Silent Circle and Lavabit launch “DarkMail Alliance” to thwart e-mail spying

CB474: I want to be careful about how I say this because I have generally agreed without almost all of your positions over the years. I admit I am an idealist. I came up in the era when PGP's author was under criminal prosecution. I am sitting here contemplating weather or not I want to say this. I will do it like this. I have worked in government before. I still possess clearances. I am writing you right now because for all intent and purposes my conversation with Counter-mail is done. I have had to maintain exact control over my private keys. In my life experience I have witnessed the complete destruction of individuals who have not kept tight riggerous control their private key ring. It honestly frightens me to see someone who doesn't have physical possession of his/her secring at all times. Counter-mail sets very wrong with my experience. I would like to add more to this but am unable. I hope you understand.

 

I appreciate what you're saying. But I think most people are not in the position that you describe. For the average Gmail, Yahoo, Hotmail user, Countermail's webmail system is a huge step up. The average person out there's biggest risk is probably being subject to some sort of identity theft and the potential loss of money and pain ~ Snipped as per TOS ~ associated with that. I think for that user, their Countermail webmail account is a lot less likely to get hacked, than Gmail, etc. Assuming of course that they have a decent password.

And the insecurity of their operating system and web surfing behavior is probably just as big of a risk, as the risk of their email being hacked for identity theft. In fact, they're probably a lot more likely to fall prey to some sort of social engineering attack, which would potentially compromise their email even if they're using PGP in all the ways you recommend. The nominal trust and risk involved in the way Countermail deploys the private key in their webmail system is the least of the problems for this sort of mainstream user.

So, as I've been saying, I think most of Countermail's user base is different from the sort of person you describe. And that kind of person really shouldn't be using email at all. Email is not a good communication system for information that could destroy someone's life. I also imagine the sort of person in that type of position is sophisticated enough to figure out PGP on their own (or if they are not, it's their own fault, not that of something like Lavabit or Countermail's webmail system). I don't think Countermail claims anywhere that their webmail system is suitable for spys and people risking their lives. For the most part, they seem to just be trying to offer people some privacy from dragnet style mass surveillance. Wanting this kind of privacy doesn't mean the information you're protecting is necessarily the kind of thing that will destroy your life. And for users who need more than that, they do have solutions.

Anyway, I agree that we have all stated our positions and it's probably best to leave it at that.

 

Yeah, to each their own I guess. I too, like to keep the privkey in a TC container, but don't really have a problem with a provider offering options for the average user to get more secure email than just SMTP 25 and POP 110 to Hotmail CM offers the option to totally remove them from the equation if you are an advanced user - I don't see the problem, personally.

 

Silent Circle - Solid Security?

https://silentcircle.com/

We came across the above company that provides secure mobile phone and text functionality.

Seems like nothing more than a VPN service for mobile devices. Correct?

If so, then they suffer from the same risks of exposure that any VPN provider would have.
http://torrentfreak.com/how-nsa-proof-are-vpn-providers-131023/

Your comments or insights would be appreciated.

 

Chatsecure, Textsecure, or Redphone

Someone mentioned these and IIRC aren't these backdoored or their encryption standards are a complete joke? I thought this was addressed around these forums and other sites before? Or should i just start a separate thread?

Also hasn't it been said on this forum that there is a great suspicion that PGP is broken and too weak? I could have sworn when i was reading frequently on this forum that it was being discussed.

 

Nothing in your post seems to be true, based on all the research I have done on privacy. The Guardian Project and Moxie Marlinspike are trusted, and even if you don't, the source code for all of the products you mention, is available.

Same for OpenPGP (GnuPG). Short of a cipher break, or the ability to factor LARGE prime numbers (Quantum), open source PGP is also considered safe.

I don't recall anyone here on Wilders, linking to any verifiable info of a complete break of the above mentioned products. Occasionally some flaws are found in protocols, processes etc... but they are quickly patched (ZRTP bug or side channel "noise" bug in GPG 1.x, etc... - both fixed).

 

i guess i'll take your word for it but i thought i remember people here discussing it ebing broken after the whole NSA thing. I'll have to dig around some more than later on. I phone a lot of that stuff to be a little sketchy.

 

Judges Poised to Hand U.S. Spies the Keys to the Internet.

-- Tom

 

It’s clear that the judges weren’t much interested in the full implications of Lavabit’s crypto key breach, which one of the judges termed “a red herring.”


what does that exactly mean

 

red herring.

-- Tom

 

still dont get what they are getting at. :/