Perfect privacy for webmail with secret sharing

Yossef Oren, Avishai Wool

Technical report, Feb. 2009. http://www. eng. tau. ac. il/yash/OrenWool …, 2009

With the many advantages of web-based mail comes a very serious privacy flaw–all messages are stored in a single central location on the webmail operator’s data center. This fact makes these data centers a natural interception point for various undesirable parties, severely risking the privacy of individual webmail users. We propose a novel and unique way to solve this problem and protect the privacy of messages exchanged by webmail users, based on the cryptographic principle of secret sharing. Briefly put, each message is split into two shares and these shares are sent through two different webmail providers, preferably hosted in two mutually distrustful countries. While the legitimate recipient can retrieve and combine all shares of the message, a malicious party with access to only a single data center will not be able to extract any meaningful information about the message. Our scheme has a major usability advantage when compared to conventional public-key cryptography on webmail–secret sharing requires no key generation, certification or storage, and its underlying principles can be easily explained to the layman. This lets our scheme require very little in the way of user configuration or education. In addition, since our scheme does not rely on secret cryptographic keys or locally installed software, it can be used simply and easily from anywhere, a usage model consonant with the character of webmail systems. We present our scheme both in theory and as a working downloadable tool. We also discuss how to stay compatible with law enforcement and how to cope with potentially hostile webmail operators, presenting an efficient …