Given that the email is encrypted, the FRA laws don't really matter though, right?
The question is rather if the Swedish authorities can coerce them into handing over their data (including gagging them on even letting people know it happened) like in the US.
The question is rather if the Swedish authorities can coerce them into handing over their data
I don't think there's any question that a sovereign government can coerce its citizens and corporations into handing over data. The answer to that is that yes they can, and if they cite national security it's hard to argue against them in court, or you might never be allowed to see a court, or even know about it. Depending on where the encryption happens, obviously if the company is compromised your data might be too. In this case they get you to install a java applet which you can't know the workings of, so I think it'd be pretty easy to subvert the encryption.
So I see the cooperation of Sweden on collecting and handing over data as in indicator that they would go farther if required by the NSA (as the UK would for example), and that other jurisdictions less subservient to the US would be a better place to store data.
For what it's worth, Countermail claims that under Swedish law this cannot be done.
"The privacy laws in Sweden are much different than US and UK and many other countries, nobody can force us to store passwords, IP-addresses or decryption keys."
PGP encrypts the body of the email. It leaves the metadata as-is. There's a surprising amount of information in there - the subject, to/from, IP addresses, DKIM signing information, References headers, etc.
This would likely be enough information for a lot of the metadata path discovery that the government wants to do.
Supposedly even more of a lap dog than the British. Who, despite the fact that we literally payed then 100 million dollars for intelligence, could not be persuaded to do anything to Assange including extraditing him to the US to face the secret espionage charges that our lap dogs in Sweden wanted to extradite him to. Next time we should give Sweden the doggy treats
Given that NSA, the Chinese, and presumably a bunch of other countries have a good amount of black hat hacking expertise, I think trusting your hosting provider, regardless of jurisdiction, is probably a bad idea.
If you had to, I'd imagine the best idea would be to do some multi-party computation/Byzantine system where you place nodes in mutually antagonistic jurisdictions. This doesn't help for email though, since they mail still has to go to one box first.
If you're only worried about the NSA, and only worried about pervasive surveillance, the safest thing might actually be in the U.S., but only if you self-host the software and data.
I've heard KDE devs recommend Switzerland.
But in general it's kind of a quandary. You'd want hosting in a strong nation so that the U.S. doesn't simply use a black bag operation to force-collect the server hardware, but nations that are strong and opposed to the U.S. are undoubtedly being extensively monitored by NSA.
Really it all depends on the threat model you're trying to defend against. If you end up with "You can trust me, I'm not from the government" you're already screwed.
I just created an account to ask this after 2 yrs of lurking here.
Can you/somebody kindly recommend me a server I can host? I have been looking for a server to host, and I have to admit that I am yet to find company in a safe country which has strong privacy ethics like Lavabit had?
Norway also has extensive history of PST (police security service) carrying out illegal politically motivated surveillance.
Including against one of the members of parliament (Berge Furre) tasked to investigate their abuses while he was investigating them (as part of the Lund commission).
While it's been a while since the last revelations and perhaps they've gotten better, keep in mind that for about 4 decades the official story was that the members of the various predominantly left wing groups that alleged illegal surveillance were all just paranoid and delusional. Then it was revealed that not only were they right - the surveillance was in many ways substantially worse than they thought.
And what they thought was pretty bad. I personally know someone who was followed to and from work every day (he was a member of the communist party, and his route to work took him past the then Soviet embassy), as well as someone who was more than once taunted by high ranking members of PST who gave him details about his private conversations at home with his wife to make it clear they listened to everything he did.
In other words, while Norway might seem "safe" now, I'd be cautious given our relatively recent past history combined with the very cozy relationship between Norway and the US.
I did have the general impression that Norway had decent privacy laws, it does however seem it's rapidly changing.
Norway is implementing the EU "Data retention Directive", 2006/24/EC.
While I don't know the exact specifics, it were recently opened for private parties to conduct piracy investigations on behalf of the media industry. I don't imagine they were granted powers in regard to gathering information, I think it's more in regards of keeping/storing it.
Why Canada is green when it has intelligence treaty with USA, and in turn NSA? I consider Canada to be on the same level of trust as USA because of that.
Hardly, first off Sweden (I'm a swedish native) has already done covert extraditions of atleast two swedish citizens to USA authorities.
Secondly Assange has offered to come to Sweden if given the promise that the Swedish government won't be extradite him to the USA, something the Swedish government refuses to do.
So yes, as a swedish native I have no doubt that 'my government' would indeed extradite him should he set his foot on swedish soil again. And he is not even called upon to stand trial, he is to be 'questioned' regarding the case of 'refusing to use a condom during consentual sex'. Something which could be done perfectly well over video link.
That such accusations would render an 'international arrest warrant' is ample proof that this is nothing but political. Here is a good article regarding the 'case' from Naomi Wolf, a known feminist who has followed and reported on rape law for over 20 years.
Not that I disagree with your sentiment, but that isn't really true. The case isn't that they refuse to give such a promise, it's that they are legally prohibited from make such a promise due to the laws regarding ministerstyre.
Just like they'd never illegally hand over political asylum seekers to the CIA, knowing they'd get shipped off to their home country for torture, right?
Except that happened not that many years ago.
Then they promised an end to all rendition flights via Sweden. Yet a few years later, Swedish military intelligence caught the CIA red-handed doing further rendition flights with complicity of Swedish airport staff.
kind of worrying you need to run java to use the service. also, it is a signed applet that requests full permissions, has obfuscated code and contains a native module (or native executable). i realise it probably needs full permissions on java for usb key support. but i wouldn't use this service. the only 'online' email service i would trust would be one that shipped its product as a browser extension that was opensource.
I don't even have any subset of browser java enabled. The risk is just too high. The only reason I have it installed is that Adobe's nasty software requires it.
Would you trust it more if it required JavaScript instead of Java?
Why or why not?
Would it matter if the JavaScript code was un-obfuscated and open source?
Java is now owned by Oracle, which has always been and will always be evil.
But there are multiple JavaScript implementations available, so it would be harder for the code to be compromised by a back door in the VM.
And the people developing JavaScript interpreters are generally not as shady and untrustworthy as Oracle. (Although one of them is known to be inexplicably homophobic...)
Oracle being intentionally malicious is unlikely, but Java has had well publicized security issues lately.
(1) I'm not sure that the JVM is actually less secure than JavaScript engines, but it's unnecessary enough in the modern web that many users like to turn it off entirely. Requiring it to be on is a step back.
(2) The applet is trusted. So if it's backdoored or exploited, the adversary gets your entire computer rather than "just" your email. This is par for the course for native apps, Java is harder to exploit than native code, and in theory email should not really be much of an attack vector (plain text and maybe basic HTML); but this app is not well-known and is thus more likely to have simple programming errors (not that popular services are immune from those either!), the browser security model is easier to screw up, and webapps are expected to be sandboxed. Again, a step backwards.
(3) The choice of Java may be an indicator of inflexibility, thus poor programming skills, thus insecurity. This is speculation, but far from improbable.
Off-topic, their claim to be (effectively) protected against rogue CAs is dubious, never mind the claim that they are the only provider with such protection.
> Would you trust it more if it required JavaScript instead of Java?
> Why or why not?
A couple of months ago I started working on a contact form using OpenPGP.js[1]. The idea was that by having the content in javascript it wouldn't need third-party plugins and would send encrypted e-mails to an unknown address. Ideal for something like a drop box or simply to ensure that your granny can securely contact you without understanding encryption. After considerable thought and evaluation I decided against publishing it rather than risk people adopting a solution I felt that ultimately I couldn't appropriately secure.
Fundamentally the biggest problems with Javascript cryptography (as far as I can tell, and I'm not a cryptographer, I'm a security specialist) are (in no particular order):
* Differences between implementations in different browsers, different Operating Systems, the same browser on different Operating Systems etc.
* Sources of randomness across different platforms
* Getting the Javascript to the user securely in a trustworthy manner
* Caching (which can be both good and bad depending on whether the point above has been resolved)
These are just a few of the problems without even getting to the horrible stuff like bugs in JS implementations that could either affect crypto safety or result in exploitable conditions compromising either data or the client system.
Java on the other hand is fairly standard across systems (to a point, but a point that can be largely controlled by the applet) and has some fairly robust crypto interfaces and 3rd-party components. That trust issue about getting the code to the target securely is still the same.
I think this is more of a legal convenience than anything else. It probably would be an extended JVM if Google weren't concerned about Sun/Oracle's litigious nature when it comes to extending the JVM.
Really it's a VM that runs JVM code, even though it needs an extra translation step. It's not like there's anything else that targets it afaik.
"President Barack Obama has canceled a planned meeting in Moscow with Russia's President Vladimir Putin - a diplomatic snub that follows tensions over NSA leaker Edward Snowden. [...] In place of the canceled Putin meeting, Obama will visit Sweden, according to a White House statement that called Sweden 'a close friend and partner to the United States.'"
Wouldn't all of your recipients also need to be using countermail? Email is just not the answer, if you want any privacy at all... We need a whole new communication protocol, or a new platform where people go for ephemeral and encrypted communication.
> Wouldn't all of your recipients also need to be using countermail?
You only get end-to-end encryption if both ends do PGP. They offer some security perks like encrypting the mail on the server and running diskless servers if you're communicating with non-PGP people though.
If you want end-to-end, true E2E, you're gonna need client-side software of some kind. It's just the way it works. It's not a bad thing. It's a great thing. It means to get the private keys, the gubment has to gain access to each target's machine individually. Right now they just force the server-side stuff to roll with a single NSL and a phone call.
If you make them have to work for each constitutional violation then they might at least consider not breaking the law.
All this cloud shit has made it far too easy for NSA, etc.
I agree with you. Small workarounds like E2E encrypted email aren't enough.
I think that it's time the tech industry had an open and frank discussion about about re-building our infrastructure from the ground up to avoid organizations with means (e.g. the NSA) from abusing the system. Privacy is essential to a healthy culture and a healthy economy. Can you imagine Putin taking advantage of similar tracking to hunt down homosexuals with his draconian anti-gay laws?
This is a pandora's box that needs to locked shut.
Good idea, but I'm not going to go install Java to try your service. Remove that giant, monolothic and irritating dependency if you want anybody to use this: I shouldn't need to install 200 MB of software to connect to your servers through IMAP.
I wouldn't trust this at all. If the Swedish police are really interested they will confiscate the servers and worry about whether its lawful at a later date ala Bahnhof raid
The servers are diskless. If they confiscate the servers they get nothing. Mind you if they keep the servers in place and take control of them it'd be hard to stop them from doing whatever they like.
Given how prominently they feature the diskless servers I was a little surprised that I did not see any mention of the power infrastructure. Did I miss the page with the details? What happens during a power failure?
A related question: what percentage of the nodes can lockup/hang/freeze without losing user data?
This is orders of magnitude more expensive than Lavabit was, and simply disallows you sending non-PGP email (i.e. email to anyone other than 2 or 3 very geeky friends.)
I don't think I can pay $100/year to host my email if I can't actually host all my personal email there[1].
[1] (of course, I still have a gmail account for spam, "personal" here means "from an actual person".)
This doesn't support iOS which makes it pointless. Requiring Java is a non starter anyway. I think the only way this will be at least somewhat palatable if it was an open source native application with the servers in a country likely to not interfere with them. Is there such a place?
I think that java is perfectly fine for these kind of tasks. What else do you have if you wish to run something a bit complex from browser? Someday javascript will be also capable for these kind of tasks, but I don't see how it will have less exploits than java has now...
So well. And what if terrorist or people with evil goal or activity use this system ?
These types of services solve only a little piece of the equation.
I now also tend to think that people focusing only on privacy are individualists. A good example of individualism is defending the right to freely own and carry weapons. For rational, well balanced and honnest peoples, it sounds right and harmless as a mean of defense. Like privacy. But it is well know and demonstrated by the numbers that pople are abusing this right and using the guns for bad goals. The trust given to them, not only by the authority, but from nightbours and all honnest citizen as well has been betrayed. In europe where guns are banned and under very tight control, life is much safer. This is very counter intuitive. See ?
I now tend to assume, privacy is very similar. If we give up privacy we may become much safer. Of course there must be exceptions, but with tight controls as exist for weapons in europe. Privacy should be available to lawyers and doctors for instance.
Finally, a last missing piece of the solution is a feedback loop to control the controllers so that no one can abuse the system, and this includes the government.
I somewhat agree. However, it's incredibly dangerous for everyone to give up privacy while the government continues doing things secretly. If we all must be forced to be exposed, so should the government.
Yes, I understand but I honnestly don't see how it can be possible to detect misbehaviors or threats without surveilliance. There is a dilemma there I can't yet dealth with.
Surveilliance methods are easy to defeat once you know how they work and where they are applied. This is why they are kept secret. Maybe the cummunication capacity and the terrorist threat has developped to fast for taking the time tothink of the optimal approach in terme of efficiency and respect of privacy and rights. The strategy used so far is not ok. I fully agree and we need methods to ensure there is no abuse like for the civil forfeiture law.
This is the role of the feedback control loop. With such a loop Abuse or inadequacy cab be detected ASAP and corrected ASAP. Secrecy, and keeping the control to some arbitrary authority, is preventing to have such objective and independent feedback control loop. This is in my opinion the true problem in what happens with the NSA and in Europe too.
Based in Sweden, which has been cooperating with the NSA and sends them at least all russian traffic and probably other traffic too:
http://www.stockholmnews.com/more.aspx?NID=6402
Easy installation with a certified Java applet
This could too easily be back-doored or exploited without your knowledge, if they're going to use a binary it has to be open source at least.