Who is reading your email?

Email has no privacy assurance whatsoever

Email is short for “electronic mail”. The implication is that this is a direct metaphorical equivalent for the familiar paper process, but it just ain’t so. One of the points of departure from user expectation is the concept of a sealed envelope.

When you put a paper letter in a paper envelope and seal it, there is an expectation of privacy because someone has to physically break the seal which is difficult to do without obviously damaging the envelope. Email, by contrast has no secure envelope. It is transferred over the Internet using plain text over TCP port 25.

The implication is that anyone can read your mail without you realizing it. Most people think the only point of concern is that an attacker capturing packets at a public WiFi hotspot will snoop your mail. The most obvious countermeasure is using SSL with webmail. This is a good countermeasure as far as it goes but it only encrypts the communication between you and your post office. However the transport of your message between post offices is still going to be in plain text and will likely pass through several routers on the Internet en route.

So what? Who can tap traffic on those routers? Perhaps some uber-hacker is siphoning of traffic for analysis but man that seems like a huge amount of data to sift through and not likely worth doing, right?

Unfortunately Deep Packet Inspection is now ubiquitous. ISPs and governments, including the USA, have widely deployed hardware to capture and mine data out of unencrypted data packets passing through the Internet. Effectively that means it is safe to assume that all of your email (and other traffic) is being captured and analyzed by one or more automated systems trying to determine if it matches patterns of “bad behavior”. Deep Packet Inspection, by the way, is the mechanism that ISPs use to provide “tiered service” and detect copyright violations.

Maybe you think this sounds OK because you aren’t doing anything wrong, but consider whether you trust all of the people who have access to this data to do no evil, trust these people and algorithms to never make mistakes and trust that they never lose control of your private data.

A Modest Proposal

RFC 2478 describes a cryptographic mechanism similar to SSL for web sites that places a strong cryptographic layer over the transfer of email via SMTP. This transport layer security is widely supported by mail servers today and is the mechanism by which SMTP client programs like Microsoft Outlook, Mozilla Thunderbird and Apple Mail are able to communicate securely with an SMTP gateway. Many mail providers, like Gmail, already require (or at least offer) SMTP over TLS connections for clients sending mail.

RFC 2478 was published more than ten years ago. Most, if not all, contemporary SMTP gateways are capable of supporting secure SMTP over TLS. If all mail servers simply transferred all messages between each other with TLS encryption then nobody could read the messages except the administrators of the destination and source post offices and the intended recipients. This could be phased in over a reasonable period of time.

  • SMTP in the clear becomes deprecated.
  • During the deprecation period servers are configured to attempt to communicate with TLS by default.
  • After some time, administrators can configure warnings in the headers and to-line like “[UNSECURED]”. This is an important user-education step.
  • SMTP in the clear becomes a banned protocol and servers are forbidden from supporting it. (Testing and troubleshooting SMTP can still be done via classical telnet by using OpenSSL as a wrapper.)
  • Servers will refuse connections from servers that do not offer TLS which will cause the message to bounce to the sender with a statement that their mail server is not secure.

Securing all SMTP traffic in a TLS envelope would go a long way toward restoring some reality to the baseline assumption that nobody is reading email in transit. The technology has been standardized since 1999. Why do we not have secure server-to-server mail transfer ten years later?


Make your own Apple Boot Camp “3.1” update

Apple loves to tout compatibility with Windows.

Have a Windows application you need to use once in a while? No problem. Every new Mac lets you install Windows XP and Vista and run them at native speeds, using a built-in utility called Boot Camp.

There is something to this and the Apple hardware is awesome but Apple is a bit heel-dragging and sloppy about the way they release drivers for Boot Camp. For example, Windows 7 was finished July 22, 2009 but as of December 15, 2009 it is still officially unsupported by Apple. Windows 7 uses the same driver model as Vista, so that policy from Apple is just recalcitrant and disingenuous. Apple really does provide all the drivers you need to get Windows 7 x86 or x64 to run natively on Mac hardware.

On the other hand, some of the drivers in Boot Camp 3.0 are really flaky. For the latest Macbook Pros that use Cirrus Logic audio controllers, the volume is messed up so the internal speakers are un-hearable and the built-in microphone doesn’t work at all with some applications—notably Skype.

Apple actually does have updated drivers available. They are packaged as Boot Camp Drivers Update 2.2.

Setup is simple and straightforward — just as you’d expect with a Mac.


Except that if you are running Boot Camp 3.0, you are screwed and the setup is very not straightforward and there is no one-click installer from Apple. It is doable, though, and worthwhile.

This update addresses issues with the Apple trackpad and turns off the red digital audio port LED on laptop computers when it is not being used. It also includes support for the Apple Magic mouse and wireless keyboard. It is intended only for use with Microsoft Windows XP and Microsoft Windows Vista running on a Mac computer using Boot Camp.

If, like me, you are running Boot Camp 3.0 with Windows 7 on your MacBook Pro and you want these updates here’s what you have to do.

  • If you don’t already have it, install 7-zip.
  • Download the Boot Camp Drivers Update 2.2 for Windows from http://support.apple.com/kb/DL967
  • After you have BootCamp_Update_2.2.exe, right-click on it and select 7-zip | Extract to “BootCamp_Update_2.2\”.
  • Now you have a directory of files that includes BootCampUpdate32.msp and BootCampUpdate64.msp. The 64 version will work with Windows Vista or 7 x64.
  • Right-click on the appropriate msp file and extract it with 7-zip.
  • Now you have a directory full of weird file and folder names. One of the folders should be named “BootCamp24ToBootCamp223”. Inside there are some files that are named with the pattern Binary.*_Bin:

Binary.Cirrus_Audio_Bin –> Fixes audio levels and microphone
Binary.Keyboard_Bin –> Same version that shipped with Boot Camp 3.0
Binary.MultiTouchMouse_Bin –> Magic Mouse driver
Binary.MultiTP_Bin –>  Fixes accidental select while dragging
Binary.TrackPad_Bin –> I don’t have the older touchpad so I don’t know

    • Each of these files is an archive that you can extract with 7-zip. Once you extract them, you can install the drivers by running DPInst.exe or by pointing the Device Manager at the extracted drivers in the usual way.

Happy updating.

Now that that’s out of the way, can someone explain to me why this had to be so hard?

Why bundle these updates with a smug “Setup is simple and straightforward — just as you’d expect with a Mac” tagline but make sure that the customers who bought the latest hardware and latest OS X cannot install them? It makes no sense.

Why did Boot Camp 3.0 ask me to configure automatic driver updates from Apple but Apple doesn’t actually publish any driver updates though that channel? It makes no sense.

Facebook is utterly untrustworthy

Here are a few things to consider before putting any of your data into Facebook:

  1. Under the aegis of “we’re making some changes to give you more control,” Facebook is taking advantage of standard user click-though terms of service behavior to make your profile data public. (via Jason Calicanis)
  2. Whenever you take a Facebook quiz or use a Facebook plugin game, everything in your profile is available to the publisher of the quiz or game. Further, everything in the private profiles of all your friends is available to the widget publisher as well. The data collected by the publisher can be sold, resold or released in any way the publisher of the quiz or widget chooses. (via ACLU)
  3. The privacy controls in Facebook are deceptive and there is no way to opt out of sharing private data with Facebook apps. (via Electronic Frontier Foundation) Also, there is no screening process required for app developers. Anyone with a Facebook account can be an app developer.

Why would Facebook leak its users private data in this way? Well, they may be incompetent but it is not a compelling argument since they have built the worlds largest social network. The other possibility is that they want to convert the data in their systems into money. The leaking of private profile data to app publishers makes Facebook a wonderful platform for targeted marketing. It is particularly insidious because your data can be leaked even if you yourself are very careful but any of your friends uses any Facebook app.

Similarly, Jason Calicanis points out that the more data that is public on Facebook, the more it can be indexed by Google, Bing and Yahoo! to drive search traffic to Facebook. That traffic is monetized by selling ads.

Facebook shows an astonishing disregard for the privacy of its users. It appears to believe that its membership is too stupid to notice or care about the way that it is abusing their private data. It is amazing because the original value proposition of Facebook over MySpace was that Facebook had privacy controls. Clearly Facebook is not concerned with keeping its users data private. They are concerned with monetizing Facebook in advance of their IPO.

Perhaps it is time to send Facebook a message and delete your account.

Of course, you still have to trust Facebook to actually delete your data and they are utterly untrustworthy.

Installing Google Chrome Machine-Wide

Perhaps the most brilliant and subversive feature of the Google Chrome browser is its distribution model. It has a one-click installer that will work for a limited rights user account. The way Google pulls this off is that they install Chrome into the %LOCALAPPDATA% directory for the current user rather than the secured %ProgramFiles% or %ProgramFiles(x86)% directory. What this means is that many corporate people that cannot run the Firefox installer or get Firefox to work without serious rigmarole can install Google Chrome easily. I have seen this take off in corporate offices by word of mouth.

What I want to do is run the release version of Google Chrome in Windows Virtual PC on Windows 7 and use the application publishing feature while I run the beta channel Google Chrome on my host Windows 7 machine. The problem is that in order for the virtual application publishing to work properly Google Chrome needs to be installed for all users.

I could do this by installing Chrome and then manually moving things around, edit the registry and create an All Users shortcut. Or I just discovered the Google tool to install Chrome for an entire machine.

If you use the Google Pack, you can install  Chrome Pack machine-wide. Get the pack from http://pack.google.com.


Go, fight, win!

Office 2010 Beta causes Visual Studio 2008 ping-of-death

After installing Office 2010 Beta, I discovered that the ASPX editor in Visual Studio 2008 will hang. It doesn’t hang instantly but it does hang before you can get much done, usually after doing a copy/paste operation. Once the hang happens, clicking anywhere the Visual Studio window causes a “ping” sound and the window is frozen.

I had this issue despite completely uninstalling all Office 2007 products before installing Office 2010 Professional Plus Beta (as well as Visio 2010 and Project 2010).

Visual Studio 2008 uses a component that is shared with Office SharePoint Designer 2007 (formerly known as FrontPage) and Expression Web 2 for authoring web pages. The Office 2010 Beta installation appears to corrupt this component or replace it with one that is not backwards compatible with Visual Studio 2008.

Fortunately this issue is easy to fix. This component shows up in “Programs and Settings” as “Microsoft Visual Studio Web Authoring Component”.


Righ-click and choose “Change” from the context menu. Choose the “Repair” option in the dialog that pops up.


This only takes a minute or so and should resolve the issue.

via Martin Hinselwood.

%d bloggers like this: