A recent article on Forbes.com talks about a false sense of security users may have when using Safe-Mail.net
If you are a user of Silk Road, you have likely seen many users advocating the use of a service called Safe-Mail.net. This company describes itself as “the most secure, easy to use communication system”, and many Silk Road users have adopted it. But there are some things you should be aware of.
Known users of the Safe-mail web service include operators, vendors and customers of the dark web’s many drug market sites, journalists writing about the investigation into Silk Road, and BTCKing, the vendor who ran an underground anonymous Bitcoin exchange and allegedly worked with BitInstant CEO Charlie Shrem to sell more than $1 million worth of Bitcoins to users of Silk Road.
When I reached out to Safe-mail for comment, Amiram Ofir, Safe-mail’s President and CEO, responded in an email that the company and its employees “certainly are not aware of any criminal activity,” adding that the company does “follow court orders that are issued in Israel by an Israeli court. Any other law enforcement agency should contact the Israeli authorities.” It’s worth noting, however, that Israel signed a Mutual Legal Assistance Treaty (MLAT) with the U.S. in 1998. An MLAT request was used to image the Silk Road web server, according to the criminal complaint of Sept. 27, 2013.
Ofir told me that communications between users and the web service are SSL protected, and that information stored on the server is encrypted with user-specific keys. When asked if Safe-mail has received court orders issued by an Israeli court on behalf of a non-Israeli law enforcement agency, such as the FBI, Ofir replied with a short “Yes.” My followup email, asking if Safe-mail has the ability to decrypt information without a user’s key, went unanswered.
So, the first time to note is that the FBI is already aware of Safe-Mail.net and is already receiving court orders from non-Israeli law enforcement agencies. And they are likely giving them everything they need in order to read the emails. Therefore, you should remember that no email service should be trusted. No email service is going to go to jail for you. And if you are sending anything sensitive over email using plain text, it will likely be read eventually by somebody other than the intended recipients. This is why things such as strong PGP encryption are essential to any type of sensitive communication.
With this, it should be noted that Safe-Mail is no safer than Gmail when it comes to protecting your privacy with its centralized email service. Never trust any company with your privacy, always encrypt.