Mega plans to offer encrypted email service
Posted on 12 August 2013.
With Lavabit's closure and Silent Circle's shutdown of its Silent Mail, the question is where to turn next for a secure email service.


Prims-break.org has a few suggestions on which to consider trying out and which to definitely don't, whether it's a service or a piece of software.

Mega CEO Vikram Kumar has also announced that they are working on a new secure email service that will run on server networks that will be legally inaccessible to US authorities.

Whether that means New Zealand or another country like Iceland is still to be decided, as Mega founder Kim Dotcom is worried about New Zealand government's apparent inclination for laws that would force service providers to cooperate with the authorities by handing over decryption keys or providing a backdoor into their servers.

Kumar says that they are working on the aforementioned email service, but that it could take many months to deliver a product they are satisfied with.

They are working on finding a solution to keep Mega secure even if SSL/TLS is compromised, and are experimenting with new and still theoretical technologies such as Bloom filters.

"The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side," he shared with ZDNet's Rob O’Neill.

"If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That's] not quite impossible, but very, very hard. That's why even Silent Circle didn't go there."

Mega, which is currently just a file hosting service, opted for client-side encryption so that they don't know what type of content is uploaded, they don't have or store the encryption keys, and consequently can't hand them over to anyone.

Vikram says that "Mega will never launch anything that undermines its end-to-end encryption core security proposition". While he seems optimistic about their plans, only time will tell whether they will succeed in creating a secure and usable encrypted email service.









Spotlight

Total cost of average data breach reaches $3.8 million

The average consolidated total cost of a data breach is $3.8 million, according to a Ponemon Institute study of 350 companies spanning 11 countries. The average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $145 to $154.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, May 28th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //