Threat Model

My Great Social Media Purge of 2019 (Part 1)

by

In recent months i have been thinking (again) about my digital data in relation to my privacy. I have been thinking about what my objective is regarding keeping my digital data safe. From who, and why? This is topical because more and more details have been coming out about Facebook and other social media’s use and collection of data.

I have been pondering what my own personal next actions on my social media exposure was. Then I watched the Netflix Documentary The Great Hack. That movie reinforced to me that I am not able to justify keeping my some social media accounts. And the way I use others needs to change. First thing in my mind was do I keep or cancel Facebook. Even after scrubbing data off the account regularly there are just some things you cannot get rid of. I have been diligent not to post almost anything that is not already public. I just haven’t been 100% great at it all the time. The question that kept bothering me is what will I / can I do about it. That brought me to question what I was worried about? From there I started asking myself what my threat model.

I had to think for a while to figure out what is my threat model for data collected by social media companies. At first I just feel it is a bit creepy that any one company can have that much information on me. That is not a threat model. It just got me to further realise in this day and age there will be data about my life leaked to companies. What I do not want is one or a few companies having a huge collection of my life. That morphed my objective to see how can i minimise my data leakage so to speak. At the same time still getting value out of some of the services i use. That for me is the key. What am I really getting value out of? That is subjective to everyone. For me it came down to what is my social media use case? If I am going to keep hugging Twitter, Facebook, and even LinkedIn I should be clear to myself what my use case is of each of those services. Only then can I weigh the risks of what each platform collects on me. After that I can decide what I want to do about it. I use each platform and others for different reasons so each one has its own use case.

I got analyitcial and wrote up my own assesment of my use for each. As I wrote them out I realized this is more than one post. I will publish each as a post with their own summary of what i am going to do with the service. At present there are about 6 parts (this is part 1). First up on my list is Twitter.

This post is titled My Great Social Media Purge of 2019 (Part 1). I wrote it in the Fall of 2019. It is still very relevant however I only now am getting around to posting it.

Update on Encrypting Email, It’s Not Just For Criminals

by

In late April I wrote about my secure email plans as well as my waffling in a final decision for how I want to set up my system. Since then I’ve been lucky enough to be invited into the beta for ProtonMail‘s IMAP Bridge. One of the challenges I had in April was neither secured provider ProtonMail or Tutanota had a way for me to export mail once it was in their system. That was a huge drawback for me. I knew about the protonmail beta however at the time of writing that post I was not invited into it.

I’ve since started taking part in the beta and I’m very pleased with the outcome so far. I’m able to use the Apple mail app on my MacBook to connect to the service. Since the bridge can ask via standard IMAP I’m then able to use Devonthink to import my mail into a database for archiving. I was able to do that with my regular accounts before however this is new for protonmail since in the past I was only able to access it via the web.

The beta changes my opinion of the service now that my mail is not locked into it. I had high hopes for the beta when I heard about it and my experience to date confirmed my expectations.

The next big challenge I had was what email address to use. With the male archiving problem solve force myself to make a decision. I’ve opted to go with a new domain name. I will route my personal address from the old domain name to the new one. In my signature I will offer both addresses as reply to options. That is because the from address can only be new mail domain that I’ve set up. Proton mail does not allow me to create a fake alias phone address not hosted on their system. Perspective restriction however it was a minor inconvenience for me.

With all these changes set up I have been using proton mail for a few weeks now. I’m still sending a copy of my personal mail to my old mail server. In about a month if everything goes according to plan I will remove the redirect back to my hosting service provider’s email system and solely use proton mail for my personal email.

After that my next decision is do I move my nonpersonal email to proton mail as well. Not having the alias option is more of a challenge with that type of mail. That is because I have unique email dresses for many sites I use. If I need to email someone many times has to originate from the address where the account is registered to. For now I will stick to personal mail only and assess the situation in the future.

Overall very pleased my new set up. It’s not perfect however nothing usually is. It turned out to be very functional and the trade-offs are now well worth it.

Encrypting Email, It’s Not Just For Criminals

by

In March I blogged about my “almost disposable email“. I still have improvements to make  when dealing with external sites and services.  Overall that model works pretty well.

When thinking about my personal email, my dilemma changes a bit. Unlike most people who use the Internet send and receive email for personal use I have changed my address multiple times over the years. Friends and family of mine have commented about the fact that I change probably too often. In reality it’s only once every 3 or 4  years. That apparently is to much for most people. Of course some the people commenting may still be using AOL addresses from the 90s.

In 2014 I blogged about My sudden allergic reaction to all things Google.  In that post I wrote about migrating from Google hosted mail to a hosting provider in Switzerland. The Swiss-based provider I selected offers much greater privacy protection vs a US-based company. For what I was looking for the price difference was nominal. By moving to a Swiss-based provider wasn’t a magic bullet. All my data on my website and email stored on their servers is still not encrypted at rest.  In other words I am still exposed just less likely to get snooped on by a government.  Even that statement has caveat. Let’s say I am better off than before.  I still have much to do.

With my mail being hosted in Switzerland I have relatively good level of privacy protection. That means if someone wants to get a hold of my mail they would need some sort of court order.  The fact that there is a request should be disclosed to me. That is unlike US hosting providers that would not need to inform me if they were asked to spy on me. To go a step further and make it impossible for anyone to get my email on the mail server I would need to   encrypted my email at rest with the hosting provider having no knowledge of the encryption keys. The reality is this is important however not my threat model. I’m more concerned about personal details being intercepted via an unsecured network.

To address both of these problems I have been investigating two different secure email providers. Protonmail & Tutanota. Both in theory provide the same service. They allow you to encrypt email and send it. They also encrypt email at rest on their systems and have no knowledge of how to decrypt. Email sent between two people on let’s say proton mail has the email encrypted completely. If however I am on protonmail and I send an email to someone not using that system messages secure however there is a caveat. What really happens is an email is sent to the recipient telling them that there is a secured message waiting for them and it provides a link to that message. I can send along a password hint if I want as well. The recipient can then click on the link and read and respond to the email. It secure however not super user-friendly to what most people are use to. I experienced similar systems when I briefly worked at a health benefits organization that had to comply with HIPPA rules in the US.

My threat model concerns sending and receiving of secured information via email.  I do realize that the use case is not required for most emails i send. In most cases what I’m sending can go “in the clear”. Having the ability to encrypt as needed is the big value to me.

Having stored mail encrypted at rest with the provider having no knowledge of the decrypt keys also makes me feel more comfortable when I am not hosting the data. ProtonMail & Tutanota both offer this fundamental security feature.  The challenge with both providers that neither currently have a way to import or export email. I am a person who has most if not all of my mail going back to 1996. For years I was proud to have that stash of mail.  I also have gone back to really old messages for information.  In today’s world however having that much personal data sitting on a typical mail server is too big of a potential risk and a major liability.  

I no longer keep that archive of mail on a live mail server.  Instead it is encrypted on a personal computer in a database.  At least I still have it. To use ProtonMail or Tutanota would mean I would no longer have correspondence that goes into the system. That limitation is given me a little bit of pause. Since I started playing around with the system late last year proton mail has announced they will be launching a secured IMAP option. I am assuming that will enable me to offload mail from their system. That would make their solution much more viable for me.

As I continue to play around with both systems I have been favoring ProtonMail over Tutanota. I’ve not yet jumped into using one for my personal mail however I am leaning towards protonmail. One of the hesitations I have is that protonmail is not cheap.  It costs about half of a full hosting package I have per year. Tutanota is as cheap as one dollar a month per user. Protonmail is around five dollars per month for what I initially need it for. Protonmail also does not allow me to move my entire family using a specific email domain onto an account unless I use a much more expensive account than the five dollars per month plan. Tutanota will let me set up multiple family mailboxes for one dollar per mailbox per month. That makes Tutanota an option if I wanted to continue using the same email domain I currently use for my personal email.

The solution to this issue is for me to switch domain names i use.  I have a few other ones I own i can start to use however that brings me back to how I started off this post.  I don’t want to change my address, however it is a price i am willing to pay if other factors are positive.

I could make my life easy and just use Tutanota and move my family over to it also. The challenge is I like protonmail much better. The UI is nicer on both the web and iOS app. The iOS app loads faster. It has a few more nifty features versus Tutanota such as tagging. Overall I just get a better feeling about it.

Knowing myself what I likely will end up doing is change my personal email so I can use a different domain name that I have that isn’t being used for anything else and point that the proton mail. I would then leave my existing mail domain where it is and allow my other family members to continue using it.

For now I’m still waffling a bit on what to do. If your friend or family member of mine and you are reading this, you know why in a few months you might get a notice that I changed my mail address yet again.  Of course if you read this far kudos to you.

Securing Email Isn’t Only For Spies, Dissidents, & Journalists, Right?

by

Over the past year and a half I have been taking lots of steps to secure my digital life. I’ve written a lot about the different aspects of that. My migration from Google mail and other services to more secured options.

One thing I’ve known has been a concern that I’ve not yet addressed the quantity of data online. For example even though I moved my mail to a Swiss based provider I still had my entire email archive available. I have mail going back as far as 1997 I believe. I have been wanting to take that archive off-line and out my email provider’s servers. Over the years I’ve had the packrat mentality where I want to keep all of my messages. Recently I’ve grown to not want many of the messages I received. I’ve been deleting stuff that are unnecessary however there are still things that I get a do want to keep. In general I would like to keep the archive, especially my personal correspondence.

The challenge that I have is that I’m growing less trustworthy of any service provider. Even though my email hosting company is in Switzerland they take no extraordinary security precaution so the system is just as susceptible to hacking as most. That means my mail at rest is in the clear, unencrypted. But I want to do is take my mail and store it off-line so I have more control over it. I currently plan on keeping it in a local archive on my Mac at home. I will also have it backed up on my bit torrent sync network.

The first step in this process was for me to copy all of my mail to a local application. For my purposes I found the built-in Mac mail application to work the best. Once I had a downloaded copy of all the mail I was able to export it to an mBox formatted archive. At the same time I took the opportunity to recategorized how I organized my mail. In the past when I was using Google I had been using tags extensively. When I exported out of Google I went back to a folder structure where each high-level tag was its own folder where I put received mail. When I exported the mail to a local folder I put all sent mail in one folder and all received mail and another. Using mail tags I was able to continue to tag and make smart queries of the male if I ever needed to get a hold of the categories that I used in the past.

Once I had the off-line mBox files I put them in an archive on my BitTorrent Sync network. I kept the live copy in my Mac mail on my computer in case I need to search for and email in the archive. Over the past few weeks after I’ve done this I’m surprised how often I do go back and reference old emails for things like key codes or when did I buy something. After I was satisfied that the mail was backed up I deleted it from my hosting provider.I did leave this calendar year’s mail on my hosting provider. I figured that was a good round number to keep online. I can annually do an archive. Having to be at home or to remote into my home computer to perform mail queries has become a slight inconvenience however it hasn’t been the end of the world.

In addition to moving my entire mail archive off-line I want go further and start using a secured email provider like proton mail that takes extraordinary steps to encrypt the data at rest.I do not need that level of security for all my mail however does come in handy for some of it. There’s been several messages I’ve been hesitant to send or had no choice but to send that contain sensitive information such as bank information or Social Security numbers in the past that I would prefer not to use via email. And of course that’s not my paranoia security experts say never do that. Having a secured provider that encrypts the mail at rest and also has mechanism for sending secured mail to others could be useful. Really what he secure mail is doing is it sending email to the recipient with a link back to the website that secured that contains the actual message. I need to provide a password hint in the body of the mail I send. It’s not perfect however in most cases it will solve the problem of sending outbound secured man.

One of the challenges in a system such as proton mail is that at present there is no mechanism to import or export mail. That means anything I receive is locked into that system. On day one that’s not a problem however I like to have data portability. Protonmail says they are working on that function however who knows when or if it will ever come to pass. I may still use them for some correspondence only and in essence had two private email addresses one for security and one for unsecured messages. That way I can route one I want secured to the encrypted system.

I’ve also been looking at Tutanota as an alternative to proton mail. It appears to have the same import and export limitations however otherwise seems like a very similar and comparable option. Both systems offer a free tier.I signed up for both services to play around with them. I’ve since signed up for a month-to-month service with both of them and them in the process of pointing in unused email domain to Mutant, while I’ve already completed setting up proton mail. Protonmail so far seems like a slightly better option in terms of usability however it is significantly more money per month than Tutanota. The only reason I signed up for the paid version of Tutanota after I signed up for Protonmail was because it was less than two dollars a month.I hope to give both services try for a month or two before settling on one or the other.

For now the combination of moving my mail off-line and having a encrypted provider as needed suits my needs. These changes are all still pretty new so I will see how things pan out over the next month or two before I decide to make any tweaks or to let the situation be as is for the time being.