usability. Last week influential cryptographer Matthew Green said it was "time for PGP to die" because of usability and other problems.

Green called for a move away from attempts to retrofit encryption into inherently insecure email systems and towards building networks designed from the ground up to protect messages from eavesdroppers. He named TextSecure and DarkMail as potentially interesting projects that are moving in this direction.

Secure webmail appears to be a particularly difficult problem.

Jon Callas, CTO of Silent Circle and co-founder of the Dark Mail Alliance, told The Register that "doing secure webmail is hard" because of problems such as XSS attacks, among other factors.

Although several startups have emerged with promises of offering spy-proof webmail services, users would do well to be wary of such claims, warns Callas.

"It's almost inevitable that there are going to be problems in services from someone who thinks it ain't that hard to provide secure webmail," he says.

Callas, who worked with Phil Zimmermann on PGP prior to their collaboration at Silent Circle, went on to outline the basic design principles behind what started out as the Dark Mail Alliance.

"Email is based on a design that's now 40 years old. You can encrypt the content but not the metadata. We've decided to step back and find something more secure by building a secure app that runs inside a browser," he explained.

And, of course, the best efforts of the computer scientists behind DIME to build a secure, encrypted email system that's surveillance-resistant would still rely on using it on devices that aren't afflicted by malware. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.