Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

gregmac19

macrumors regular
Original poster
Jul 28, 2016
242
164
On another thread (Apple Promotes iCloud's Advanced End-to-End Encryption Feature as Data Breaches Increase) someone pointed out to me the following (Ref: Post #48):

"Cameron Jay Ortis testified in Ontario Superior Court that a foreign ally told him of a plan to encourage targets to begin using Tutanota, an online encryption service that he called a "storefront" operation created by intelligence agents to snoop on adversaries.

Ortis said he began enticing investigative targets through promises of secret information, with the actual aim of getting them to communicate with him via Tutanota."

Thus, I wondering how I can be certain if a secure email service is actually secure.
 
How can you be certain any secure service is actually secure? Why pick on email services?
 
  • Like
Reactions: kitKAC
How can you be certain any secure service is actually secure? Why pick on email services?
I am mainly concerned about email services because I can easily keep other personal information off servers I don’t control. For example, all my backups are done locally instead of using cloud storage. (Of course, I always keep at least one of my backup drives off site.) Additionally, I use a password manager where my vault is stored on my computer, and I sync via local WiFi. However, with email I am stuck trusting others, which in my case is Tuta.
 
I wondering how I can be certain if a secure email service is actually secure.
Risking being snarky here but… there really is no way to be certain unless you install, set up, and run your own email server, which you can most certainly do. Otherwise, you’ll have to rely on reviews of email services from reputable sources.
 
  • Like
Reactions: Brian33 and chown33
Risking being snarky here but… there really is no way to be certain unless you install, set up, and run your own email server, which you can most certainly do. Otherwise, you’ll have to rely on reviews of email services from reputable sources.
Not only that, but you'd have to write all the software yourself. And that would only be trustworthy if you were an expert in security & cryptography. Here's a recent example of a public failure on that front:

You'd also have to write your own compilers and other development tools, because "Reflections on Trusting Trust" is a thing.

Then you'd have to make sure that anyone you hire can't possibly be convinced into undertaking an insider attack. Every organization on the planet can have someone in it who can undermine security, even well-known organizations with lots of security experience:

If this seems like it's heading down a rabbit-hole of twisty passages all different, it is. Welcome to the world of security development.
 
I'm familiar with the referenced Tutanota story; it does not discredit the security of Tutanota. Any service could've been used in this case—Gmail, Proton, etc. I encourage you to read through Tutanota's blog post regarding this story.

I wondering how I can be certain if a secure email service is actually secure.
Email is inherently in insecure communication standard. Services like Tuta or Proton try their best to improve upon email by implementing end-to-end encryption where possible, but there are still inherit flaws. PrivacyGuides.org has a good article on the security of email, or perhaps lack there of.

That said, I don't think it's too difficult to trust the claims of secure email providers like Proton or Tuta. They're both open-source, which, alone is not a strong point of trust, but they are also regularly audited.

More importantly, they've stood the test of time. A 2021 story stirred similar conversation when Proton logged the IP address of a French activist as ordered by Swiss authorities. While many criticized Proton for this, I believe it showed the limited data Proton had access to on their users. A fair criticism was that Proton did not make it clear enough that they could log this if ultimately required to by authorities.

As for iCloud Mail, Advanced Data Protection does not extend to it, per the iCloud data security overview. Email end-to-end encryption is hard and likely not worthwhile for Apple to undertake.

If security and privacy is one's utmost priority, email simply isn't the way to go. Instant messengers like Signal offer multitudes greater protection. You have to ultimately trust an email provider's servers to encrypt your emails immediately and to immediately discard any non-encrypted copies. With Signal, for example, it's trustless; a compromised server would not compromise end-to-end encryption.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.