Topic: PGP Encryption of messages (Read 1862 times)

This seems extremely unsafe. If the PIA is based in the US, they most certainly are in bed with the NSA.

Theymos having received exclusive access to a VPS says nothing about security really. As long as the hardware is not in his physical possession, he has no control whatsoever.

Here are some interesting reads:

http://www.buzzfeed.com/justinesharrock/what-is-that-box-when-the-nsa-shows-up-at-your-internet-comp
(Not directly related to PIA but worth a read anyway:
http://www.thenation.com/blog/174708/secret-nsa-program-gives-agency-unprecedented-access-private-internet-communications

Long rant from PIA there about how they are serious about privacy, might be true, or might not be true:
https://torrentfreak.com/how-nsa-proof-are-vpn-providers-131023/

In fact, I would actually suspect a VPN company that is in bed with the NSA to act very vocal about not being in bed with NSA. To be honest, I would not be surprised for one second if some of the major VPN operations in reality are funded from the ground up by the NSA.

The britts have a very bad reputation about doing internet surveillance as well.

UK is also a part of five eyes along with the US: http://en.wikipedia.org/wiki/Five_Eyes

PIA is based out of the US, (this sometimes makes brings up the topic of true anonymity with their VPN service and being US-based) not the UK.

Also, I did some digging on PIA sponsoring Bitcointalk and came up with the following:


So I'm not sure if that means theymos is the only one with physical access to the servers hosting Bitcointalk (I'm doubting this though, I suspect they just donated theymos a high-end VPS to run Bitcointalk on) or if it is run through a PIA VPS, and theymos is the only one on this site with the credentials for the VPS.

Also, in the above quote, gweedo mentions that they provide hosting for the website in exchange for having a permanent PIA ad on the website. It must be cost-effective for Private Internet Access to host the site in exchange for running their ads. IIRC, an ad spot sells for ~ 1.5 BTC per month here, which is about $300 USD. I'm fairly confident that hosting wouldn't cost them that much per month, so it's probably a fairly good deal for PIA, as well as Bitcointalk.

Exactly. Personally I think it's unwise to run it on servers they provide. From what I understand they're a
major VPN provider in the UK. I would find it highly suprising if intel orgs do not have some kind of monitoring
access. After all, most VPN users are legit, but some aint, and those are an interesting target for intel orgs.

To add some spice to it, of course both Private Internet Access and any intel org if inquired about it would
deny any knowledge of previous, current or future interception of users communications. I wonder how that
hosting deal came about and what rationale was behind it? Just greed?

After all, the forum would have enough funds for some serious hosting, even on dedicated hardware.

Yes.
We don't.
As long as the PGP key of the person you are signing to has been verified before hand to belong to the recipient (this is most likely done via your web of trust, but there may be other ways as well) then sending an PGP encrypted PM should be the same as sending a PGP encrypted PM as long as you are confident that it is actually being encrypted to that PGP key (e.g. "manually" or via a chrome extension)

But up until the point of public key change, everything is secure.

Whats stopping the admin from letting the user know that he is being tracked? Im sure the law allows it.

1. User A wants to send a pm to user B.
2. Chrome extension in A's browser gets pgp pubkey for user B from the forum.
3. User A encrypts his message with the chrome extension and it is delivered to B's inbox.
4. B's incoming pm is fetched from the forum and decrypted with the chrome extension.

In step 2, the forum could give you another pubkey than B's, you'd encrypt your pm with that pubkey.
Once the forum receives the message from the chrome extension, it decrypts the message,
stores the plaintext, then encrypts the message with B's encryption key and delivers it to
B's inbox. Everyone thinks they're safe.

Think it's not a possibility? If some high profile target were pm'ing on bitcointalk, it's not unthinkable that
forum admin would get contacted by the FBI or other agency and clearly told that unless this "backdoor"
is installed, you will go to jail for n years. Since the forum has already given up certain pm's to authorities, what
will prevent them from doing so again with any method? Will a forum admin really stand up against authorities?

What's up with the forum being "Sponsored by Private Internet Access, a Bitcoin-accepting VPN.".

Is the forum hosted on servers they provide?

How to we know that Private Internet Access is not associated with British or US intel?

AFAIK, it must be assumed that the forum is compromised, and anyone wanting to send sensitive info
should do so over PGP-encrypted e-mail where they have verified the receiver.

1. What about making it so that you cant change your pgp key once its set unless you sign with the private key.

1. In theory, the user could change the public key as well (for example if an account is hacked). It would also defeat the purpose of any kind of PGP web of trust, or any other level of trust for a particular PGP key.

2. It would result in (nearly) the same level of security

1. Sure, the forum could change the public key, but lets hope that they dont do it. I cant really think of a clever way to solve this problem except for manually checking.

2. Yes, except its much less of a hassle.

Correct, however if the information is very sensitive then the attacker would have intercepted the data and there would be nothing that the sender could do about it. They would know however to stop sending additional sensitive information/data to that recipient.
I like this idea (the bolded part). It would be essentially the same as encrypting it themselves

If the forum changed the public key, the actual user cant decrypt the messages.

The Chrome extension could be open source, and if people are paranoid, they can build it for themselves.

I proposed this last year: https://bitcointalksearch.org/topic/pgp-gpg-encryption-of-private-messages-651386

Regarding security and trust in the forum I agree that while we can check the JS code we'd still need to trust the forum won't change it any time. However it would have some clear advantages like:

- Having all the PM encrypted. Several times people don't encrypt it for laziness. If it was automatic of course everyone would do it.
- Hackers wouldn't have access to hacked account's PMs.
- While we'd need to trust the forum owners at least our previous PMs would be safe in case the forum is compromised.
- It would help to create a culture to manage security properly.

Also with so many tech-savvy users here it would be extremely difficult for the forum to change the JS for a long time without someone noticing it.

Additionally critically truly private message could be encrypted off the forum as they are now.

That would be one possibility, however you would still need to trust the forum enough to maintain an accurate list of PGP public keys. You would also need to trust the dev of the Chrome extension enough to not launch similar attacks as described above.

Well, in this case, why not have the public key stored per user, and then have a chrome extension that encrypts the text in the textbox?

If you are going to trust the forum enough to encrypt a PM prior to it being stored in the DB then you might as well be okay with it not encrypting the PM at all. While you could, in theory check to ensure that your messages are actually being encrypted in Javascript prior to being sent to the forum, it would be more difficult to ensure that this fact does not change, nor that the messages are not being encrypted to your PGP key plus some other PGP key (that an attacker has access to).

If you encrypt your messages manually (prior to them ever coming into contact with the forum) then you know for sure which key(s) exactly your message is encrypted to.

Yep. Now if only we could get the attention of theymos...

Well, PGP has you make a private and public key. The public key is given to others, so they can send you an encrypted message. Only you can decrypt it with your private key. So if you uploaded a public key to your account on bitcointalk, any pm anybody sends to your, could then be encrypted with this key, and then the plaintext deleted. However then the sender would not be allowed to keep the message in his outbox unencrypted as that would defeat the purpose of encryption.

Also, if the forum comes under attack, as it already has (ref. recent BFL subpoena), there's no guarantee that there will not be installed any software to circumvent the encryption, pretending for the users that all is fine, while in reality the clear text message is siphoned off behind the scenes.

In short, as long as the message goes to the bitcointalk server in clear-text it must be assumed it is compromised, even though they promise to encrypt it, then delete the clear text message. Of course, it might be possible to do the entire task client-side, without the clear-text message touching bitcointalks server, but that again could be circumvented temporarily or permanently by changing javascript in the forum code.

Handling encryption yourself might be the best idea. So perhaps the very best idea would be to just give your PGP-key to those you wish to communicate securely with. However, there might also be MITM-attacks here.

A gives PGP pubkey to C, however B intercepts the communication and gives C his pubkey.

C encrypts a message to A with A's pubkey, then sends it to A. It is again intercepted by B, B decrypts it with his pubkey, as the pubkey C holds and thinks is A's pubkey in reality is B's pubkey, then B decrypts message from C with his own privkey, then encrypts it with A's pubkey and send it to A. That interception could go both ways, but it could be revealed if great care is taken in exchange of the keys.

To actually know that you have the correct key, you should compare fingerprints.

This could be worth reading:
https://futureboy.us/pgp.html

As for communication with "persons of interest", it's not a wild stretch to imagine that there are active MITM attacks in this area. As for what constitutes "persons of interest", once you start looking at anything online that's outside the ordinary, for example you show an interest in TOR, Tails or anything else that's 'suspicious', you most likely end up on some list of "persons of interest". As for persons of "major interest", as major security researches and the like, it's not unthinkable that MITM-attacks in deed is taking place. For example I'm pretty sure that encrypted messages going to bitcoin devs are "of interest". I have not read about it happening, but for an entity with enough resources, I guess it's already happening. So in this regard, verification is as important as encryption itself.

If you let a forum do all the encryption, a MITM-attack is very easy to set up, and might give the users a false sense of security, as the forum says "it's all good", while in reality they have a gun to their head.

Call me paranoid, but if the target is interesting enough, and it is possible to do surveilance, it will be done.

Taking all of this into consideration, I would say that doing everything locally is the best method.

That is good. Encrypting message in browser before sending is good. We can probably have a field for adding a link to PGP public key and when a person message us, the PGP pub key in our profile is used to encrypt. A custom option to copy-paste PGP public key before sending will also be helpful.

Well, it can also be javascript based, so its encrypted through the browser before being sent.

My point is that it doesnt matter as long as its encrypted before being stored in the database.

I think encrypting locally is better than encrypting messages server-side. I can't see the point sending messages to server to encrypt. My taste maybe different from yours.

Is there not a new highly expensive forum being developed, perhaps the dev for that forum would appreciate your input? I do not have their contact info. Maybe somebody else have.

Does it make a difference? Its much easier if the forum software did it automatically.

It is good idea but isn't it better to encrypt locally?

Hey!

There should be an option where we can include out PGP public keys, and every private message sent to us would be encrypted with the keys.

It would be really great since everything would be secure, and the government cant really access anything.