"Just because you're paranoid doesn't mean they're not out to get you."

Most people will use Confidant Mail to avoid casual snooping and mass surveillance. However, some people do have serious and powerful enemies, and they need to take additional precautions. Reporters and activists in non-free countries, candidates for political office, and corporate executives are obvious examples of people who need to be paranoid.

Can [name some secret organization] break Confidant Mail's encryption?

Confidant Mail's security comes from GNU Privacy Guard, the standard open-source implementation of PGP. All the cryptography is done by the external GPG process, while Confidant Mail just acts as a user interface and network transport. So the real question is, can GPG be broken?

The answer is, not as far as the public knows. If it can be broken, it's probably costly to do. Using GPG on a PC is like putting a bank vault door on your house. Someone who wants in is probably going to go through the window or the wall or the roof, rather than attacking the front door. Here I will list some of the ways you can be compromised without breaking the cipher, and suggest precautions you can take.

• Vulnerability: phony keys
  This is the biggest hole in the system. If you send to the wrong key, the wrong person gets the message. Anyone can post a key to the Distributed Hash Table claiming any email address. You must verify the 40-character keyid somehow.

  You can contact the person, look up the key on a website, or check a signature using an external GPG key manager. If your adversary controls your Internet access or the recipient's, the keyid you see on a website might not be the actual key. Altering web traffic in transit is possible and has been done in real attacks. Hacking of social media accounts is quite common.

• Vulnerability: hacking your PC
  This is the second easiest way to compromise you. One recently-revealed attack involves intercepting a web connection, redirecting it to a malware site, and serving you an exploit that installs a back door on your computer. All the browsers have had remote exploits.

  Many programs have automatic update features. Some automatic updaters have weak security if any. These can be used by an adversary to "update" your computer with malware.

  The most paranoid approach is to buy a cheap laptop and use it only for Confidant Mail. Use a flash drive to load the software, and encrypt the laptop's hard drive. Do not access the web from that machine or install any software except Confidant Mail and disk encryption software. Turn off automatic updates, turn off the built-in network services, and work behind a firewall. If you think some powerful organization is out to get you, this is a good idea.

  The second most paranoid approach is to use virtual machines with VirtualBox or similar software. Create two of them, one for web access, and one for Confidant Mail. Do not access the web from the machine itself. This provides quite a bit of protection, but a custom-made attack against a high-value target could probably break out of the virtual machine.

• Vulnerability: physical access to your machine
  Your computer is probably more secure than your front door. Most locks can be bumped, and someone who can get physical access can clone your hard drive without leaving evidence behind. You should encrypt your hard drive. For Windows you can use VeraCrypt. Most Linux versions have built-in support for dm-crypt or similar kernel-based full disk encryption.

  If the computer is encrypted, the intruder can plant either hardware or bootloader software that will save or transmit the passphrase the next time you start the machine. If the passphrase is saved, the intruder has to come back to get it. A more sophisticated hack would transmit the passphrase, allowing the attacker to decrypt the disk image he made.

  You will have to figure out your own custom means of detecting physical intrusion, and they are likely not foolproof. If you find that your encrypted computer has been tampered with, booting it up is the worst thing you can do. A better approach is to use a USB hard drive caddy, and a virtual machine with no network, to restore your data from the old hard drive onto a new machine. However, this requires some technical skill and a lot of time.

  You should therefore keep a regular backup on an encrypted external hard drive or flash drive. In an emergency, go buy a new computer and restore your data onto it.

• Vulnerability: Confidant Mail buffer overflow exploit
  Confidant Mail is written in interpreted Python, but most of its external libraries are written in compiled languages. Someone could possibly send a crafted message to exploit a buffer overflow in some of Confidant Mail's library functions.

  Messages are received in wx.RichTextCtrl XML format, which can have embedded images and complex formatting. There might be an exploitable bug somewhere in the rendering code, so the program has an [Open Txt] button. This displays the text-only content without the formatting and images, making an exploit less likely. If you receive a message from an untrusted user, either delete it or use the text-only option.

  SSL libraries and even GPG might also have exploitable bugs. There is not much I can do about those. The client does not accept incoming connections, but someone might intercept an outgoing connection and send an evil payload back to you.

• Vulnerability: hacked versions of Confidant Mail
  Be careful where you get your copy of Confidant Mail, GPG, and other components from. The official Windows build was compiled from the same source code in its src directory, but you have no way to verify this. Downloading the source code and checking the signature is the paranoid alternative.

  Confidant Mail has an update notification system, but does not automatically update itself. The notification system is not cryptographically secure, and could be spoofed by anyone who controls your DNS. If a URL appears in the update notification line, do not go to that page. Check the official site for a new version.

• Vulnerability: attachments
  File attachments are dangerous. Confidant Mail will not open attachments. You have to save the attachment and then open it with another program. If that external program has a vulnerability, your PC can be compromised. Most programs have vulnerabilities. Only open attachments from people you know and trust.

  Someone who wants to target you might start by hacking one of your less paranoid associates. If the attacker gets your friend's key, the attacker can send you a message that looks like it came from your friend, and trick you into running something nasty.

• Vulnerability: hotels and hotel Wi-Fi
  Hotels are a major security problem. The staff has access to everything, including the safe in the room. There's no good place to securely store anything. The maids leave the doors open while they are working, and someone with the right attitude can often just walk in. Plenty of traveling executives have had their laptops stolen, cloned, or implanted with malware. I don't know how to physically secure a laptop in a hotel.

  Hotel Wi-Fi is just as bad as hotel physical security. Many of these systems put multiple users on the same network, so anyone else in the hotel can see your computer and attack any ports you might have open. Some are vulnerable to ARP, DNS, or DHCP spoofing, all of which permit a man-in-the-middle attack on your web access to implant malware. Failing that, the attacker could unplug the hotel's access point and put up his own in its place. Using a cellular data card is usually safer, although those can be attacked with a "Stingray" device.

  Coffee shop and other public Wi-Fi is just as insecure as hotel Wi-Fi. Hotels are easier to target because you stay in one place for days. If you regularly work in the same coffee shop, you can be targeted there.

• Vulnerability: key compromise and forward secrecy
  If you use GPG with default settings, all your messages are encrypted directly with your public key. If your private key is ever compromised, everything ever sent to you using that key is exposed. It is desirable to limit this exposure.

  GPG has a subkey feature, in which your master key can have separate encryption and signing subkeys. Senders will use the encryption subkey instead of your master key. You can change the encryption subkey periodically, and destroy the old ones, while your public key ID remains the same.

  As of version 0.26, subkey rotation is automated. Click Actions/Rotate Encryption Subkey to trigger it. The detailed explanation of the forward secrecy feature is here.