Dear Mailvelope users,

We have a security notice for anyone who uses the encryption add-on Mailvelope with Firefox.

We have had a current security audit of Mailvelope undertaken, in which a critical vulnerability was found in the interaction between Mailvelope and Firefox. Under certain circumstances, Firefox’s security architecture allows attackers to access users’ private keys via compromised add-ons. We therefore ask all users of Mailvelope in Firefox to carefully read our security recommendations found in this article, below.

This also affects Mailvelope users with all other providers such as Gmail, Outlook.com, Yahoo!Mail, etc.

Firefox’s architecture does not sufficiently compartmentalise add-ons from each other – this has been known for years. The fact that a Mailvelope user’s private keys could be compromised via targeted attacks in Firefox was not proven until now, however. The security engineers that we engaged from Cure53 have now proved this. In the past, Cure53 had already audited Mailvelope for Chrome – on our assignment the engineers have now also investigated the plug-in’s interaction with Firefox. In their investigative report, they conclude that Firefox does not currently constitute a suitable environment for Mailvelope. They write,

“At the end of the day, the Cure53 testing team cannot in good conscience recommend the use of Mailvelope on Firefox.”

Weakness expected to last until November 2017

We informed Thomas Oberndörfer, the developer of Mailvelope, after the security audit. He is unable to fix the weakness, however, as it has to do with Firefox’s architecture. New architecture is already being developed at Firefox. Mozilla is planning to conclude this work with the release of Firefox 57 in November 2017. Oberndörfer is also working on a version of Mailvelope for the new and improved Firefox architecture. We would like to thank him for his development work.

Until Mozilla has updated the architecture, the following security recommendations apply:

Option 1.) In the interim, switch to different software. Either use Mailvelope in a different browser, or use PGP with a local email program. You can find various instructions for these options in the Posteo help section.

Option 2.) Alternatively, using an independent Firefox profile for Mailvelope minimises the risk in the interim. In the Posteo help section, we have published step-by-step instructions for the creation of Firefox profiles on Mac and on Windows. Mailvelope users with other providers can also follow these instructions. Please be sure to note the following security recommendations in order to effectively minimise the risk of a fruitful attack:

• Do not install any further add-ons in the newly-created browser profile
• Use the Firefox profile exclusively for your encrypted Mailvelope communication. Only access your provider’s webmail interface and never visit other websites using this profile.
• In addition, use a password for your PGP key that is as secure as possible
• Be careful not to accidentally install any add-ons via phishing, through which you could be attacked

Due to the problems with the Firefox architecture, we additionally recommend:

• Restrict the use of add-ons in the Firefox browser to a minimum, until Mozilla has updated the architecture
• You can further protect yourself from potential attackers by setting up an additional user on your operating system for end-to-end encrypted communication

Here are the recommendations from the Cure53 report once again, for transparency reasons:

“Two paths can be recommended for the users who rely on Mailvelope for encryption and decryption of highly sensitive data. First, they could use Mailvelope on a browser profile that hosts only and exclusively Mailvelope with no other extensions. Secondly, they would need to rely on a different software solution, for instance Thunderbird with Enigmail.”

“At present, any users working with Mailvelope on Firefox are encouraged to export their settings, delete the extension and migrate their setup to a Mailvelope installation running on Google Chrome. Alternatively, a separate browser profile running Mailvelope only could be used, with the caveat that one must not have any other extensions installed in order to minimize the risk of key material leakage.”

Security engineers engaged by Posteo found the weakness

In their daily activities, our customers use various devices, browsers and add-ons in their local environments. Our users’ communication security is very important to us – we therefore also continually have external standard components checked for weaknesses. Among others, we work together to this end with independent IT security experts at Cure53. They have now made a find with Mailvelope in Firefox.

Dr Mario Heiderich from Cure53 explains,

“the problem is currently located in the architecture. There is therefore no easy fix. Mozilla knows this, but also has to keep a difficult balance between radical changes and ones that are prudent but are often decisions that are slow to take effect. Things are going in the right direction, however, which is definitely something positive for more complex software.”

Thomas Oberndörfer of Mailvelope states,

“Mailvelope is naturally dependent on the security of the underlying browser. Weaknesses in Firefox’s add-on system have been known of for some time, so Mozilla’s improvement should be welcomed. Security audits such as the one undertaken by Posteo are important indicators for us to see how we can further improve Mailvelope.”

Report to be published after weakness is overcome

The weakness outlined above is expected to be overcome by Mozilla in November 2017. Out of consideration for security, we will therefore first publish the report at a later point. In it, the method of attack will be described in detail. The report is already available to Mailvelope and the BSI (German Federal Office for Information Security).

The security audit has also yielded some positive results for Mailvelope, which we would like to outline here: There was a check made as to whether email providers for which Mailvelope is used could access a Mailvelope user’s private keys saved in the browser – this was not possible. All other attempts made by the security engineers to access private keys saved in Mailvelope, such as operating third party websites or man-in-the-middle attacks, were also unsuccessful.

Weakness shows that open source increases security

For security reasons, we exclusively support open source components with transparent code – such as the encryption plug-in Mailvelope. In our view, transparent code is essential for the security and democratic control of the internet: Independent experts can at any time identify weaknesses or backdoors via code analysis, as happened here. A provider or developer’s security claims do not need to be trusted. With the security audits that we commission, we want to contribute to further increasing the security of established open source components and genuine end-to-end encryption.

Best regards,

The Posteo team

Dear Posteo users,

In the last few days we have received a lot of positive feedback on our new TLS-sending guarantee, for which we would like to say thank you. We’re very pleased about how well the new security feature is being adopted. Within just a few days more than 20% of our users have activated the new feature. With the TLS-sending guarantee activated, your emails are only sent if they can be transferred to the recipient over an encrypted transport route. Because we are currently receiving a lot of queries, we will here look at some insecure email servers and show what options are available when sending is stopped.

First, here is an example, which we are receiving many enquiries about: Amazon “@kindle.com”.

The email servers for the commonly-used domain “@kindle.com” are in fact not secure. Even three years after the NSA scandal, the domain still does not support TLS encryption when receiving emails. Our tests confirm this. We have received numerous queries about the security of “@kindle.com” from users with the TLS-sending guarantee activated. In our view, the lacking TLS support presents a large problem, because customers use “@kindle.com” addresses to send their own documents to their Kindles. Amazon describes this feature as follows: “Kindle customers can send documents to their registered Kindle devices, free Kindle reading applications, and their Kindle Library in the Amazon Cloud by e-mailing them to their Send-to-Kindle e-mail address name@kindle.com.”

It appears that Amazon domains are not generally affected.

#more#

The current configuration of “@kindle.com” is insecure and presents a security risk. Whether you wish to continue sending sensitive data to “@kindle.com” addresses is your own personal decision. If desired, you could temporarily disable the TLS-sending guarantee in order to send. Please note, however, that due to the lacking security of @kindle.com, these communications can be read by unauthorised third parties such as criminals and intelligence services. For privacy reasons, you should not send other people’s data to kindle.com addresses – the others should be able to decide this for themselves.
We have no influence over Amazon’s IT. You could contact Amazon directly. It is generally not especially difficult for administrators of email services to activate TLS encryption on their servers. We assume that the domain will soon be secured if complaints arrive, as the lacking security constitutes a grave security risk. You would then once again be able to send emails to kindle.com addresses with the TLS-sending guarantee activated.

No encryption for GOP (Republican National Committee), the University of Oxford or Ryanair either

We are asking all users who have contacted us regarding email servers that are not capable of TLS encryption such as @gop.com, @kodakpulse.com, @communication.microsoft.com, @ox.ac.uk, @ryanair.com, @unog.ch, @melia.com and other domains (listed below) to decide in each individual case whether they wish to send an email to the insecure email system. For all servers that are not capable of TLS, communicating with these outdated email systems is insecure.

When sending is stopped, you have the following options:
- You can inform the recipient (if desired, using an alternative contact method) that securely sending an email to their address is not possible and ask them to provide an alternative email address.
- You can temporarily deactivate the Posteo TLS-sending guarantee and send the email securely, by furnishing it with end-to-end encryption.
- You can temporarily deactivate the TLS-sending guarantee and send the email unencrypted/insecurely, as an exception.

Ask the domain holders for better security

If you would like to, you could contact the holder of a domain to ask them to activate TLS encryption on their servers. By doing this, you contribute to achieving an improved overall security of email traffic.
Overall, it can be said that these days, mainly only outdated and poorly-maintained email servers do not support TLS. If you activate the TLS-sending guarantee, it will generally only rarely occur that one of your emails is not sent for security reasons.

Last of all, we have collated a list of examples of commonly-used email domains that astonishingly do not yet support TLS, about which we have received queries during the last few days:

- Amazon Kindle: @kindle.com
- Microsoft: @communication.microsoft.com
- United Nations Office at Geneva: @unog.ch
- University of Oxford: @ox.ac.uk
- Yahoo! Japan: @yahoo.co.jp
- Melia Hotels: @melia.com
- Kodak Pulse “Email pictures to the display”: @kodakpulse.com
- Germanwings: @germanwings.com
- eBay: @members.ebay.com
- German American Chamber of Commerce: @gaccny.com
- Pacific National Bank: @pnb.com
- Ryanair: @ryanair.com
- Voyages SNCF: @voyages-sncf.com
- Republican National Committee: @gop.com

Best regards,

The Posteo team

Dear Posteo users and interested parties,

The new chief privacy officer for Berlin, Maja Smoltczyk, has presented Posteo in her yearly report for 2015 as a positive example of innovative privacy concepts. We are very pleased to receive this mention of praise from such a senior figure. We therefore present a translation for you to read:

“Posteo (posteo.de) is a webmail service with all the necessary features. As opposed to other webmail services, the user pays. For this fee, many things are avoided including any data identifying the user, analysis of user behaviour or even the content of messages. This begins with the user creating their account under a pseudonym: Apart from the desired email address and a password, no data is mandatorily collected. Even the prepaid payment can occur completely anonymously in cash. If the user chooses a payment process which involves their personal information, the connection to the email account made via a payment code is immediately deleted after the payment is processed. As well as the implementation of possibilities for transport route encryption when sending and receiving emails and when accessing the webmail interface, optional end-to-end encryption with PGP and S/MIME is also supported. One special characteristic is the feature to encrypt account content and address book: This allows for unencrypted emails to be saved with encryption in a simple manner. As opposed to encryption with PGP and S/MIME, traffic data is also encrypted in the email header. The encryption occurs in the background at the moment that the relevant email is opened. When using this feature, choosing a secure and long password is particularly important.” (p51)

“Data protection is a completely successful selling point, as the example of Posteo shows.” (p53)


The complete report by the Berlin chief privacy officer can be found (in German) at datenschutz-berlin.de.


Best regards,


The Posteo team

Dear Posteo users and interested parties,

In the name of transparency, we are now openly listing the organisations that we supported with donations last year (2015). We were asked to provide this information as remaining Posteo credit can be donated, if desired. Our new “Who we donate to” page can be found on our website in the “About us” section.

It is important to us to encourage social engagement and to take responsibility as a company. We therefore support selected charitable organisations in the areas of environment, internet politics and freedom of opinion, as well as refugee aid. #more#

During last year, Posteo donated a total of 24,350.00 EUR. Of this, 22,957.30 EUR constituted voluntary donations by Posteo.
The remaining 1,392.70 EUR came from users’ remaining credit.

In 2015, recipients of Posteo donations included Friends of the Earth Germany (BUND), Reporters Without Borders, The UN Refugee Agency (UNHCR) and Netzpolitik.org.

Best regards,

The Posteo team

Dear Posteo users and interested parties,

On Wednesday 24th February there will be a cryptoparty for women in the Posteo Lab in Berlin (Kreuzberg). Hosting the event are the hacker girls from Heart of Code.

The hackers will be our guests from 7pm. The event begins with two short talks on the topic of encryption. After that, workshop participants will be shown how to communicate securely on the internet and how to be protected from spying by intelligence agencies and advertisers.

Background info:
The “Heart of Code” hackers want to facilitate women’s access to information technology, tools and content, to make the hacking community and tech landscape more diverse in the long term. We support this aim, as women are clearly underrepresented in the field of IT. For this reason we are happy to make the Posteo Lab available to the hackers for their event.

Best regards,

The Posteo team