Mega plans to offer encrypted email service
Posted on 12 August 2013.
With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service. has a few suggestions on which to consider trying out and which to definitely don't, whether it's a service or a piece of software.

Mega CEO Vikram Kumar has also announced that they are working on a new secure email service that will run on server networks that will be legally inaccessible to US authorities.

Whether that means New Zealand or another country like Iceland is still to be decided, as Mega founder Kim Dotcom is worried about New Zealand government's apparent inclination for laws that would force service providers to cooperate with the authorities by handing over decryption keys or providing a backdoor into their servers.

Kumar says that they are working on the aforementioned email service, but that it could take many months to deliver a product they are satisfied with.

They are working on finding a solution to keep Mega secure even if SSL/TLS is compromised, and are experimenting with new and still theoretical technologies such as Bloom filters.

"The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side," he shared with ZDNet's Rob O’Neill.

"If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That's] not quite impossible, but very, very hard. That's why even Silent Circle didn't go there."

Mega, which is currently just a file hosting service, opted for client-side encryption so that they don't know what type of content is uploaded, they don't have or store the encryption keys, and consequently can't hand them over to anyone.

Vikram says that "Mega will never launch anything that undermines its end-to-end encryption core security proposition". While he seems optimistic about their plans, only time will tell whether they will succeed in creating a secure and usable encrypted email service.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th