Mega plans to offer encrypted email service
Posted on 12 August 2013.
With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service.


Prims-break.org has a few suggestions on which to consider trying out and which to definitely don't, whether it's a service or a piece of software.

Mega CEO Vikram Kumar has also announced that they are working on a new secure email service that will run on server networks that will be legally inaccessible to US authorities.

Whether that means New Zealand or another country like Iceland is still to be decided, as Mega founder Kim Dotcom is worried about New Zealand government's apparent inclination for laws that would force service providers to cooperate with the authorities by handing over decryption keys or providing a backdoor into their servers.

Kumar says that they are working on the aforementioned email service, but that it could take many months to deliver a product they are satisfied with.

They are working on finding a solution to keep Mega secure even if SSL/TLS is compromised, and are experimenting with new and still theoretical technologies such as Bloom filters.

"The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side," he shared with ZDNet's Rob O’Neill.

"If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That's] not quite impossible, but very, very hard. That's why even Silent Circle didn't go there."

Mega, which is currently just a file hosting service, opted for client-side encryption so that they don't know what type of content is uploaded, they don't have or store the encryption keys, and consequently can't hand them over to anyone.

Vikram says that "Mega will never launch anything that undermines its end-to-end encryption core security proposition". While he seems optimistic about their plans, only time will tell whether they will succeed in creating a secure and usable encrypted email service.









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //