How Does Mensago Protect Your Privacy?

Posted on by

Privacy is a nuanced term that has different meanings to different people. For example, what Facebook and Signal mean by the term are as different as night and day. For the purposes of this article, privacy means the ability to choose what information you share with others. Many believe that they don’t care about privacy because they “don’t have anything to hide.” This is simply not true. For example, Americans guard their Social Security number carefully because the ability to apply for loans and credit goes with it. Passwords, account numbers, and medical history are potentially sensitive information that imply the need for privacy. With its heavy use of strong encryption and great care to place little trust in anything, Mensago protects your communications so that any information you share is the only information you share.

Autopsy of an E-mail

Because e-mail is so common, most people don’t know — or care — about all the data one e-mail message contains, but understanding a bit about its internals will help us understand the problems that go with it. Let’s look at a sample.

From: <example@mailfence.com>
To: <mensago@protonmail.com>
Subject: A Sample E-mail
Date: Sat, 15 May 2021 15:58:55 -0400
Message-ID: <004101d749c4$c0effd10$42cff730$@mailfence.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0042_01D749A3.39DF4770"
X-Mailer: Microsoft Outlook 16.0
thread-index: AQE8/IEkZmVu0glYAD+czI9+XjzIVw==
Content-Language: en-us
X-OlkEid: 00000000365AD201E8EC80489887363B3F63CD9E0700C3B68E10F77511CEB4CD00AA00BBB6E600000000000E0000E7DD5FA71439C149A4E16B2ADE29BE410000000008010000E6099DAFE00D1E408801C060D82216AB

This is a multipart message in MIME format.

------=_NextPart_000_0042_01D749A3.39DF4770
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

This message is just a sample of a regular e-mail. Its contents are,
sadly, visible to anyone with access to the file or database it is stored
in.


------=_NextPart_000_0042_01D749A3.39DF4770
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META =
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 15 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US =
link=3D"#0563C1" vlink=3D"#954F72" style=3D'word-wrap:break-word'><div =
class=3DWordSection1><p class=3DMsoNormal>This message is just a sample =
of a regular e-mail. Its contents are, sadly, visible to anyone with =
access to the file or database it is stored =
in.<o:p></o:p></p></div></body></html>
------=_NextPart_000_0042_01D749A3.39DF4770--

Wow! This sample e-mail contains a lot of weird technical jargon and it’s big. The amazing thing is that to create it, I only typed in the subject “A Sample E-mail” and the following body text: “This message is just a sample of a regular e-mail. Its contents are, sadly, visible to anyone with access to the file or database it is stored in.” If you look closely, you’ll actually see two separate copies of the message I typed, one in HTML, the language of web browsers, and one in regular text. It’s pretty wasteful, to be honest.

More Than Just Words

So what’s the big deal? A lot, unfortunately. Government actors, system administrators, hackers, or just about anyone with access to the message store can read it. Worse yet, the entire message store on most mail servers is like this, free for the reading. It’s a gold mine of information.

  1. The message itself is visible. If there have been several replies back and forth, large parts of the conversation — or the entire thing — is stored in one file. This makes spying on someone a lot easier and I can learn all sorts of useful things about my target.
  2. If any files were attached, I have a copy of them, too.
  3. Dates and times of each message can be seen. One message can tie a person to a particular location at a specific time.
  4. I now know the contact information for everyone involved because the message also includes all e-mail addresses involved in the conversation.
  5. By looking at a series of messages, I can learn about relationships, locations, and I may even be able to deduce lifestyle habits.

E-mail appears secure, and providers want you to believe that it is, too. Secure e-mail providers do what they can to make the mail store secure. Encrypted e-mail that uses S/MIME or PGP goes a long way to protecting you. It doesn’t solve all the problems. In fact, only the message body and attachments are encrypted, so the last three items in the list above still apply to encrypted e-mail. The Subject line is not encrypted, so unless the people involved didn’t use one, I still can get an idea of the contents of the e-mail. If I have more than one e-mail, I can still learn something useful.

Enter Mensago

Mensago was designed from the beginning to be as useless as possible to an attacker. How? We carefully encrypt All The Things. Here is a sample Mensago message:

MENSAGO
{
    "Version": "1.0",
    "Receiver": "b#h`WpdSE}<{Za*;Su;N`Xh8fsx}7=b@NlLmkb*;`bb0(2=E_fTwPBy@nDBYQlFC*2Grd!7mpWw_CM!h9-$}S{UC>u{70UXodtQt66(JUC)L!s-n#4tu+Ot-q(=J@KWL^OTGSr;H4Ld_GpXPo(@O-5jy{ACmjE8qzwwT>#*|%4Dg", 
    "Sender": "n|uG?T@WCe)YXyEbQe@rPx857NV2xLO>(=14bciMuFJ%9FDFR@zq#?p<d{l&SI3X>r%OiS>{6YPr$57n(Rg6el#F)y;f*3y3ozDcs%ox?!duyf+n?=w@9o}{iZoas1-t6_YUq~zTLR!c&;%gj|Fo)Xzq@7W5`2EpNmM%p806OLeK|&(mC*",
    "Date": "20201107 163552",
    "KeyHash": "BLAKE2B-256:;Vvs@=63Iopg^87j!0dw{H=1JC>c%(xKPMX){8#g",
    "PayloadKey": "L?9+7!Gy>0Gu1if2`$mPHdk`G-Wuy*<e%Qb!?`LtTTf;q^{-Yk6T)kiF(B^9Y=n)xSrDEx__Q3=8*joa)&;Kj#s7qh-d@Nh<q+qzLNQPfRbl8y`$iCLjvwc*)B"
}
----------
XSALSA20
B%oV}e$Ws7e<d3`p=;AUouUtd5AN5TinUzx?Sha<Cc}>>`?`8GXJ*yDAxh|S2nX^jqm8rG1=YzV|C&{I>Yp|Ga_{D9fcHGLqvfoCJ*CfU#=~;jdyi3Ut<8aRPBvw=MdFvC#5jqjQc(jnkEx}bf7>=Qd^OUuI}DYqi{f!TNkj+6V<+_|CN5AFR=$UHenswC39EUXPq7$mFXg&n=cn<qn_20JpA??3m3Rbg{qljmMn43uT5mk11;4>u9x*4JHO+HaWL=E?#*L>bFehRTwii+WWbpf}YMYSmsu{80hk7=nf9P0>8)#Q;jP72+Vu4s~=cV0UiyAEW*J`Pj1^CK9{V1_Eruqn2Me5i4lz^CMXdv$9ctSeS1%gTiwJ6aDosAw9Mqg1`#B9q(p!4$vi$i)hQ~55jl?ng#dAs78_!N(GJ<d0pxBviB_4nByJ0J_JxSafFeOcT7)Ni3Gn5Ih1(ENa{ejTR{6}!yv7~Xi8Aghnsaph%`Hr@GwIc)5mnsoOM3I~KLs$yfc>&(K5t1lZIgfn^oedqOGF8{Ch|BmZ;GR19PSH9qwaO67OCgyt%<2PRg6FU<gF+Ji1VBbMY_uWPdu&v1UQ3)2`_>QPSZ|F2h)M?*|NR_LAfAq;cbi!u74e+5lB8mb)D_HQO4?k?M3>y?h`*by<xL<PN2eHQcxR3Vk6|!+}RGnNR2a>lZ)^HutwUOMVrr&Y<Ut4ioP_TA(ps|79Z^<1{O=(v2wf~;R0Vx*$;gNeRYNNpi*s55G2)!PpH+~StwnV4rz(9hPPbWXqIAP?@zx~QUq&yzTf6BV9%!k;d;@{R7e;oO(tBxtP1BA3XqJrtvtv%j_>+{b`<y_&;`^W6pYK9ty_b7B(~T#opmX8?MmEZZUy<=3y5CnyegSx_&?awg2h6n2Wg?;N08d6Z~o9x1u0Dp+7bE*!0}e!i}W_2b(~@tG4h=cc57wN}P6dNXBwQ0iC8v4VNIOgKrHt$vJHO`ny;)L82z6!3o>Uk=GKYJ@uA%pAfcy9T7IC7?(+%&mYX1RNBo_j(oTFKK&0eglpi#m~^CE_1Jw6W-lBy@HEFCmNdP0EC

See anything useful in there? I don’t, and that’s the point. It’s also quite a bit smaller than that e-mail, too. If a system administrator gets a little too curious and starts snooping around in the server-side files, they are not going to find anything. Period. The garbled sections are the encrypted parts.

Delivering a Secret Package

Protecting your messages goes beyond encrypting as much of a message as possible, and it’s complicated. To understand how the message actually gets delivered, let me tell you a story.

Imagine I want to send a letter to my friend. I write the letter and place it in a locked box. My friend and I are the only ones who have a key to this box. So that the postal service knows how to deliver my box, I attach two tags. The Sender tag can only be read by the Post Office in my town and its carriers, and it contains my name and address and the city and postal code of my friend. The Receiver tag can only be read by the Post Office in my friend’s town and the carriers there, and it has my friend’s name and address and my city and postal code. These tags are important. The Post Office in my town can see who sent it and where it’s going, but not who is getting the package. The Post Office in my friend’s town can see that it came from my city, but not who sent it. The people who are delivering my letter in the locked box have the information they need to get it to its destination, but nothing else.

By sending my friend a letter this way, I can be sure that when my friend gets my letter, no one else will know what’s in it. Because this box can only be opened by my friend and I, she knows the letter is from me. No one involved in the package’s delivery can learn about the relationship between my friend and I by looking at the package, either. We can both be safe and secure. No snoops allowed.

IT security workers are a paranoid lot, and they need to be. Sending passwords over e-mail makes many of them either sad or angry because they know how bad it is. With Mensago, they have one less reason to worry.