|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Riseup Will Encrypt All Emails to Prevent FBI Searches
#24101498 - 02/18/17 09:54 PM (6 years, 11 months ago) |
|
|
https://motherboard.vice.com/en_us/article/riseup-will-encrypt-all-emails-to-prevent-fbi-searches
The news comes after the activist email service revealed it complied with two warrants related to users suspected of criminal activity. Late last year, popular activist-focused email service Riseup failed to update its warrant canary. At the time, no additional information was provided. But the move raised suspicion, as warrant canaries are cryptographically signed messages that, when not updated per an expected schedule, are intended to warn users that a company or service is facing some sort of legal battle, but is also under a gag order and can't address it publicly.
On Thursday, Riseup clarified what happened. The FBI had served two warrants onto Riseup, which the service complied with. In response, Riseup said it is now implementing encrypted storage so it won't be in a position to handover useful data again.
"After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization)," a Riseup statement reads. ("Riseup birds" are volunteers that help maintain the service.)
To be clear, those warrants did not relate to activism. According to Riseup, the first concerned the contact email address for a DDoS extortion ring, and the second was related to a ransomware campaign.
"Extortion activities clearly violate both the letter and the spirit of the social contract we have with our users: We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas," Riseup's statement continues.
Riseup was unable to inform its users of the warrants because of related gag orders, although it did say in a November 2016 interview with The Intercept that the case did not concern a National Security Letter—controversial legal demands for data that the FBI often uses.
Regardless, this event has inadvertently shown that Riseup's warrant canary was perhaps not phrased in the best way.
"A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason," the statement adds. Now, the canary has been tweaked to only apply to "significant events that could compromise the security of Riseup users."
Most importantly, Riseup is now going to store user emails in such a way that, theoretically, even the service's administrators won't be able to read their contents.
"Starting today, all new Riseup email accounts will feature personally encrypted storage on our services, only accessible by you," the statement reads.
This isn't end-to-end encryption: your data may still be read if intercepted in transit. But it should protect user emails if a server is physically seized, or if Riseup is legally compelled to hand over info.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: tdubz]
#24101501 - 02/18/17 09:55 PM (6 years, 11 months ago) |
|
|
I think lavabit is restarting again as an email service as well, they were forced to shutdown because of the FBI.
|
Bacchus
Lurker



Registered: 10/10/06
Posts: 914
Loc: ::1
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: tdubz] 1
#24115160 - 02/24/17 02:25 AM (6 years, 10 months ago) |
|
|
Quote:
tdubz said: This isn't end-to-end encryption: your data may still be read if intercepted in transit. But it should protect user emails if a server is physically seized, or if Riseup is legally compelled to hand over info.
Meaning the user provides the strong passphrase that decrypts the private key stored on the server. If some agency wants to read your email, all they have to do is force Riseup to capture your information the next time you log in.
If you want privacy, then you have to manage the key. No, imessage and whatsapp won't cut it. Use GPG/PGP. Then, you can send email from any mail account to any mail account. Services like riseup, lavabit, or hushmail are only good for communicating with people who also use the service. Once you send an email across the internet (in contrast to staying within the data center), it's unencrypted all the way. Period.
--------------------
Living on a no-Flash diet is way easier than you think. Give it a shot.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: Bacchus]
#24115162 - 02/24/17 02:27 AM (6 years, 10 months ago) |
|
|
I think it's obvious you have to stay within the services network in order to stay encrypted, but good point. Especially the phone apps whatsapp, signal, ect the email is deff a point of concern if the user does not know this.
|
Bacchus
Lurker



Registered: 10/10/06
Posts: 914
Loc: ::1
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: tdubz]
#24117655 - 02/25/17 12:16 AM (6 years, 10 months ago) |
|
|
Obvious to us, maybe. That was meant for people who are duped by marketing claims of "State of the art, 256 bit double-entanglement encryption."
--------------------
Living on a no-Flash diet is way easier than you think. Give it a shot.
|
nektar61
Into SporePlay



Registered: 07/04/20
Posts: 3,241
Loc: Cube Satellite
Last seen: 7 days, 17 hours
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: tdubz]
#26955398 - 09/26/20 01:24 AM (3 years, 3 months ago) |
|
|
Quote:
tdubz said: I think it's obvious you have to stay within the services network in order to stay encrypted, but good point. Especially the phone apps whatsapp, signal, ect the email is deff a point of concern if the user does not know this.
The big hole with those encrypted services are --they're tied to your phone number. Signal even demands all your contacts in order to even use it. That's insane. I think the other ones do too.
--Even if they are encrypted, most people use them on a phone with 100 other un-vetted apps they think they trust. Google finds spy apps all the time and removes them. not that I trust google either. they ARE a spy app.
--Even if it is secure and no other app is tapping it, they're usually used in a room with other mics, like other phones, laptops, etc. And other people. And sometimes doing all that on speaker, so both sides are heard.
That's the hole in most security. The part on both ends between the device and your brain where it's unencrypted audio or video.
I only use encrypted chat. And it's not fucking Facebook chat. it's a chat a lot of people haven't heard of. And it doesn't ask for my contact list. lol.
As for RiseUp, I wouldn't use an email provider run by what is basically antifa now. They are under heavy surveillance and are heavily infiltrated. And a lot of non government people want to take them down, including 4chan, who seem to have some actual hackers plus a hive mind that has actually solved murders, and they love exposing antifa.
They say they're end to end and the people running it can't even see it, but we have to take their word at that.
-------------------- -NEW? Start here.
Edited by nektar61 (09/26/20 02:39 AM)
|
DancingWolf
FluffButt


Registered: 08/31/19
Posts: 797
Last seen: 30 days, 4 hours
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: nektar61] 1
#26956554 - 09/26/20 06:52 PM (3 years, 3 months ago) |
|
|
Richochet, Utox/Qtox, and privnote are good programs and services to use for communications, but the biggest security boost is first using PGP client side to encrypt your messages with the recipients public key. Tox has it's security flaws in that you can allegedly get someone's IP address in direct messaging, but if you are taking other security measures, such as VPN or public internet, that shouldn't be an issue.
Never trust a middleman for security. Nothing will ever be 100% secure, there are only degrees of confidence.
|
nektar61
Into SporePlay



Registered: 07/04/20
Posts: 3,241
Loc: Cube Satellite
Last seen: 7 days, 17 hours
|
Re: Riseup Will Encrypt All Emails to Prevent FBI Searches [Re: DancingWolf]
#26956611 - 09/26/20 07:37 PM (3 years, 3 months ago) |
|
|
Quote:
DancingWolf said: Never trust a middleman for security. Nothing will ever be 100% secure, there are only degrees of confidence.
This.
+ 2000
-------------------- -NEW? Start here.
|
|