back to article Silent Circle shutters email service

Silent Circle, the company founded by former PGP wonks and Navy Seals and which offers very, very, secure communications, has decided to shutter its Silent Mail email service. The decision, announced in a blog post, comes on the same day that Lavabit, another secure email service, decided to close because it cannot guarantee …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Unhappy

    Blimey.

    1. Spearchucker Jones
      Flame

      Indeed. Two things really worry me -

      Obama is willing to deny Americans their bread and butter in favour of surveillance.

      Other than here and the Guardian, this story doesn't seem to appear in the UK press.

      There's an up side though. It's offering a huge opportunity to services hosted in countries not subject to such surveillance or, at the very least, offer a little more transparency.

      This is turning into an arms race. Client-side encryption (where private keys are generated and retained on the client device), together with distributed server-side storage (data replication across state boundaries) is where this is going next. If the Internet itself is put at risk (probably the next step for oppressive governments), then smaller, decentralised networks will spring up in its place.

      Shameful.

      1. Anonymous Coward
        Anonymous Coward

        A couple of things.

        1 - "It's offering a huge opportunity to services hosted in countries not subject to such surveillance or, at the very least, offer a little more transparency." Going live in October, currently running tests and investment discussion - and this is legally clean (we started with the law, rather than trying to pretend it doesn't exist). Interesting fact: the knowledge you need to do this right is ENTIRELY OMITTED from the privacy certifications supplied by the IAPP. I hope that gaping hole has nothing to do with the fact that the IAPP is US based?

        2 - I said from the moment Silent Circle went into beta that they were ignoring the risk US law was creating, and sure enough - see what got them in the end. It was not credible. What annoys me is that they took so long to see this, whereas it was pretty clear from the start that with the current legal platform, the US is simply not a place you want to be if you have any secrets like IP or information that creates a competition with whatever the US decides to be in competition with national interest (a nice vague definition that can be changed at will).

        3 - "There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure". BS. All you need to do it frame it in SSL and then address the residual risk - the more pressing problems lie elsewhere. But that's trying to bring the focus back on what is NOT the problem - without doing it right legally you're wasting your time.

        The interesting thing is the fallout: what happens to the people who invested in either?

        1. Anonymous Coward
          Anonymous Coward

          "we started with the law, rather than trying to pretend it doesn't exist"

          OK, but:

          1) What happens if the relevant law changes, either by democratic vote or by change of management (aka coup)?

          2) What happens if The Powers That Be simply ignore inconvenient laws?

        2. Alan Brown Silver badge

          Unless you use seriously long SSL keys your data is probably being decryted in near realtime.

      2. Anonymous Coward
        Anonymous Coward

        Hushmail.com still seems to be up...

        1. CommanderGalaxian
          Black Helicopters

          Hushmail - ssshhh they could be listening....

          "However, developments in November 2007 led to doubts among security-conscious users about Hushmail's security and concern over a backdoor. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States."

          http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

          https://en.wikipedia.org/wiki/Hushmail

      3. Diziet Sma
        Big Brother

        It's on the bbc.

        It's currently on the front page of the BBC.

        1. mike2R

          Re: It's on the bbc.

          Front page of the Telegraph to - near the bottom, but it appears to be the top Technology story. Google News finds several other mainstream UK sites carrying it, along with tech sites. While that doesn't say how prominent it is, I really don't see any reason to think its being deliberately buried in the UK press.

    2. The Man Who Fell To Earth Silver badge
      Mushroom

      A New Email RFC is Needed

      A fundamentally new RFC for email is needed that combines intrinsically encrypted message subject & body, and separately implements a bind (or double blind) encrypted and/or secure route addressing scheme.

  2. Anonymous Coward
    Anonymous Coward

    "Email as we know it with SMTP, POP3, and IMAP cannot be secure.”"

    All can be secure as SSL can be used; even SMTP. Where the capture on the wire can occur is when the message is sent from one server to another using SMTP; that is not encrypted. Client to server can be encrypted, so could server to server, no one does it though.

    1. as2003

      I think they are more concerned about the endpoints than the transport.

      1. xyz Silver badge

        by endpoints do you mean their arses?

    2. Pete Spicer

      Except that there are documented vulnerabilities even in SSL (e.g. CRIME, and much more recently, BREACH) and of course there are all kinds of things like MITM attacks to be concerned with - SSL is not a magic bullet to these things. It's one aspect of it, but far from the only aspect.

    3. ilmari

      With SSL you're at the mercy of the certificate authorities, who are slaves to their governments and to money. The only app that doublechecks stuff is the Chrome browser, which has hardcoded the expected certificate chain for google services.Not that that helps, as google is subject to government spying anyways.

      As for everything else, a compromised, rogue or court controlled certificate authority can issue certs that appear (and technically are) entirely legit, but enable man in the middle eavesdropping. If the data at any point flows through a node on the internet located in a hostile country (hostile towards free speech and privacy that is), it will be compromised. Considering the majority of traffic on the internet at some point goes through the US, UK and EU, basically everything you send can be intercepted.

      The big problem with encryption is in the key exchange.

      PGP where you physically exchange keys with eachother is a little bit better, but you can't trust the software and operating system, and you can't trust the hardware, they've all been exposed to hostile governments at some point in the supply chain.

      For all the bad rap China gets for it's great firewall and censorship, they're starting to look benigner and refreshingly honest, because atleast they let people know there indeed exist such policies.

      1. Anonymous Dutch Coward

        @ ilmari: there is no security

        Looks likes your post boils down to "there is no absolute security", which is of course correct. However, IIRC, Silent Circle is apparently happy to provide "secure" VOIP communication while email comms are supposedly not secure enough.

        I have some trouble believing e.g. PGP enabled email cannot be made as secure as PGP (or SRTP or whatever it's called) enabled VOIP.

        1. Spearchucker Jones

          Re: @ ilmari: there is no security

          Email cannot be secured.

          Mostly because the ciphertext must be stored on Silent Circle's (or any email provider) servers. When someone sends a plaintext email to someone's Silent Circle address, they (Silent Circle) encrypt the email on their servers. Mail amongst Silent Circle users is encrypted from the get-go. Either way, Silent Cirlce's servers retain ciphertext. And that's the weakness.

          They can be forced by law (regardless of whether that law is "good" or "bad") to change their systems to retain copies of the private keys that decrypt the symmetric keys that decrypt the email.

          VOIP and SMS *can* be secured, because it's peer-to-peer, and the chiphertext never goes through Silent Circle's servers, so isn't retained. It it's not stored, it cannot be decrypted.

          1. Anonymous Coward
            Anonymous Coward

            Re: @ ilmari: there is no security

            Email cannot be secured.

            That will be news to many organisations who get this right. My first question is: define "secured". From what, against who? The second question is why an organisation thinks it cannot be forced to place tapping capability in its code. If US laws allow the demand of intercept capability under threat of whatever sanctions, this also implies it can demand code upgrades to create a data tap, or shut the service down.

            This creates an interesting issue: the inability of an operator to comply with a lawful order may cause it to be shut down instead. If YOU control the code that clients use, YOU are the one that can be served with a demand for lawful intercept. If criminal use is suspected, "we have engineered it so that you can't, na na na na" is not a get-out-of-jail card, it will simply result in the service being shut down.

            Lawful intercept is there for a reason. If you disagree with how easy it is for lawmakers to abuse it, either change the law or move jurisdiction. Don't try to BS your way out with technology.

      2. Anonymous Coward
        Anonymous Coward

        "With SSL you're at the mercy of the certificate authorities, who are slaves to their governments and to money."

        Well, you don't need to use a CA, you can easily setup your own PKI infrastructure. Various email providers could easily create their own shared PKI infrastructure to secure data in transport. This is all a CA is basically doing, it is just their root and intermediate certs are preinstalled in OS/browsers/applications. You could even go further and have it so the public portion of a cert is not actually shared; much like how SSH can work.

    4. This post has been deleted by its author

    5. cybersaur

      The NSA eats SSL for breakfast.

    6. Vic

      > so could server to server, no one does it though.

      Yes we do.

      *Default* sendmail installations currently use TLS for OE; it's hardly rocket science to set up a required route (to ignore DNS hijacking) and pre-share a key...

      Vic.

  3. snowweb
    WTF?

    Why don't they just go abroad?

    I don't understand why they don't just register the company in a more ethical country and set up the hosting there too. That way, they are immune from the demands of the NSA and such.

    1. Allan George Dyer Silver badge
      Big Brother

      Re: Why don't they just go abroad?

      Because hosting in two countries doesn't make them immune to demands from one, it makes them subject to both. Of course, they could move the whole operation, including staff... but that is quite complicated.

      Also, "ethical country" should replace "business ethics" on the standard list of oxymoron examples.

      1. snowweb

        Re: Why don't they just go abroad?

        That's a very defeatist attitude I thing @Allan.

        I didn't suggest hosting in two countries.

        What's wrong with hiring local staff in the country where they register their business and even using a local cloud provider or dedicated servers in an existing data-centre in said country?

        Nothing is impossible. Limitations exist only in your mind.

        1. Charles 9 Silver badge
          Devil

          Re: Why don't they just go abroad?

          "Nothing is impossible."

          Actually, Alan Turing proved some things ARE impossible, such as creating a program that can learn if another program can halt. His research into the Halting Problem demonstrated a paradox if you tried. Several other "no solution" proofs (most by contradiction) have emerged as well.

          The problem here is that all roads lead to Hell essentially. Not only that, you're in Hell and so are most of your clients. How do you avoid Hell in such a situation?

        2. Allan George Dyer Silver badge
          Black Helicopters

          Re: Why don't they just go abroad?

          Well, you did say, "set up the hosting there too", so I think you did suggest hosting in two countries.

          Anyway, if the plan is to stay where you are and offshore the hosting, it doesn't stop the Gov turning up and demanding the data. Sure, you haven't got the data, but that doesn't prevent you spending lots of time in court and lots of money on lawyers, just the same as saying "it's all encrypted, and I don't have the keys".

          Charles 9 is right, Turing was a genius. You can tell the guys in the helicopter your "Nothing is impossible".

      2. Anonymous Coward
        Anonymous Coward

        Re: Why don't they just go abroad?

        Because hosting in two countries doesn't make them immune to demands from one, it makes them subject to both. Of course, they could move the whole operation, including staff... but that is quite complicated.

        Entirely depends on how you structure it. There are a couple of variables you need to control, but it can be done in such a way that you can actually use the differences in law between countries to your advantage. I design global privacy protection strategies for multinationals for a living, and there is only one absolute: do NOT have your HQ in the US. Other than that, divide and rule :)

    2. JaitcH
      WTF?

      Re: Why don't they just go abroad?

      Silent Circle's servers are in Canada. Only their front office is in Washington.

      Zimmerman has the creds for fighting the US government, he did it for three years and won so I suspect there are more, serious, details we have not been made privvy too.

      You can still use their encrypted document transmission service with a 60 Mbyte limit. This should handle most email sized transmittals.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why don't they just go abroad?

        Silent Circle's servers are in Canada. Only their front office is in Washington.

        And there is exactly your problem. Their HQ, and thus decision power lies in the US, which exposes the entire club to US law. It is entirely irrelevant where your data resides if your HQ can be ordered to submit the data or insert a backdoor. The one and only way you can prevent US officialdom interfering is by leaving the US. Full stop. There are no options. Their enthusiasm to abuse overreaching laws that were sold to the population as "temporary" "emergency" measures whose use keep getting extended is out of control, and even if this abuse is reigned in it will take at least a decade to root out all the holdouts clinging to "their" powers.

        You should not have a HQ, or data in the US or another location under its influence (the latter is a bit more subtle, which is why we tend to spend a few weeks digging out details about suppliers too). If you leave even a single US affected tentacle in your organisation uncontrolled it WILL be used if your company has something of interest to the US, or is getting in the way of something the US wants. If you fix the legal influences you can then at least only concentrate on the traditional illegal ones such as hacking, staff coercion and blackmail.

        Paranoid? Sure. Unfortunately, also proven right, multiple times over :(.

  4. Christian Berger

    Never trust in centralized services

    Those are always a single point of attack. When your system is decentralized it's much harder to shut down, censor or eavesdrop on.

    1. Charles 9 Silver badge

      Re: Never trust in centralized services

      But then you run into efficiency problems which means its effective communications rate is limited. Furthermore, there's still the matter of attacking the system itself (IOW, switch from attacking the endpoints to attacking the infrastructure). That's how Japanese authorities fight some of the darknets that appear over there.

  5. Gene

    The unspoken assumption here is that...

    ...the Internet is an appropriate venue for secure communications. Once you realize that has never been and will never be the case, the problem disappears.

    1. Anonymous Coward
      Anonymous Coward

      Re: The unspoken assumption here is that...

      agreed, the internet is a snake pit, filled with pictures of kittens.

      1. MrT

        Good job too...

        ...because if it were a snake pit full of actual kittens instead of just pictures... ;-)

      2. Anonymous Coward
        Coffee/keyboard

        Re: The unspoken assumption here is that...

        And some guy with dirty fingernails.

        1. Ilsa Loving
          Trollface

          Re: The unspoken assumption here is that...

          And some guy stretching his rear orifice unimaginably wide....

  6. BongoJoe
    Black Helicopters

    Ironic

    that the advert to the right here ---->

    is for employment at GCHQ

  7. taemyks

    A Tragedy Unfolding

    Now we knew who had our back for real. At this point who can you turn to and honestly think their private keys weren't handed over?

  8. HereWeGoAgain

    This is a wake up call

    America is the bogeyman. We aer not being spied upon by North Korea/Iran/Some other place. We are being spied upon by the regime in Washington.

  9. Anonymous Coward
    Anonymous Coward

    No Secure Communications

    With services like this & Tor compromised I think it proves that the only way to avoid government surveillance is to avoid using the internet, which for most people isn't practicable. Surveillance will only increase with the introduction of the "internet of things" & smart meters. However, it seems the mainstream British media have been largely silent on the issue. Maybe there is some hope of an internet free of spying as New Scientist recently carried an article on the development of meshnets worldwide (a slow but steadily progressing process). They are encrypted by default.

    1. Anonymous Coward
      Anonymous Coward

      Re: No Secure Communications

      Further to this it does seem daft people are rebuilding the internet from scratch.

      1. Anonymous Coward
        Anonymous Coward

        Re: No Secure Communications

        Not entirely daft.

        If you have two layers of Internet, one that's the 'regular' internet we all know and are beginning to fear and one that's a distributed mesh-network- especially one with some TOR-like functionality so it bounces to a random internet1 entrypoint from your distributed net- you can obfuscate the endpoints. With obfuscated endpoints and encrypted data transmission systems, the only weak points are with the remote servers (assuming you trust your own).

        The same packet could also be routed through a second, unrelated and unknown, distributed net. You'd be trading latency for security- but in most cases latency isn't an issue. Gaming and the Markets wouldn't worry too much about government surveillance- in one case it's a game and in the other case the information is freely published a few minutes later.

        So you don't actually need to rebuild an entire infrastructure; you can hijack the Internet for a few bits of it and you're pretty secure (unknown start and endpoints and encrypted data). The problem is getting people onto a distributed network in the first place.

        1. Old Handle

          @ Not entirely daft.

          The important thing, I think, is to make it just hard enough to spy on that it can't be done in a blanket fashion with reasonable effort. Lavabit hoped that could do that, but it didn't work out because of the single point of failure. A p2p system has a better chance of succeeding at that goal I think.

    2. andreas koch
      Devil

      @ AC 0801hGMT - Re: No Secure Communications

      Encrypted meshes or not, all your encryption will be useless when the enforcers come around to you to grab all your computer hardware for assessment. Not using an open, unencrypted channel of communication is practically admitting that you have got something to hide. So you must be either a pervert (CP*, IWF, mumsnet), animal abuser (RSPCA) or terrorist (GCHQ/JIC).

      Be afraid.

      * Not Child Porn, Claire Perry.

      1. Anonymous Coward
        Anonymous Coward

        Re: @ AC 0801hGMT - No Secure Communications

        or hide your secrets out in the open.

        like Jimmy Saville.

        :/

  10. Matt Hamilton

    Crypho

    Wonder how this affects the likes of Crypho.com. They do end-to-end client-side crypto in their chat/file transfer system. Hosted in Norway, so at least a bit further away from the clutches of the govt of the 'land of the free'.

  11. Anonymous Coward
    Anonymous Coward

    "Other than here and the Guardian, this story doesn't seem to appear in the UK press."

    There's a UK government D Notice ("defence advisory") on the whole subject [1, 2] since 7 June.

    The Guardian have little to lose. They're already in financial trouble and have long since lost many (most?) of their worthwhile journalists. More recently they have been trying and allegedly succeeding in attracting a less UK-focused readership on the web (though quite how that helps them financially in the medium term remains to be seen). Maybe a D notice in this context isn't their main concern.

    [1] http://www.pressgazette.co.uk/content/guardian-g8-spying-revelations-were-breach-da-notice-guidance-doesnt-explain-lack-follow

    [2] http://order-order.com/2013/06/08/d-notice-june-7-2013/

  12. ElReg!comments!Pierre

    PGP-encrypted usenet posts (or similar)

    (one of )the big problem with email is that it is necessarily from an identifiable account to another, so there must be someone somewhere who knows who is who. If you adopt the opposite strategy, which is to make the message available to world+dog, but select who will be able to decrypt it, then you're good. As good as your encryption cypher is, at least.

    To avoid censorship put it up on a distributed system (usenet for example, or some P2P "network") and give the key physically, a unique key for each and every person you want to send important stuff to (shouldn't be too many of them). Plus one that you give to everyone for when you want to make a wider announcement, perhaps.

    Unless I'm missing something?

    1. P. Lee
      Black Helicopters

      Re: PGP-encrypted usenet posts (or similar)

      You can use asymmetric encryption. It doesn't validate your identity (without a cert chain) but it does mean you can talk to people without needing a pre-shared key. Cert chains for individuals aren't that useful anyway.

      Obviously, if you do let your private key out, everyone can read everything - its a good idea to change it fairly frequently. You could sign your new public keys with the old one and post them all so people can validate the new keys come from the same source as the old ones.

    2. Steve the Cynic
      Boffin

      Re: PGP-encrypted usenet posts (or similar)

      "a unique key for each and every person you want to send important stuff to"

      "Unless I'm missing something?"

      You are indeed missing something.

      PGP-like crypto will do what you want, but you distribute ONE key, your public key, to everyone, and they give you copies of their public keys. You use PGP to encrypt your message with the intended recipient's (or recipients') public key(s), and only that recipient / those recipients can decrypt it. You can also sign the message with your private key, and they can use their copies of your public key to know it's from you.

      You then post the message on a suitable newsgroup (alt.anonymous.messages is a traditional candidate, assuming it still exists), preferably with a tag that will enable others to find it. To disconnect it from you a bit, post it via a chain of anonymous remailers.

      All you need then is a way to hoover up the contents of alt.anonymous.messages (or similar) and find your messages. For traffic analysis purposes, of course, you hoover up everything so that nobody can tell which are your messages by looking at which messages you pick out.

      Summary: none of this stuff is new. I last used this type of stuff around 12 years ago.

      1. ElReg!comments!Pierre

        Re: PGP-encrypted usenet posts (or similar)

        Well, I was under the impression that using a different PGP "ID" (different key pairs) for different recipients would make it harder to crack for someone with a lot of resources (someone who could, say, compromise some or all of the recipient's systems and has a lot of computing power to spare) but I am not an expert in this so it could be that I'm wrong and using only one pair of keys is hard enough.

        1. Steve the Cynic
          Big Brother

          Re: PGP-encrypted usenet posts (or similar)

          "would make it harder to crack for someone with a lot of resources ..."

          Well, it would, but the best resource for getting through the protections around private keys is a couple of feet of rubber hose. Or see http://xkcd.com/538/ for an alternative implement.

          So yes, you need to protect your private keys in order to protect the people who send you messages, but that was obvious and doesn't need multiple keys. (Arguably it makes accessing *some* of your content easier, as they have more keys available to attack.)

          The time needed to brute force PGP keys is prohibitive. They are based on computationally expensive operations involving very large prime numbers, and the normal estimates are multi-digit numbers multiplied by the age of the universe. The more interesting part is that **ALL** the information needed to reverse-engineer the private key is in the public key, but that information is of almost no value whatsoever, except insofar as having the public key allows an alphabet-soup agency to easily identify the guest of honour at the rubber hose party.

          A more feasible target for attacks is the password / passphrase that protects the private key. The most effective computational(*) attack on this is the normal rainbow table attack.

          (*) The rubber hose or $5 wrench are not computational attacks, but are probably more effective than any computational attack, except if you need to keep the owner of the key unaware of the attack.

          1. ElReg!comments!Pierre

            Re: rubber hose

            I guess in that case the whole point of private communications is to _prevent_ the rubber hose / waterboarding cryptographic attack...

            Other than that I guess you're right, a single key pair is probably enough, unless you want to go for the "plausible deniability". Which won't help once in Gitmo. Which is one of the place That Snowden will never be sent to, honest, after all he's but a lowly, unimportant 29 yo hacker with no important information at all, no siree. Honest. Unless you want to voluntarily hand him to us. Lovely country you have here, would be a shame if something happened to it, wouldn't it? But hey, no pressure, it's up to you really.

          2. Charles 9 Silver badge

            Re: PGP-encrypted usenet posts (or similar)

            "The time needed to brute force PGP keys is prohibitive"

            Using a normal computer, yes, but a quantum computer can factor in reasonable time with Shor's algorithm. And since a powerful quantum computer would be a game breaker, the government could already have a sufficiently powerful machine available under a black (as in existence denied) project.

            Elliptical encryption can be converted to a factoring problem, meaning it's subject to Shor's algorithm, too. The trend these days is lattice encryption; it's one form of math that can't be converted to a form Shor's algorithm can handle.

    3. Anonymous Coward
      Anonymous Coward

      Re: PGP-encrypted usenet posts (or similar)

      one of )the big problem with email is that it is necessarily from an identifiable account to another, so there must be someone somewhere who knows who is who. If you adopt the opposite strategy, which is to make the message available to world+dog, but select who will be able to decrypt it, then you're good. As good as your encryption cypher is, at least.

      You have touched upon the one massive problem with secure email (PGP et al): it is only SECURE, it is not private. If you recall what the NSA hubbub was about, it wasn't about the calls themselves but about the meta data: who called who. If you're a journalist who sees a celeb emailing an STD clinic you can encrypt that as much as you like - the link is made.

      If Alice sends Bob a PGP encrypted email it is still visible that there Alice and Bob communicate.

      There is a secondary issue I see show up in these postings: the black-and-white view. Protecting email is risk management. The statement "secure" is meaningless if not followed by what it must be secured from. The wife reading it? Competition intercepting it? Law enforcement? The latter is ill advised - you cannot stop law enforcement if duly authorised. The trick here is to move to a jurisdiction where law enforcement still has to follow some basic rules. Sometimes, all it takes to close the backdoor is to move your email service to a different country.

      Guard for techno-overkill, because it will eat your budget for no sensible return on investment.

  13. gvnmtscks

    geeez

    That's why people create these kind of projects: http://www.kickstarter.com/projects/331579200/heerme

    They'll probably shut them down before they even start..

  14. Novex

    I am of the belief that, as mentioned in a previous post, it's better to let a message be available to world+dog and encrypt it, than try to hide the whole line of communication.

    My rule is: always encrypt at the client using a public key published by and for your recipient, then send to recipient.

    All that's needed to enable this to work more transparently on the existing email system is for there to be a replicated worldwide set of servers that hold public keys for given email addresses, and an email client 'add-on' that can look up the key and encrypt an email using it before sending the email.

    The user of any given public key can update to the public key servers for the email-key pair as and when they need to.

    Please somebody tell me this somewhat simple system already exists?

    1. This post has been deleted by its author

    2. ElReg!comments!Pierre

      Re: try to hide the whole line of communication

      > I am of the belief that, as mentioned in a previous post, it's better to let a message be available to world+dog and encrypt it, than try to hide the whole line of communication.

      I do too as you noticed.

      However your solution (which does exist, Claws Mail with the GPG add-on does exactly that) still entails an identifiable sender and an identifiable recipient, as well as a timestamp; which is a LOT of information, when recouped on a large scale. "aimless" posts in a public place (possibly through a proxy chain) is probably safer in the case of really important stuff.

  15. A J Stiles

    OpenPGP / GnuPG integration

    Some Open Source mail clients already include OpenPGP integration. And all major Linux distributions already have their own keyservers for the package maintainers' keys.

    How feasible would it be for some distro to set up a keyserver for public use; and have a tool which generates you a private / public key pair, saves the private key -- preferrably to a device it thinks is removable, such as a USB stick, but in any case with 600 permissions -- publishes the public key to their own server, and inserts a link in your signature block to download your public key, so that recipients of encrypted e-mails at least get a clue what to do with them? (Of course, if they were using the same distro as you, their e-mail client would be patched to spot its own special signature blocks and would offer to fetch the necessary public key for you.)

    In fact, it could even store a much cut-down distro with just the kernel, X, mail client and associated libraries on the USB stick with the private key. Boot this up on any PC with Internet access and send secure e-mails!

    1. ElReg!comments!Pierre

      Re: OpenPGP / GnuPG integration

      Claws Mails works reasonably well to that regard, and certainly easily enough for Joe Public, through integration with the GPA. The combination works on Windows, too...

  16. Anonymous Coward
    Anonymous Coward

    Public information request

    What we could do with, before it becomes illegal to do so, is to have a crib sheet for dummies on how to secure their communications along the lines of what has been described above.

    Given the info above, I could fairly easily work out how to do all that, get the pgp software, set up my keys and gain access to anon remailers etc. to alt.anon, but your average Jo won't.

    Let's face it, when the revolution starts, I don't think it will be high tech, and the leaders of that revolution won't necessarily have the requisite knowledge. If we could provide them with an faq that they could use it may help.

    From little seeds and all that.

    I could (and may) write one myself, but it would be nice if there was already one out there that could be more widely publicised.

  17. Anonymous Coward
    Anonymous Coward

    Perhaps someone could work up a secure communication system that could work like some kind of Bitcoin-like system.

    The idea is that all messages in the system are encrypted, and none of the messages have addressees. Perhaps some kind of separator signal, vague timestamp, or nondescript identifier at most: mostly for the sake of organization. If the message is intended for you, your key will decrypt a certain block of data. To handle multiple recipients, perhaps a pre-message can be encrypted for you giving you a group or one-time key for a future message.

    The key is that the whole message chain is kept in one encrypted blob (that's why I thought Bitcoin: its block chain works similarly).

    I just have a problem with the idea of having to download the whole thing at once to stay current. That's the main reason I swore off Bitcoin—block chain maintenance threatened my download cap. But perhaps a compromise: the ability to selecively download messages but only in very coarse ways, say a day at a time or something like that. Something too broad for snoops but still of manageable size for people with poor bandwidth or low download caps.

    Now that I think about it, sounds like something you could pull off with something like a 4chan page, but with perhaps a *little* more organization, such as not allowing nonencrypted content. Of course, hosting will be an issue, not just for the space but also for the legal issues (I don't think "Everyone uses their own keys; I don't know them" will cut it in a "contributing to terrorism" case).

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021