Mailfence at RightsCon Brussels March 2017: A brief rundown!
In continuation of our last blogpost, a short update about Mailfence at RightsCon Brussels – 2017. This blogpost will give you a rundown of our Tech demo and other activities.
MAILFENCE AT RIGHTSCON BRUSSELS 2017
Mailfence at RightsCon Brussels – 2017 received a warm welcome by journalists, activists, bloggers and other privacy-oriented attendants of the conference. We met incredible people from all kind of fields: Cybersecurity, Healthcare, Education, Human rights, to name a few. All of them shared the same spirit and feel the need for privacy-respecting digital solutions in order to reclaim online privacy and digital freedom.
Mailfence demo-track presentation:
Mailfence presented a demo-track session, where we briefly laid out following points:
- Why do we need to protect data
- Why email data?
- What secure email technologies are available, and which are the right ones?
- Complexity of ‘true’ end-to-end encryption
- Why is it important to make ‘true’ end-to-end encryption easy to use?
We presented the unique aspects of Mailfence:
- Advance key management
- Integrated keystore (independent of any plugin/add-on)
- ‘True’ end-to-end encryption based on OpenPGP (supporting both inline & PGP/MIME formats)
- Digital signatures
- All of this in a very slick and user-friendly interface
A short hands-on demo was given at this point, covering the keystore, encrypting & decrypting emails. Finally, we concluded our presentation with the exclusive advantages of Mailfence versus any other secure email solution out there:
- Users have full control over Key management
- Full reversibility: users can export their encrypted keypair and other public keys – along with their encrypted data
- Full freedom & No digital island: Users can send plain-text emails, digitally signed plain-text emails, end-to-end encrypted & signed emails (to any other PGP compliant solution, with full inter-operability).
We ended the demo track with a Q&A session:
Q1: What happens when a user forgets his private-key passphrase?
Nothing can be done on our part. A user has to upload his revocation certificate to public key servers (in case he published his public key) to let other people know the he does not use it anymore. In case a user did not publish his public key on public key servers, he can send a signed email with a new public key attached, to all the recipients while asking them to use this new public key for sending encrypted emails in the future.
Q2: Do you generate revocation certificate through the web-interface?
Yes. A user can either save this certificate on his local device or in his Mailfence (document tool).
Q3: What is the main difference between Mailfence and Mailvelope?
Mailfence is a stand-alone web-based email service provider and is completely independent from any third-party add-on/plugin.
Meeting with Mr. Bruce Schneier
Mr. Bruce is not just a computer security professional and data privacy specialist but also an author of many books. He continuously raises awareness among the masses about the need and importance of online privacy and cyber security.
Aside from the discussed technical aspects, one of the key-question we asked Mr. Bruce Schneier during our brief meeting was his view on the future of email security, and the role of OpenPGP in particular. Mr. Bruce confirmed the lasting and vital role of OpenPGP in the foreseeable future of email security. The biggest issue of OpenPGP is its usage-complexity. Mailfence works on solving this problem since its very inception.
– Complexity is the worst enemy of security –
A shared belief of many cybersecurity experts
We believe the more a system is easy-to-use, the more people will use it. Mailfence is unique. OpenPGP used to be a complicated world of command-line based and platform dependent tools with browser dependent plugins and add-on’s. With Mailfence it became a user-friendly web-based application.
Some interesting sessions
Session on Breaking encryption
An engaging and much heated session on ‘coming to a resolution’ about attempts by nation states to break/weaken encryption. The panel discussed different aspects of how technologists, policy makers, and other institutions have failed in framing the importance and urgency of encryption.
We use encryption primarily to maintain data confidentiality. This is done in wide-spectrum of disciplines and for different purposes. Generally to beat possible surveillance attempts. Areas include Banking, Telecommunication, Healthcare, Military, Government bodies, private & public institutions. Now if bad people are using encryption for their communications (or for cyberattacks such as ransomware etc) the solution is not to ban encryption. Criminals also drive cars for their routine work – but we will never ban cars for the same reason.
Panel also discussed the role of academia, public/private bodies and other individuals. The goal was to set the record straight on how fundamental end-to-end encryption is to a democratic society.
There is massive encryption but there is no mass solution that gives secure end-to-end encryption AND protects meta-data
– Mr. Bart Preneel
The issue of combining strong encryption and meta-data protection along with appropriate usability for easy mass-adoption was briefly addressed. Though it was made clear that efforts have been made (for e.g., apps like ‘Signal’, …) there is still a long way to go, to give people unbreakable end-to-end encryption and meta-data protection in easy-to-use applications.
This is where Maifence, has been playing a vital role. We help societies reclaim their email privacy and freedom of expression. Our end-to-end encryption based on OpenPGP comes with guidelines to use it over Tor and an easy-to-use web-interface. This makes it the most reliable option for all sort of email privacy-seeking individuals and organizations.
Session on Surveillance and privacy from the margins
The blanket global mass surveillance operations around the globe records every activity you do online and state/non-state actors have been doing this for many years. It has impacted all of us in different ways, both as an individual and as a society by taking away our online privacy and digital freedom.
Digital surveillance is a form of enforced behavior modification
– Mr. Bruce Schneier
This is not only morally wrong but also an illegal act. After 2013 global mass surveillance disclosures it became public to which extent ‘Big Brother’ is doing this.
The revelations resulted in no real change in behavior by the governments. They continued blanket surveillance with full force. On the contrary a massive wave of new threats appeared related to online privacy and digital freedom. This generated in counter-actions taken by civil society, journalists, activists, … and other privacy-oriented people. Mailfence was created at the same time, to provide users with a way to reclaim their email privacy.
Session on Bad bears: state-sponsored hacking in Russia
State hacking is real and is being going on for a long-time. There are many groups that allegedly get support by governments. In this session, the panel analyzed and discussed State-sponsored hacking in Russia. Several cybercrime cases were brought-up by Russian, Ukrainian and other journalists that seem to be connected to ‘Fancy bear’ and ‘Cozy bear’ (infamously, APT28 & APT29). Security professionals consider both as elite hacking groups (with state-support).
They now expand their activities to attack institutions that decide not to follow the commands of repressive regimes. They now seem target more and more journalists. This makes the need for privacy-oriented solutions even more important in order to guarantee the ‘Rule of law’ and basic human rights.
RightsCon Brussels 2017 proved to be a leading event at the intersection of tech, human rights org/activists, and society.
RightsCon Brussels brought together 1,500 attendees from 100 countries, with representatives from 500+ organizations, tech companies, universities, startups, and governments. From March 29-31, 2017, in Brussels, Belgium, we gathered in the heart of European policymaking for the most impactful RightsCon yet. We’re humbled by your hard work.
– Source: https://www.rightscon.org/
Some parting thoughts:
- The people of ‘Access now’ did an amazing job at organizing this much needed yearly gathering of activists, journalists, human rights organization members and entrepreneur(s). We really want to thank them for their work and for giving us the opportunity to present our solution!
- The need for privacy-oriented and secure solutions is ‘real’ and very ‘broad’
- Privacy (how much a service knows about the user) and Security (how a service protects user data) are two ‘separate’ things. Unless both are addressed appropriately, a tool is ‘useless’
We came back from the conference even more convinced than before that vulnerable populations around the globe really need tools to protect their online privacy and freedom. We are humbled by the work of everybody present at the conference and view it as a privilege to work on our mission for making internet a more secure and open place.