Get the lowest-cost and the best server colocation service in the business. Learn more.
Information Technology News.

MIT and CERN now offer secure email software dubbed Proton Mail

Share on Twitter.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Do it right this time. Click here and we will take good care of you!

Click here to order our special clearance dedicated servers.

Get the most reliable SMTP service for your business. You wished you got it sooner!

May 22, 2014

CERN alumni and a team or research scientists at MIT have taken another shot at cracking the e-mail encryption scenario.

Their offering is dubbed Proton Mail and it's now available in public beta, and it proves to be so popular that the group had to suspend new registrations while it upgrades its system.

As a concept, encrypting email goes back at least to the earliest days of PGP-– Pretty Good Privacy, that got Phil Zimmerman of RSA Security in so much trouble back in those days. He suffered a long criminal investigation by the U.S. Customs Service.

After a report from RSA Data Security who were in a licensing dispute with regard to use of the RSA algorithm in PGP, the United States Customs Service started a criminal investigation of Zimmermann for allegedly violating the Arms Export Control Act.

The United States government had long regarded cryptographic software as a munition, and thus subject to arms trafficking export controls. At that time, the boundary between what cryptography was permitted ("low-strength") and impermissible ("high-strength") for export from the United States was placed such that PGP fell on the too-strong-to-export side of the boundary.

The boundary for legal export has since been raised and now allows PGP to be exported. The investigation lasted three years, but was finally dropped without filing charges against Zimmerman.

PGP, which lives on in various open-source tools today, ran encryption alongside users' e-mail clients and was widely seen as too difficult for the average user.

In the world of Webmail, encryption happens at the server end, and as Lavabit found to its own cost, that leaves user data subject to the demands of law enforcement.

Proton Mail even nods towards PGP-- “In truth, there is not a whole lot that ProtonMail does that is not already accomplished by PGP, at least from a security standpoint," the MIT team notes.

"But, to quote what Bruce Schneier said to us when he visited CERN, all PGP has demonstrated is that even one click is too much,” he added.

“What we really want to provide here is privacy for the much larger segment of the population that isn't sophisticated enough to use PGP,” he added.

Proton Mail is a Webmail system that encrypts messages at the client-side – within the user's browser – so that the user doesn't have to delegate encryption and trust to the provider.

The organization doesn't log user activity, so information like IP addresses and other metadata aren't available, and that's what really makes the whole concept so interesting.

It runs AES, RSA and OpenPGP implementations on open source cryptographic libraries, while at the server end, Proton Mail runs full disk encryption in its Switzerland data centers.

However, the system does demand that users have two passwords-- one to authenticate yourself with its servers, and the second local password for decrypting messages. We would suggest using a password manager for the second, since Proton Mail can't re-issue a password that it never held in its memory to begin with.

There's also an optional self-destruct feature for messages, and users can deal with other e-mail providers either unencrypted, or using symmetric encryption as an option.

Some of the developers remain at CERN, while others are now at MIT. There's some interviews with the founders, Jason Stockman, Wei Sun, Andy Yen on the Forbes website.

The developers told Forbes they chose to “bootstrap” rather than seek venture capital funding to maintain their credibility among users.

In other IT news

There are many that aren't too happy with Microsoft's decision to abandon security patch support for its aging OS Windows XP.

In direct retaliation for its decision, the Chinese government has completely banned Windows 8 from a sizeable amount of public-sector personal computers.

The ban was announced by the government's IT procurement agency in a notice posted online on May 16.

The notice was addressed to hardware vendors bidding on a contract to supply the Chinese state with new energy-saving PCs, laptops, tablets and other similar equipment.

"All computer vendors are not allowed to install Microsoft's Windows 8 operating system," the note stated.

The Chinese government agency behind this decision-– The Procurement Center of the Central Government Institution of the People's Republic of China has enormous power within the country as it leads procurement for the Chinese public sector at large.

The outright ban follows a set of Chinese internet giants teaming up in February to offer support for Windows XP for the next two years following Microsoft halting updates for the legacy operating system.

As of the end of 2013, Windows XP had a marketshare of about 50 percent in China. Last December, Chinese officials were reported to be concerned about the potential security impact of Microsoft permanently dropping support for the OS.

The Chinese government was also reported to have told Microsoft that halting the sale of Windows 7 and switching over to the higher-priced Windows 8 would lead to software piracy.

"This morning, the Central Government Procurement Center of China posted a notification titled 'Bidding Process for Government Purchasing Energy-efficient IT Products.' The notification indicated that the Windows 8 operating system is excluded in the bidding," a Microsoft spokesperson said.

"We were surprised to learn about the reference to Windows 8 in this notice. Microsoft has been working proactively with the Central Government Procurement Center and other government agencies through the evaluation process to ensure that our products and services meet all government procurement requirements.

"We have been and will continue to provide Windows 7 to government customers. At the same time, we are working on the Windows 8 evaluation with relevant government agencies," he added.

But overall, China may not have that many alternatives to Microsoft, given that the country's homegrown OS "Red Flag Linux" apparently shut its doors and fired all staff in February of this year.

In other IT news

Here's a fact that shouldn't surprise you-- IT depts are spending less on enterprise storage arrays, and instead are considering shifting to the cloud, if they haven't done so already.

This 4 year old trend was pointed out by Aaron Rakers, managing director of equity research firm Stifel Nicolaus.

He’s plotted the combined EMC, Hitachi, and IBM storage financial results over time, and his chart shows a revenue decline since 2010.

Stifel also polled system admins at businesses that have a need for enterprise storage, and found that:

  • About 60 percent of respondents thought 2014 storage spending would be greater than that in 2013.
  • Over 53 percent of surveyed CIOs and CTOs view cloud computing as the most disruptive technology to their data centre, followed by software-defined storage and converged compute-storage (32 percent) and flash storage (15 per cent).
  • About 60 percent of surveyed CIOs and CTOs view EMC as the best positioned company to capitalise on the data centre transition and trends taking place in the enterprise storage market, while 19 percent of respondents view NetApp as the best positioned.
  • Over 58.9 percent expect to evaluate a software-defined storage solution in the next 12 to 18 months.
  • 60 percent view server SAN software as the most attractive.
  • Rakers concluded by saying-- ``We believe traditional approaches to networked storage appear to be increasingly misaligned with the performance requirements of virtualised server environments.``

    Click here to order the best dedicated server and at a great price.

    ``We would view late 2014/2015 as potentially representing a pivotal period in how investors view the storage landscape over the next 3 to 5+ years,`` he added.

    ``We believe that server-side SAN or hyper-convergence represents potentially the most distributive architectural approach to software-defined storage as this approach is highlighted as being the closest comparison to Google, Facebook and Amazon.``

    Rakers has an “expectation of a two-quarter pause in storage spending; EMC and NetApp have consistently highlighted a belief that enterprise decision cycles have lengthened”.

    In other IT news

    Oracle has acquired the desktop software virtualizer GreenBytes, which uses ZFS technology, for an undisclosed amount.

    Overall, GreenBytes' software is based on its own highly rated deduplication engine and replication.

    It can run on flash hardware and GreenBytes sold a VDI flash appliance but got out of the hardware business in August 2013.

    It was founded in 2007 by CEO Bob Petrocelli and took in some $37 million in GreenBytes’s exec-contributed and venture capital funding.

    This may suggest that, unless the company was distressed, the backers could have received up to 4 to 5 times the payout, meaning about $150 to $185 million. That sure sounds like a lot of cash for a SW-only VDI supplier, especially with Atlantis making waves in the market.

    We haven’t had any recent announcements from GreenBytes about its business progress so we can't tell if it was doing well or not.

    There might be some distress here which would reduce the amount of cash or shares that Oracle paid. Then again, maybe not, it's hard to tell.

    The deal announcement said GreenBytes’ technology ”is expected to enhance Oracle's ZFS Storage Appliances, and that could mean the ZFS appliance getting GreenBytes’ deduplication engine. Oracle said it “is currently reviewing the existing GreenBytes product roadmap” and will be providing guidance to customers at some point in time.

    Source: The CERN and MIT research teams.

    Get the most dependable SMTP server for your company. You will congratulate yourself!

    Share on Twitter.

    Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.

    IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

    All logos, trade marks or service marks on this site are the property of their respective owners.

    Sponsored by Sure Mail™, Avantex and
    by Montreal Server Colocation.

           © IT Direction. All rights reserved.