Quote:
Originally Posted by correo
I respect what fastmail says about their approach to privacy, and I believe them. Nonetheless, if a law enforcement official showed up with a warrant or put a gun to their head, so to speak, they would be capable of turning over my plaintext emails. With the systems I describe from other providers, they are only capable of turning over encrypted data.
|
That stuff is plain old wishful thinking snakeoil. You log in every day to read your email. If you have an IMAP client it's logging in with your password every couple of minutes. If you have any push support, the law enforcement people with guns at their heads can say "send their device a push to say that new email has arrived" (for real, they can just send you a spam email to trigger the new email alert, or wait for a real one to arrive - I get one every few minutes anyway).
At this point you log in or your client logs in with your plaintext password, decrypting the mail store on the server, and it's game over. The fact that it's stored encrypted at rest and requires your password to be applied to decrypt it (on the server) would only have value if you knew in advance that you were being monitored and immediately took steps to make sure you never logged in again. Ever. In which case you don't have access to your email any more, either the old stuff or any new incoming emails (though the law enforcement people would get new emails, because they'd compel a copy be taken before being encrypted)
It's a cool idea from a cryptonerd perspective, but it's useless as security against any actual real-world threat.
(speaking of which "l33t haX0r breaks into provider computers and tries to read your email" suffers from exactly the same issue, sure they can only access your email while you're logged in and your vault is decrypted, but like I said - that's going to at least once per day, so they don't have to wait long. You're only safer if your provider notices them before you next log in and shuts them down)