Mr.SUST
New member
this is a cut-and-paste from another board:
Is Safe-Mail.Net Unsafe?
Safe-mail.net is one of several e-mail services that offer to provide secure, encrypted, web-based e-mail service to theuploaded-file-30871 general public. The idea seems to be that people who would not be willing to take the fairly short amount of time to learn to use PGP encryption would be able to secure their e-mail by trusting a third party, in this case the folks at Safe-mail.net.
We reject that idea on several grounds. First, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.
Second, the Safe-mail.net system is “an IP trap.” Our anonymous friend indicates that your IP address is linked to your e-mail account. The user agreement indicates that it is a violation of the user agreement to employ an anonymous proxy or otherwise attempt to mask your true IP address. So, while no identifying information (name, address, phone) is requested when you set up an account, your IP address may be traced to your physical location, or at least to your specific Internet Service Provider, even if dynamic IP addresses are used. Thus, your location and possibly your identity would be exposed. Also, IP addresses are not stripped from e-mails you send from your Safe-mail account, so your recipients see this information. (And, of course, you may be tempted to identify yourself to your correspondents within your purportedly encrypted e-mails.)
Third, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government, and it would clearly be in the best interests of Barak.net.il and conceivably, by extension, Safe-mail.net to make such disclosure. Then it would seem to become a question of whether you have reason to trust the Israeli government.
We found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities. So, again, it would appear to be a matter of whether you have reason to trust the Israeli government. We don’t have anything against the Israeli government that we don’t also hold against nearly all other governments worldwide.
It is widely known that Israeli security and intelligence services have cooperative relationships with the related services of other countries. For example, if a USA government agency wanted information on someone who happens to use a Safe-mail.net account, it seems logical to suppose that a request (formal or informal) might be made to the Israeli government.
While it is impossible to know whether or not Safe-mail.net accounts are “Mossad-transparent” or a kind of intelligence sting operation run by the Mossad, or others within the Israeli government, what is publicly stated about the system seems to be closely aligned with what one would expect to find in that case. We have no information presently at hand that would tend to disprove the hypothesis that Safe-mail.net is an intelligence sting operation.
There is always free meat in a bear trap. Be careful.
Is Safe-Mail.Net Unsafe?
Safe-mail.net is one of several e-mail services that offer to provide secure, encrypted, web-based e-mail service to theuploaded-file-30871 general public. The idea seems to be that people who would not be willing to take the fairly short amount of time to learn to use PGP encryption would be able to secure their e-mail by trusting a third party, in this case the folks at Safe-mail.net.
We reject that idea on several grounds. First, the company that provides Internet services for hosting the Safe-mail.net system is Barak.net.il, based on our review of the domain registration for Safe-mail.net. Barak.net.il is one of three companies with a license from the Israeli government for providing similar Internet services, according to the English-language version of their web site, as we understand it. Perhaps it is merely a coincidence that Ehud Barak was once head of the Israeli Defense Forces intelligence branch.
Second, the Safe-mail.net system is “an IP trap.” Our anonymous friend indicates that your IP address is linked to your e-mail account. The user agreement indicates that it is a violation of the user agreement to employ an anonymous proxy or otherwise attempt to mask your true IP address. So, while no identifying information (name, address, phone) is requested when you set up an account, your IP address may be traced to your physical location, or at least to your specific Internet Service Provider, even if dynamic IP addresses are used. Thus, your location and possibly your identity would be exposed. Also, IP addresses are not stripped from e-mails you send from your Safe-mail account, so your recipients see this information. (And, of course, you may be tempted to identify yourself to your correspondents within your purportedly encrypted e-mails.)
Third, Safe-mail.net makes the usual disclosure that they may disclose your account activity, stored e-mails, and other information upon court order or law enforcement request. They make the unusual variation of this disclosure by stating that they may disclose these things whenever it is in their interest to do so. This vague contract clause should scare anyone who thinks about it even briefly. Given that Barak.net.il is licensed by the Israeli government, it would seem quite likely that the Israeli government could command that the data from all Safe-mail.net accounts be provided to the government, and it would clearly be in the best interests of Barak.net.il and conceivably, by extension, Safe-mail.net to make such disclosure. Then it would seem to become a question of whether you have reason to trust the Israeli government.
We found no details about the encryption algorithms used to provide for security with Safe-mail.net. An investigation of Israeli law suggests that there is a mandate that encryption have back doors or key escrow for use by Israeli authorities. So, again, it would appear to be a matter of whether you have reason to trust the Israeli government. We don’t have anything against the Israeli government that we don’t also hold against nearly all other governments worldwide.
It is widely known that Israeli security and intelligence services have cooperative relationships with the related services of other countries. For example, if a USA government agency wanted information on someone who happens to use a Safe-mail.net account, it seems logical to suppose that a request (formal or informal) might be made to the Israeli government.
While it is impossible to know whether or not Safe-mail.net accounts are “Mossad-transparent” or a kind of intelligence sting operation run by the Mossad, or others within the Israeli government, what is publicly stated about the system seems to be closely aligned with what one would expect to find in that case. We have no information presently at hand that would tend to disprove the hypothesis that Safe-mail.net is an intelligence sting operation.
There is always free meat in a bear trap. Be careful.
