Preserve tuned for one more post the next day.
“Security” is a observe that will get bandied spherical plenty in the IT world, frequently with shrimp right thought or substance at the abet of its employ. The phrase “we take your privacy and security severely” is the preamble to many a mea culpa from companies who, frankly, didn’t.
FastMail has repeatedly been an engineering-focused company, from the head down. As such there is a solid custom of no-bullshit, and an intense dislike of security theatre.
Our skill to security is to proactively make and adopt any measures which meaningfully enhance the confidentiality, availability or integrity of our buyer’s knowledge. We are no longer drawn to implementing issues that sound neutral in advertising and marketing spiel but don’t genuinely aid, or would possibly even actively hurt, our customers’ security. We also strongly contemplate that usability is allotment of security; we want to construct it straightforward to take care of good, onerous to receive imperfect, in repeat to be genuine.
Let’s advise of this mindset, we have been one of many early adopters of opportunistic TLS encryption of SMTP connections when sending and receiving mail. This prevents passive man-in-the-center attacker from snooping to your knowledge, making mass surveillance worthy extra difficult.
This even protects interception of metadata; any person looking at our outbound connections would possibly staunch know FastMail linked to Gmail, as an instance. There’s loads of electronic mail despatched between us by many different customers, so observing this connection wouldn’t leak worthy files. (Curiously here’s the put there is safety in numbers: whereas you happen to and your supposed recipient each and each hosted your possess electronic mail on individual servers, then encrypting the connection doesn’t genuinely conceal who the message is from or to!)
Supporting encrypted SMTP meaningfully improved the confidentiality of our buyer’s knowledge, without impacting our customers’ workflow. And there’s serene extra we can attain in this quandary! Initiatives appreciate MTA-STS will enable us to further provide protection to in opposition to active man-in-the-center attacks on mail birth, and all without impacting usability.
Correct as foremost as what we attain attain is what we don’t. Let’s advise, we don’t attain elephantine message encryption (e.g. PGP) in the browser. In conception it manner you “don’t have to belief us”. On the different hand genuinely, whenever you open your electronic mail it is doubtless you’ll per chance be trusting the code introduced to your browser. If the server have been compromised, it would possibly without problems be made to return code that intercepted and despatched abet your password subsequent time you logged in; it would possibly even staunch attain this for allege customers. It is now not doubtless that a user would peek.
We as a consequence of this truth don’t contemplate this supplies a meaningful amplify in security, and would possibly even be actively sinful in loads of systems. It reduces availability, as a consequence of whereas you happen to neglect your password we won’t present aid to get better receive entry to to your possess mail. It makes phishing (by a long way the obliging explanation for compromised accounts) worthy extra difficult to filter.
It would possibly additionally be severely unhealthy when customers misunderstand the safety traits. Let’s advise, whereas you happen to have been a journalist working undercover in obvious nations, it is doubtless you’ll per chance justifiably require genuine, nameless communication. “Encrypted electronic mail” sounds appreciate staunch the ingredient it is doubtless you’ll per chance like. Nonetheless if your mail host doesn’t proxy pictures to conceal your IP, any person would possibly merely send you a message which when opened made your machine join straight away to their servers. This unearths your IP take care of, which is ready to frequently be traditional to moderately precisely decide your quandary, and sends cookies that would possibly enable them to correlate your electronic mail take care of with visits to different sites on the receive. That’s a worthy bigger threat.
In the end, security is a course of, no longer a checkbox. We are repeatedly looking to search out further measures that can aid genuine our buyer’s peaceful knowledge. Nonetheless we don’t attain stuff staunch to check a advertising and marketing field. It would possibly lose us just a few customers enticed by razzle-dazzle claims, but we feel better about the integrity of our carrier.