Links

Ben Laurie blathering


Big Brother Comes to Firefox

I’ve been wanting a Firefox plugin for PGP for ages now. So I was quite excited to hear about freenigma. For about one minute, that is, until I read this

Does freenigma send my mails to the freenigma server for encryption?

No. All mail is encrypted or decrypted directly in the webmail client (i.e. directly in the browser). But how does that work?! For the experts: when making an encryption request, the freenigma extension sends nothing more than the list of recipient addresses to the freenigma server. In response, it receives a random session key for symmetric encryption within the client as well as an asymmetrically encrypted session key for all the recipients. AES encryption is then performed within the client using the unencrypted session key. Then, the user script in the client combines the symmetrically encrypted mail text and the asymmetrically encrypted session key to create the OpenPGP binary format.

Oh dear. So freenigma can decrypt my mails (and anyone else they care to give the session key to). What’s more, it looks like they have your private key, too, so they can impersonate you.

They don’t say how you decrypt, but I presume the story will be described with the same disingenuousness: no, you don’t send your encrypted mail to the server, just send us the encrypted session key and we’ll decrypt that for you. How comforting. Not.

They’re also a bit strange generally…

Why doesn’t freenigma encrypt attachments yet? Because we would have to first send the file to our server in order to encrypt it. And from a security perspective, that isn’t a clean solution.

Eh? So why can they encrypt the message locally but not the attached file?

And…

In addition, the separation of content and encryption is important because this is the only way to ensure that the data cannot be decrypted by an unauthorised third party.

Hang on – but that’s exactly what you haven’t done. The data can be decrypted by unauthorised third parties. These guys either don’t get it or they’re deliberately dissembling. Neither indicates someone you should trust with your crypto.

In short, this is not an extension I’ll be installing.

So now we need a Firefox extension that does this properly, more than ever. If someone wants to do it, I’d be more than happy to help. I even have a C library to do the PGP stuff (OpenPGP:SDK). Any volunteers?

23 Comments

  1. […] The “Big Brother comes to FireFox” post of Ben Laurie came to my attention. […]

    Pingback by Freenigma a Big Brother? « Theo’s Blog — 28 Aug 2006 @ 15:17

  2. I can see why I would have to trust freenigma. But doesn’t this sort of service always need a middle man that can be trusted, and what would it take for you to trust the middle man.
    I think that having to worry about the integraty of one party, is a lot better then having to know that your private emails are send as plain text over numerous of parties.

    Comment by Theo Lagendijk — 28 Aug 2006 @ 15:20

  3. You got some stuff wrong:

    – freenigma can’t decrypt your e-mail, because freenigma has no access to it. The mail-body stays in your browser and is send via the servers of the Web-Mail provider. To decrypt this, freenigma would need to “grab” that e-mail on the internet somehow…

    – The private key is stored on the freenigma server. But only the users have the password to access the keyring. The password is not stored outside the keyring. The password is handed over directly to GnuPG. So, freenigma is physically unable to decrypt the e-mails of their users.

    – freenigma is _not_ made for the people, who know how to install GnuPG and who know how to secure their computer. It is made for the hundreds of millions of people, who don’t have this knowledge and still need privacy. How many people use cryptography today. Almost nobody. And why is that? Because it is to complex for average users. Think about it…and this is what freenigma is all about. It is maybe not the perfect solution, but it is still strong cryptography… (But is there a perfect solution at all? In times where on the average Windows-Box dozens of Spyware programs are running?)

    🙂

    Comment by Anonymous — 28 Aug 2006 @ 15:56

  4. Hi, Ben. Thank you for pointing out the holes in their FAQ. My take is that a lot of it was mostly written for people who don’t understand PKI and could be assured by having fancy terms like AES and symmetric/asymmetric encryption thrown in.

    Anyway, thanks again for corroborated my concerns about freenigma. I’ve linked to this post from my journal entry, freenigma: convenience vs. security in the hope that more people read it.

    Comment by Christefano — 28 Aug 2006 @ 17:27

  5. Eh? So why can they encrypt the message locally but not the attached file?

    Presumably because this is just running as JavaScript in the browser. The script can access the message body (it’s in a browser control), but not arbitrary files on disk. All you can do from JavaScript is to allow the user to upload files to the server.

    Comment by Pat Patterson — 29 Aug 2006 @ 6:26

  6. i wrote something close-ish.

    it’s based on burp proxy; and is really really raw, but maybe it’s an avenue for development if anyone cares:

    http://www.progenic.com/?uid=3

    it’s symmetric because it was mainly meant as a way of sharing notes within a group of friends [or just one person].

    probably _NOT_ suitable for actually use; atleast without fully understanding how it works.

    anybody is free to modify it.

    Comment by lok — 29 Aug 2006 @ 6:39

  7. […] Ben Laurie’s Blog drew my attention again this morning when I read his posting about Freenigma, a PGP/GnuPG plug-in for Firefox. This plug-in raises the question as to whether increased user-friendliness justifies a relaxation in security. In my opinion, this is an absolute no no. The objective of such a system must be security with user-friendliness a secondary goal. There’s no point in having a broken security system that’s user-friendly. […]

    Pingback by The prattlings of Steve Crook » Blog Archive » Freenigma (The cost of user-friendliness) — 29 Aug 2006 @ 10:42

  8. I just tried this plugin last week. It creates a new public/private PGP keypair for you and uses that. You can’t use an existing one, nor get your private key off of their server, AFAICT. Also, I’m dissappointed that it doesn’t support signatures yet. As far as encrypting attachments, it probably can’t because the file data isn’t available until the form is submitted as opposed to textarea data that is directly available.

    I also would be very interested in working on a Firefox extension for encrypting and clearsigning form fields.

    Comment by Dave Brondsema — 29 Aug 2006 @ 13:15

  9. I really need an extension like enigmail (thunderbird) but for firefox. It seems like freenigma is not this one.
    I’m very interested about developping an “EnigWebmail” extension, but not alone.

    Comment by Ghusse — 31 Aug 2006 @ 14:00

  10. “freenigma can’t decrypt your e-mail, because freenigma has no access to it. The mail-body stays in your browser and is send via the servers of the Web-Mail provider. To decrypt this, freenigma would need to “grab” that e-mail on the internet somehow…”

    Hmm, well most email security models involve
    an adversary with access to the ciphertext;
    otherwise why encrypt it? We’re trying to
    defend against surveillance! So we begin
    with it as an assumption.

    And whatever enignmail stores, you could be
    forced to divulge.

    “- The private key is stored on the freenigma server. But only the users have the password to access the keyring. The password is not stored outside the keyring. The password is handed over directly to GnuPG. So, freenigma is physically unable to decrypt the e-mails of their users.”

    The user provides a passphrase every time they access it, right? And that never gets sent
    to enigmail?

    I don’t trust these guys enough to recommend it
    either.

    Comment by solinym — 5 Sep 2006 @ 2:15

  11. Ghusse and I are starting an EnigWeb firefox extension at http://enigweb.sourceforge.net/ if anyone else is interested in helping the project, please joing the mailing list and introduce yourself!

    Comment by Dave Brondsema — 11 Sep 2006 @ 3:35

  12. […] Tout à démarré à la lecture du blog de Ben Laurie, qui parlait d’une nouvelle extension pour firefox appelée freenigma. Le but de cette extension est de permettre une encryption (avec GNuPG) des mails envoyés par webmail (gmail est par exemple supporté). Le seul problème ? Votre clée privée est stockée sur leurs serveurs… […]

    Pingback by Ghusse’s » EnigWeb — 16 Sep 2006 @ 17:31

  13. Hi,

    I am one of the developers.I was watching your discussion and like to say some things.

    Today we have more than 600 Millionen WebMail-Users. And this number is growing very fast.
    These people already send their e-mails in plain text.They are mostly average users.

    Since the 80/90s we are all trying to convince people to encrypt their e-mails. We say: “You should put all your e-mails in a secure envelope, just as like you send your letter-post in an envelope, because you don’t want the mailman to read your letters. Just install PGP/GnuPG”. But nobody listened to the users. Compared to the huge number of people who are using the internet, there are only very few people who can install, configure and use GnuPG/PGP and who can maintain their own e-mail server (instead of using webmail). This is just to complicated for average users. Of course it would be much better, if everybody would use client-side cryptography. But my feeling is, that this will never happen.

    This is why we call freenigma “A new kind of service”. Our approach is totally different. If you are a sceptic, try to view the problem from the user angle. For me, it is like this: Before we had a global banking system, everybody kept their money under their bed. They thought, that this is much more secure, than putting it on a bank account. Over the time, the people started to trust the banks and today everybody knows, that it is much more secure to have your money in your bank account.

    Maybe this is what people will think about freenigma in the future, too?!

    And I am not alone with these thoughts. Werner Koch, the developer of GnuPG, is part of the freenigma development team and founding member of the freenigma company. He is known to be a crypto expert, but he also knows how average users are struggeling with crypto technologies. freenigma is maybe the only chance to bring e-mail privacy to the average user!!! Last week I had a talk on the Wizards-of-OS conference in Berlin together with Harald Alvestrand, former IETF Director and now working for Google. He was also very positive about our approach.

    And if you talk about “false sense of security”, then I have to remind you, that a couple of years ago, we started to trust SSL in our browsers. We knew, that the 40-Bit keys at that time were not secure enough, but we used it anyway. It was much better than nothing for the average user.

    So please don’t just quote from our FAQ when you analyse freenigma. Think about all variables in this equation.

    And check this link: http://www.narus.com/customers/index.html. This software already reads and analysis all e-mail streams. Internet users need privacy now. They can’t wait any longer. And I don’t think that a client-side plug-in will help much, because nobody will be able to install and configure all the stuff that is needed to run this on their own box. So if you target average users with EnigWeb, my guess is, that you waste your time. But for expert GnuPG users your initiative is wonderful!

    But in one point, I have to agree with you: How do you know, if you can trust us?! Here in germany, quite a bit people know us. We fight against software patents, I am a volunteer for the Free Software Foundation Europe (FSFE), my company is a frequent donator for the FSFE, I give talks about privacy issues etc. But you don’t know that. You don’t know me.

    So this is really something, where we have to improve. Trust. But think for a moment, that we are really good guys and that we really want to change something. Maybe you have an idea, on how we can do better in ensuring trust to our global user base.

    Your ideas are welcome!

    🙂

    Greetings from germany!

    Comment by Stefan — 25 Sep 2006 @ 15:28

  14. IMO trust is something that needs to be earned. You cannot ask for people that don’t know you to trust you. If you do, that will only add to the direct opposite. Furthermore, you might be “good guys” (you probably are) – but how do we know that? And how do we know that you will not later in the future be forced by some authority to break the integrity of your users?

    You mention banks… I’m sure I don’t have to remind you that even banks are quite vulnerable. War, bankruptcy, laws in the countries they operate in and so on. There’s a lot of examples of where banks fail to be “trustworthy” even in very recent history. People use them because they feel they have to, since they feel they have no better alternative. Besides, they handle only money – how sensitive is that really?

    As many (on this list and elsewhere) has already mentioned, crypto for web based e-mails are well overdue. Why not meet the community half way and satisfy the issues we have? Offer the user the *choice* to store the private key either on your server or by some other means. That way people can decide themselves if you’re worthy their trust or not, if they want to trade comfort for risk… If you’re really honest about your ambitions I can’t see why not.

    Regarding the false sense of security. Yes – that’s a really important issue. Even if you turn out to be the most honest people on the planet, if your system becomes wide spread – where do you think the criminal mind will address it’s focus to? You’re really making it easy for “the other side”… They only need to hack one place, and voilà….

    I must admit, that when I first found out about this project I was very happy. After reading this list I’ve decided not to install or use it, at least until you’ve satisfied the very basic requests mention above and in this list. To force users to give away they private key, that’s… umm.. really not a very good idea 😉

    However, I do agree with you that the normal user who’s mostly concerned about if their intimate love affairs will be revealed or not, do benefit from something that’s at least not clear text. Those who *really* have something to hide would probably use something else anyway.

    /Mike

    Comment by Michael Angelo — 19 Oct 2006 @ 9:55

  15. Well, I have better idea. GPG should be built-in Firefox and GPGkeyring should be something like certificate – you can install (import) it into Firefox, you can secure it with password, you can use it with passphrase only and you can remove it. And – there is a portable Firefox for Windows, so you can store FF + your keyring to your USB drive.

    And FF could be easily connected to public key servers.

    Comment by Matej — 19 Oct 2006 @ 20:38

  16. https://bugzilla.mozilla.org/show_bug.cgi?id=357310

    Comment by Matej — 19 Oct 2006 @ 21:04

  17. Hi i read this just now, i did make a Encryption extension for FireFox.
    http://www.jungsonnstudios.com/blog/?i=3&bin{11}

    It is a so called clicked popup in FireFox, it does not manipulate the chrome so you can be sure that it is safe for encryption. Also is the source pure JavaScript.

    If you need some help to work on PGP in extensions, i would be glad to help.

    regards,

    Jungsonn.

    Comment by Jungsonn — 22 Dec 2006 @ 16:50

  18. i used hushmail, which is not free. but it does pgp the whole webmail message in the browser without compromising security. my problem is that it required I.E. which i stopped using years ago (except all those darned government websites – and intuit’s tax online service – which force you to use IE). I also had issues with their billing practices. but they may have improved that by now.

    Comment by joe — 15 Mar 2007 @ 5:24

  19. You also could use a Javascript encoded webfrom.

    http://www.anonymousspeech.com/how_to_secure_email_form.aspx

    Comment by secured email — 27 Apr 2007 @ 6:41

  20. Here’s what you’ll all looking for: http://firegpg.tuxfamily.org/

    Quoted from the website:

    “FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of a text in any web page using GnuPG.

    It will support some webmails. Right now, only GMail1 is supported (some useful buttons are added in the interface of this webmail!).”

    Comment by FireGPG — 12 May 2007 @ 11:33

  21. Let’s say I want to use GnuPG or a similar system to encrypt my gmails from home and from work. It seems to me that I have two options. First is to store a copy of my private key at home and at work (or copy it from home several times a day!). Second option to to let the folks behind Freenigma manage my public and private keys. Now, at least Freenigma is purportedly dedicated to security and privacy, (the lead developer of GnuPG is an endorser of Freenigma, so that’s probably enough ‘trust’ for my purposes), and as a bonus Germany is not my home country. So, who do I trust more to keep my emails safe, my Pointy-Haired Boss or some (probably) well-meaning hackers from Germany?

    No crypto solution is perfect and easy to use, AFAIK. This extension seems pretty ideal for the 98% of users who just want to keep their personal information out of the hands of phishers, crackers, and ex-girlfriends with a vengeance.

    Comment by raduga-nine — 29 May 2007 @ 23:22

  22. Has anyone with the expertise code reviewed FireGPG, add-on for firefox? I noticed a post for it, above. I was considering using it, have the ability to install it (and gnupg) but don’t have the expertise to review the code for nastiness. I think I might actually be able to convince a couple friends to encrypt, if I could walk them through the install.
    Thanks. -k

    Comment by anon — 3 Sep 2007 @ 6:59

  23. Let’s take a simplifying case.

    Alice uses https to send and receive gmail.

    Bob uses https to send and receive gmail.

    But of course google has all the archived plaintext mail.

    So if freenigma had the keys and google had the cyphertext, would not Alice and Bob be more secure than you are 90% of the time?

    Or do you exclusively correspond with gnurds who are smarter/more educated than you are? What about your grandparents or children of all ages? You never write your mother?

    Engineering the human interface for encryption is a harder problem than you appreciate.

    Comment by peter hwang — 8 Dec 2008 @ 20:50

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress