PRISM Proof Cloud Email Services

Introduction Cloud email services use SSL certificates to encrypt the conversation between your browser and the HTTP server, this encryptedtrafficiscalledHTTPS.MostHTTPScertificatesallowfora master key to decrypt the encryptedtraffic, however this is not true for certificates whichuse a temporarysessionkeywhichisindividualforeachuser.ThisisknownasSSLephemeralmode.

This article is a survey of free cloud email services. It lists services by their affiliation with the NSA, their support for HTTPS, their support for SSL ephemeral mode,andthephysicallocation of their servers. By carefully choosing a cloud email service, users can be confidentthattheir traffic is not entering the network of the United States. Additionally if their traffic did enter the United States, the SSL certificate of the cloud service they select supports ephemeral mode whichpreventstheNSAfromgainingamasterkeytodecryptnetworktraffic. Listsoffreecloudemailservices http://ubuntuforums.org/showthread.php?t=2125732 http://email.about.com/od/freeemailreviews/tp/free_email.htm http://capturedbloggingtips.com/2013/03/6bestalternativestogmail/

https://en.wikipedia.org/wiki/Comparison_of_webmail_providers http://prismbreak.org/#emailservices IndividualcloudemailservicesthatsupportHTTPS https://www.gmx.com https://www.hushmail.com/ https://mail.google.com/ https://www.zoho.com/mail/ https://mail.aol.com https://www.icloud.com/ https://www.outlook.com/owa https://mail.live.com https://mail.yahoo.com/ https://www.mail.com/int/ https://shortmail.com/ https://www.inbox.com/ https://lavabit.com/ https://www.fastmail.fm/ https://mail.yandex.com/ https://www.mail.lycos.com/ https://www.nokiamail.com/ https://www.rediff.com/ https://mail.riseup.net/ https://www.contactoffice.com/ https://webmail.xmission.com https://ojooo.com/ https://mail.opera.com/ Privatekeydisclosedtolawenforcement(PRISM/FBIetc) https://mail.google.com/ https://mail.aol.com https://www.icloud.com/ https://www.outlook.com/owa https://mail.live.com https://mail.yahoo.com/ https://www.hushmail.com/ PrivatekeynotdisclosedtoUSAlawenforcement(thislistisusedfortheremaining tests) https://www.gmx.com https://www.zoho.com/mail/ https://www.mail.com/int/ https://shortmail.com/

https://lavabit.com/ https://www.inbox.com/ https://www.fastmail.fm/ https://mail.yandex.com/ https://www.mail.lycos.com/ https://www.nokiamail.com/ https://www.rediff.com/ https://mail.riseup.net/ https://www.contactoffice.com/ https://webmail.xmission.com https://ojooo.com/ https://mail.opera.com/ DomainsthatuseEphemeralDiffieHellmankeyexchangeonHTTPS www.gmx.comDHE_RSA www.mail.comDHE_RSA shortmail.comDHE_RSA lavabit.comDHE_RSA www.mail.lycos.comDHE_RSA mail.riseup.netDHE_RSA www.contactoffice.comDHE_RSA webmail.xmission.comDHE_RSA ojooo.comDHE_RSA DomainsthatuseEphemeralDiffieHellmankeyexchangeonPOP3:995 pop3.inbox.comDHERSAAES256SHA pop3.ojooo.comDHERSAAES256SHA pop.contactoffice.comEDHRSADESCBC3SHA DomainsthatuseEphemeralDiffieHellmankeyexchangeonIMAP:993 imap.inbox.comDHERSAAES256SHA imap.ojooo.comDHERSAAES256SHA imap.opera.comDHERSAAES256SHA imap.contactoffice.comEDHRSADESCBC3SHA DomainsthatuseEphemeralDiffieHellmankeyexchangeonSMTP:465 smtp.inbox.comDHERSAAES256SHA smtp.riseup.netDHERSAAES256SHA smtp.xmission.comDHERSAAES256SHA smtp.ojooo.comDHERSAAES256SHA smtp.opera.comDHERSAAES256SHA

DomainswithPOP3butnoPOP3encryption pop.rediffmail.com:110 DomainswithIMAPbutnoIMAPencryption imap.rediffmail.com:143 DomainswithSMTPbutnoSMTPencryption smtp.rediffmail.com:587 Companygeographiclocation www.gmx.comGermany www.mail.comGermany shortmail.comUnitedStates lavabit.comUnitedStates www.mail.lycos.comUnitedStates mail.riseup.netUnitedStates www.contactoffice.comFrance inbox.comUnitedStates webmail.xmission.comUnitedStates ojooo.comGermany mail.opera.comNorway Servergeographiclocation DNSdomaintoipaddressresolutionandroundrobin: This is where things start to get a bit more complicated. By looking up the DNS records for a domain you will find that some organisations have servers located acrossseveral countries to get better speeds. By looking up the DNS records for gmx.com you will see that gmx have domains registered for different geographies such as gmx.net, gmx.at, gmx.ch, gmx.co.uk, gmx.es, gmx.fr and gmx.com all of which can resolve to multiple ip addresses for requeststo the same domain. By visiting the following web page you can do a quick lookup to list the ip addresses forthedomainbutbewareasthe addresseslistedarenotalwaystheonesaccesses byyourbrowser.http://who.is/dns/gmx.com Tryrunningthefollowingcommandtodownloadthednsrecords: dig+nocmdgmx.comany+multiline+noall+answer You may also notice that by pinging mail.gmx.com several times you will get a different ip address in the response every time. This is due to the DNS server responding witha single ip fromalistofipaddressesusingtheroundrobinalgorithmforloadbalancing. pingmail.gmx.com>212.227.17.184 pingmail.gmx.com>212.227.17.174 pingmail.gmx.com>212.227.17.184

URLredirectsandCrossDomainSingleSignOn(CDSSO): In some cases youmay log into a domain such as gmx.co.uk by enteringyour credendials but you will be redirected to gmx.fr. If the cookie is sent to your browser from theco.ukdomainand the fr domain requests thecookie from the first domain then your browserwillblockthesecond domain from reading the cookies as it violates the crossdomain policy. By using CrossDomainSingleSignOn web applications are able to authenticate across several domains allowing the user to log in only once. For the purposes of knowing where your data is being stored in the cloud, the best guess you can make is toassumeitiscomingfromthefinal domainyouhavebeenredirectedto. Emailports The POP3 port for inbound emails is 110 or port 995 if you want to use secured POP3. The IMAP port for inbound emails is143orport993ifyou wanttousesecuredIMAP.TheSMTPport for outbound emails is 25/2525/587 or 465 if you want to use secured SMTP. If your cloud mail server allows connections over nonsecure ports and your traffic is crossing american cyberspacethenemailsreceivedonports110,143,24and2525canbecapturedby theNSAas the traffic is not encrypted between one mailserver and other (Alice > [https] > gmail.com > [plaintext] > gmx.co.uk >[https]>Bob). Aninterestingprojectwouldbetosurveyhowdifferent mail servers interact when exchanging mail documents,dothey alwaysattempttouseSSLand downgrade if it is not available or do they have to beforcedtouseit?IfmailserversuseSSLby default whenavailablethenthecommunicationwouldbesecurebetweenthewebinterfacesand also between the mail servers (Alice > [https] > gmail.com > [ciphertext] > gmx.co.uk > [https]>Bob). Comparethecertificatetypesofhttps/pop3/imap/smtpusingthefollowingbashshellscript: #!/bin/bash list="www.gmx.co.uk:443 pop.gmx.co.uk:995 imap.gmx.co.uk:993 smtp.gmx.co.uk:465 www.zoho.com:443 pop.zoho.com:995 imap.zoho.com:993 smtp.zoho.com:465 www.mail.com:443 pop.mail.com:995 imap.mail.com:993 smtp.mail.com:465 www.shortmail.com:443 imap.shortmail.com:993 smtp.shortmail.com:465 www.lavabit.com:443

pop.lavabit.com:995 imap.lavabit.com:993 smtp.lavabit.com:465 www.inbox.com:443 pop3.inbox.com:995 imap.inbox.com:993 smtp.inbox.com:465 fastmail.fm:443 mail.messagingengine.com:587 mail.yandex.com:443 pop.yandex.com:995 imap.yandex.com:993 smtp.yandex.com:465 www.lycos.com:443 pop.lycos.com:995 imap.lycos.com:993 smtp.lycos.com:465 www.nokiamail.com:443 nokia.pop.mail.yahoo.com:995 nokia.imap.mail.yahoo.com:993 nokia.smtp.mail.yahoo.com:465 www.rediff.com:443 www.riseup.net:443 pop.riseup.net:995 imap.riseup.net:993 smtp.riseup.net:465 www.contactoffice.com:443 pop.contactoffice.com:995 imap.contactoffice.com:993 webmail.xmission.com:443 pop3.xmission.com:995 imap.xmission.com:993 smtp.xmission.com:465 ojooo.com:443 pop3.ojooo.com:995 imap.ojooo.com:993 smtp.ojooo.com:465 mail.opera.com:443 pop3.operamail.com:995 imap.opera.com:993 smtp.opera.com:465" foriin$list

do echone"$i:\t" echo"EOF"|openssls_clientcrlfconnect$i2>1|grepo"Cipheris[^>]*" done Additionallytocheckifaportisopentrythefollowingcommands(typequit[enter]toexittelnet): telnetpop.gmx.co.uk110 nmapT5p110pop.gmx.co.uk By determining if the portsareopenyoucanassume theserviceisrunningontheport,however this is not always the case. Also be aware that some servers block port scanning. Try the followingbashshellscripttousenmaptotestifportsareopenonthecloudservers: #!/bin/bash http="www.zoho.com www.mail.com www.shortmail.com www.lavabit.com www.inbox.com fastmail.fm mail.yandex.com www.lycos.com www.nokiamail.com www.rediff.com www.riseup.net www.contactoffice.com webmail.xmission.com ojooo.com mail.opera.com" pop="pop.gmx.co.uk pop.zoho.com pop.mail.com pop.lavabit.com pop3.inbox.com pop.yandex.com pop.lycos.com nokia.pop.mail.yahoo.com pop.riseup.net pop.contactoffice.com pop3.xmission.com pop3.ojooo.com pop3.operamail.com"

imap="imap.gmx.co.uk imap.zoho.com imap.mail.com imap.shortmail.com imap.lavabit.com imap.inbox.com imap.yandex.com imap.lycos.com nokia.imap.mail.yahoo.com imap.riseup.net imap.contactoffice.com imap.xmission.com imap.ojooo.com imap.opera.com" smtp="smtp.gmx.co.uk smtp.zoho.com smtp.mail.com smtp.shortmail.com smtp.lavabit.com smtp.inbox.com smtp.yandex.com smtp.lycos.com nokia.smtp.mail.yahoo.com smtp.riseup.net imap.xmission.com smtp.ojooo.com smtp.opera.com" #httppopimapsmtp foriin$http do echoe"\n$i:" nmapT5p80,443$i|egrep"http$|https$" done foriin$pop do echoe"\n$i:" nmapT5p110,995$i|egrep"pop$|pops$|pop3$|pop3s$" done

foriin$imap do echoe"\n$i:" nmapT5p143,993$i|egrep"imap$|imaps$" done foriin$smtp do echoe"\n$i:" nmapT5p25,2525,587,465$i|egrep"smtp$|smtp$" done

Finalnote Ensure your browser is using the HTTPS everywhere extension when browsing these domains. If you bookmark a cloud email service, be sure that you are using the absolute ip address of the server to lock its geographic location. So for example, bookmarking www.gmx.com which could bring you to theservers in the USA or Germany, insteadbookmark https://213.165.64.202/ which is the German ip address as opposed to bookmarking https://74.208.5.85 whichis the ip address for the US server. A useful extensionforgeolocation of servers is Flagfox which attempts to perform geolocation of the server currently delivering thecontentforthewebpage. Conclusion It should be noted that no single cloud service provides SSL certificates inEphemeralmodefor all their services (HTTPS/POP/IMAP). Additionally out of the 20 service surveyed that provide HTTPS there are only 3 that arenot based in the United States. It was possible to shortlist the top3servicestobronze,silverandgoldbasedontheresultsofthisbriefsurvey. Winners: #1ojooo.com(DHE_RSAonhttps/pop3/imap/smtp,andtheyrebaseinGermany) #2contactoffice.com(DHE_RSAonhttps/pop3/imap,andtheyrebasedinFrance) #3inbox.com(DHE_RSAonpop3/imap/smtp) Worstsecurityaward: #1rediffmail.com(nosecurityimplementedonanyprotocol)

Normally if the traffic happens to pass throughamerican telecommunicationsnetworkstheNSA will tap into the fibreoptic systems in the network backbone of the country and record all the traffic in their Utah data centre and will keep it for up to 5 years in cold storage onhard drives before discarding it. An famous case of the NSA tapping major network backbone is the fibreoptictapinRoom641AwhentheNSAsplitthe fibreopticcommunicationscableinAT&Ts communicationsstation.

By choosing a mail service that uses a different encryption key for every network

communication, your traffic will be secured against the NSA from taking your traffic out of coldstorage and decrypting it using the compromised master keys used to generate the SSL certificates. These master keys are normally compromised by the NSA simply walking into a corporation and demanding the keys from the owners. However this is not possible with SSL certificates that are operating inEphemeralmodeas adifferentkeyisusedforeveryconnection and is then discarded immediately. However this technique will not prevent the NSA or other surveillance organization fromdemandingphysicalaccessto thecompaniesserversandsimply copyingthedataofftheirharddrives. Futurework An interestingprojectwouldbetosurveyhowmailserversinteract toexchangemessageswhen a secure communications channel is available. Does Postfix mailserver attempt to use SSL before downgrading to a plaintext alternative. Does Microsoft Exchange server attempt to use SSLbeforedowngradingtoaplaintextalternative? Sources: 1. PRISMAccomplices https://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_slide_5.jpg 2. PRISMNetworkGraph https://upload.wikimedia.org/wikipedia/commons/0/01/Prism_slide_2.jpg 3. ExplanationofEphemeralDiffieHellmankeyexchange http://blogs.computerworld.com/encryption/22366/cannsaseethroughencryptedwebp agesmaybeso 4. DHvs.DHEandECDHEandperfectforwardsecrecy http://stackoverflow.com/questions/14034508/dhvsdheandecdheandperfectforward secrecy 5. Geographicipmappingtoolhttp://www.geoiptool.com/en/ 6. HTTPSEverywherehttps://www.eff.org/httpseverywhere 7. Flagfoxhttps://addons.mozilla.org/enus/firefox/addon/flagfox/ 8. NSAUtahDataCentreYottabyteStorageCapacity http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 Lastedited:Tuesday,July16,2013at1:35:15PMIST Contacthughpearse@gmx.co.uk