Thursday, December 19, 2013

Security Changes

A couple of policy changes recently, one that supposedly enhances privacy and another that could reduce it.

Google has been implementing perfect forward secrecy since 2011 and other major Internet players, such as Facebook and Twitter, have started using perfect forward secrecy in the wake of the Snowden revelations that the NSA has been collecting Internet traffic to these companies.

So what is perfect forward secrecy? Not an easy question to find the answer to on the Internet. The wikipedia article says little. So I asked a couple of our security folks in the department.

The rough idea: We want to communicate several rounds of messages but if the current keys are compromised they can't be used to decrypt earlier messages. A couple of immediate thoughts: This isn't "perfect", you can still discover the earlier messages by breaking the encryption (say if P = NP). Also this isn't that exciting a problem from a theoretical perspective, you can just use a standard public-key protocol and start with fresh private and public keys each round and deleting the old ones. But that isn't very efficient.

One approach to PFS: Have a standard public/private key scheme to set up a session key (used in an AES or similar private key protocol) then run separate Diffie-Hellman schemes for each message. In RSA if you have the factors for N you can decrypt, where in Diffie-Hellman you can keep the same group without compromising security.

Chris Peikert calls this a poor-man's perfect forward security and there are better schemes though a bit more complicated.

On a different front, Google recently announced that images by default would be displayed in gmail messages. The images would not come directly from the sender, which could contain malware that avoids Google's filters, but rather from Google's servers after being downloaded and cleansed by Google.

Downloading an image often tells the sender that the image was read, typically with some id encoded in the filename. So once again we give up privacy for convenience. At least Google gives us the option to turn off the automated displaying.


  1. Google displaying images by default is an interesting change. It's not clear to me whether it actually harms the user's privacy. Google downloading the image indicates that Google read the message, but it doesn't mean the user did. It does tell the sender that the gmail address actually exists (otherwise Google probably wouldn't download the image), but this is probably already revealed due to the (lack of) a bounce-back error.

    Another question is when does google download the image? When gmail receives the email, or when the user views the email? If the latter, in terms of privacy this would be nearly as bad as the user auto-loading images by default.

  2. People have confirmed that Google doesn't download the image until the user opens the email. This lets the sender know that the user opened the message, but the user's IP address, location, etc. remain hidden thanks to Google's proxy. Still, it's definitely a step backward (for privacy) from the previous default behavior of not loading images.

    More details here: