Byung Kyu Park's Personal Website

I just got this email from Facebook (revealing personal details redacted):

From: Facebook <upda...@facebookmail.com>
Reply-to: Facebook <upda...@facebookmail.com>
To: XXXXXXXXXXXX Park <xxxx...@berkeley.edu>
Subject: YYYYYYYYYY Park is waiting to share with you on Facebook
Date: Thu, 15 Jul 2010 20:32:53 -0700

=======================================
To see what YYYYYYYYYY is up to and start sharing, go to Facebook:
<link deleted>
=======================================

Hi XXXXXXXXXXXX,

Just a reminder that YYYYYYYYYY Park has confirmed your friend
request and you're now friends on Facebook.

YYYYYYYYYY Park:
<link deleted>

Thanks,
The Facebook Team

To see what YYYYYYYYYY is up to and start sharing, go to Facebook:
<link deleted>

=======================================
This message was intended for xxxx...@berkeley.edu. If you do not wish
to receive this type of email from Facebook in the future, please
click on the link below to unsubscribe.
<link deleted>
Facebook, Inc. P.O. Box 10005, Palo Alto, CA 94303

Well. If I didn’t happen to own both accounts, I might have thought “YYYYYYYYYY Park” was actually doing something to attract my attention. Then the scary (and creepy) thought is, how many emails has Facebook sent “on my behalf”?

I hated this when third party apps were doing this (oh, was that 3 years or 4 years now), and I can’t say I love it now.

For regular visitors of my blog from UCB, here’s an early holiday Christmas present to you: Calmail leaks IP addresses! Here’s a quick demonstration (I’ve seen similar headers on emails from friends and colleagues, but I didn’t want to expose their info; I’ve redacted some info here as I didn’t want to expose my … secret email server scheme, or my real username for Calmail):

Return-path: xxxx...@visitor3.berkeley.edu
Envelope-to: bkp...@xxxxxx.xxx
Delivery-date: Sun, 29 Nov 2009 01:32:12 -0800
Received: from visitor3.berkeley.edu ([128.32.124.159])
        by helen.byungkyupark.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
        (Exim 4.69)
        (envelope-from <xxxx...@visitor3.berkeley.edu>)
        id 1NEg8a-0000jX-J7
        for bkp...@xxxxxx.xxx; Sun, 29 Nov 2009 01:32:12 -0800
Received: from xxxxxxx by visitor3.Berkeley.EDU with local (Exim 4.69)
        (envelope-from <xxxx...@visitor3.berkeley.edu>)
        id 1NEg8a-0001rk-4v
        for bkp...@xxxxxx.xxx; Sun, 29 Nov 2009 01:32:12 -0800
Received: from smtp-out1.berkeley.edu ([128.32.61.106])
        by visitor3.Berkeley.EDU with esmtp (Exim 4.69)
        (envelope-from <xxxx...@berkeley.edu>)
        id 1NEg8a-0001rW-2q
        for bkp...@byungkyupark.com; Sun, 29 Nov 2009 01:32:12 -0800
Received: from arsenic.calmail ([192.168.1.2] helo=calmail.berkeley.edu)
        by fe2.calmail with esmtpsa (TLSv1:AES256-SHA:256)
        (Exim 4.69)
        (auth plain:xxxx...@berkeley.edu)
        (envelope-from <xxxx...@berkeley.edu>)
        id 1NEg8T-0000qs-8R
        for bkp...@byungkyupark.com; Sun, 29 Nov 2009 01:32:06 -0800
MIME-Version: 1.0
Received: from visitor3.Berkeley.EDU [128.32.124.159]
        with HTTP/1.1 (POST); Sun, 29 Nov 2009 01:32:05 -0800
Date: Sun, 29 Nov 2009 01:32:05 -0800
From: "Byung Kyu Park, BA" <xxxx...@berkeley.edu>
To: bkp...@byungkyupark.com
Subject: This will demonstrate how Calmail leaks IP addresses
Message-ID: <7272...@berkeley.edu>
X-Sender: xxxx...@berkeley.edu
User-Agent: RoundCube Webmail/0.3-RC1.UCB3
Content-Type: multipart/alternative;
        boundary="=_ad4b95d1d25a334cada12ae4c3335783"

Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

And this email was composed on the RoundCube webmail client.

Andrew

You will see that the detailed email header (which most email clients hide, but there is always an option to show full headers) reveals the IP from which I was accessing Calmail’s webmail interface (no, I’m not in the lab right now; but I am proxying through one of my servers, because I consider my current IP address a confidential, personal, private information). Similar headers show if you use SMTP protocol or if you use the other webmail.

I am not entirely sure if this is a feature or bug—embedding IP information in headers will help with legitimate activities of law enforcement authorities, as well as illegitimate (is there any other kind?) squelching of dissenting voices—so I haven’t reported it to abu...@berkeley.edu or, I don’t know, h...@berkeley.edu? secu...@berkeley.edu?

In any case, now that you know, now you can avoid using Calmail—if you value your privacy.

Ironically, GMail may be one of the most secure email system to use, as far as privacy goes, because headers from GMail is fairly clean from any private information. Or, I guess if you are like me, you run a computer server at work, on which you run a bunch of things like websites and email servers so whose IP address isn’t exactly a state secret. You can proxy everything through that server (like I did here) or run your mail clients and what-not on that server.

No matter what you do, just remember: when you send an email through Calmail, you announce to your recipient what your IP address is at that moment. Don’t send that email if you are not comfortable with that.

Cory Doctorow writes for Guardian,

More specifically, what about the secrets that protect our data? Like an increasing number of people who care about the security and integrity of their data, I have encrypted all my hard-drives – the ones in my laptops and the backup drives, using 128-bit AES – the Advanced Encryption Standard. Without the passphrase that unlocks my key, the data on those drives is unrecoverable, barring major, seismic advances in quantum computing, or a fundamental revolution in computing.

After considering a few options that most people who think about this particular problem would, including an option I might have considered adequate, a safebox containing the passphrase (or an unencrypted private key which can be used to similar effect), and rejecting them, he concludes,

Finally, I hit on a simple solution: I’d split the passphrase in two, and give half of it to my wife, and the other half to my parents’ lawyer in Toronto. The lawyer is out of reach of a British court order, and my wife’s half of the passphrase is useless without the lawyer’s half (and she’s out of reach of a Canadian court order).

Obviously this makes the attack on the passphrase slightly easier: if it was originally 10-characters long, then now the attacker needs to consider only 5-character passphrase, once he gets the control of one. But it’s probably easy enough to make your passphrase long enough to minimize this problem, i.e. make your passphrases 40-chars long instead of the recommended 20-chars (for my full hard drive encryption, I use a 26-char password and it’s probably not too difficult for me to memorize one that’s twice as long).

And if you don’t mind a little bit of technical complexity, you can split the key mathematically rather than as a string: i.e. for each character, take its ASCII code, and split it, randomly, into two numbers (running both positively and negatively, say from -255 to 255; it wouldn’t be possible to split them into another sets of printable ASCII codes, as lowest 32 numbers aren’t printable, so may as well just turn each character into numbers) so that when they are added together, you get the correct character back, and store information about these two sets of numbers separately—and either of these two sets by itself is literally nothing but a random set of numbers, betraying no information about the actual passphrase.

Overall, I think this is a good scheme, except, well, it only works for people with connections in two countries (and if the liberals have their way, we will have the One World Government pretty soon, so splitting jurisdiction may not be an option soon).

It seems like, at least in any scenarios I can think of, if you want to share a secret with someone else and wants to keep it secret (between the two of you), then the only way to do it is under some subterfuge—either regarding the fact that you have a secret, or that the other person shares it (so that you can prevent the person from getting subpoenaed).