back to article Ex-NSA guru builds $4m encrypted email biz - but its nemesis right now is control-C, control-V

A security startup founded by a former NSA bod has launched an encrypted email and privacy service, aimed initially at ordinary folks. The ongoing revelations of PRISM and other US-led internet dragnets, fueled by leaks from whistleblower Edward Snowden, may render the premise of upstart Virtru laughable. However, that would …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Once the message it is decrypted it is decrypted and there is no way to put that Genie back in the bottle. Whatever they do in their SW the receipient can screen grab or even take a photo and save the image.

    1. Anonymous Coward
      Anonymous Coward

      Indeed, and I'm wondering why there is such concern about the client copying or passing on the plain text of the e-mail.

      Surely the main point of secure mail is to get the communication from sender to receiver without exposing it in transit? As long as that's achieved I wouldn't worry about what the recipient then does.

      1. NumptyScrub

        quote: "Indeed, and I'm wondering why there is such concern about the client copying or passing on the plain text of the e-mail."

        It's an attempt to make Snapchat for email. I think Snapchat shows you just how secure that is in practise ^^;

      2. Anonymous Dutch Coward
        Big Brother

        Diverting attention

        Quote: "Indeed, and I'm wondering why there is such concern about the client copying or passing on the plain text of the e-mail."

        ... because that nicely diverts the attention from the fact they're a US based outfit subject to US law, including provisions on handing over encryption keys without notifying the customer etc, regardless of the cheery promises they make in their PR materials.

        1. Anonymous Coward
          Anonymous Coward

          Re: Diverting attention

          Thank you (or "dakjewel" in your case :) ).

          What's more, here is an outfit who alleges it has the privacy of its clients at heart, but:

          - receives email at Google (yes, really, check their MX records)

          - has their DNS hosted in the US, so hello MITM attack on the data streams

          Nice try, though. Enough technobabble for the masses always sells. Even if it's a fake..

        2. Anonymous Coward
          Anonymous Coward

          Re: Diverting attention

          @Anonymous Dutch Coward

          Indeed, not only does it divert attention in the way you highlight, but honestly, is anyone intelligent REALLY going to trust an "Ex-NSA guru" with their security?

  2. Anonymous Coward
    Anonymous Coward

    Ahem

    Could we say that this is a problem for control freaks?

    Ok time to go....

    1. Anonymous Coward
      Anonymous Coward

      Re: Ahem

      Actually, no, it's IMHO solving the wrong problem. But I have a biased opinion.

      What I see happening is that people go from an "I leave the house open because the police is supposed to protect me" attitude to email to "I'll build Fort Knox level security which will get more in my way than get my comfort level back up" changes, and that's bound to provide income for a lot of charlatans.

      Good: getting independent verification

      Bad: entirely US based setup (ditto for blackphone according to the geo location of some of their online resources)

      Worst: receiving corporate email (i.e. email from interested parties) in Gmail. To me, that indicates they're more interested in creating Yet Another Tech Solution instead of protecting clients.

      In order to protect information, you first have to define what you protect it from - what is this supposed to do? And am I to trust ex NSA people who are working against that club, yet wander around the planet seemingly unharassed?

      Not interested. Next.

      1. Anonymous Coward
        Anonymous Coward

        Re: Ahem @AC 14:57

        "Actually, no, it's IMHO solving the wrong problem. ..."

        WHOOSH!

  3. This post has been deleted by its author

    1. Sebby

      Quite

      The NSA now has an even easier time of it, while the plebs feel all nice and safe because their email is "Secure".

      And DRM in my email? No, thank you. Bad enough that it's even being put on the web without our wanting to hold our private communications to some unaccountable party hostage with it. If you don't mind, I'll give it a miss.

  4. Duncan Macdonald

    Virtual PC ?

    If you run the "secured email" client in a virtual pc then what ever is displayed may be copied at the host OS level irrespective of ANY security that the client may have.

    1. NumptyScrub

      Re: Virtual PC ?

      quote: "If you run the "secured email" client in a virtual pc then what ever is displayed may be copied at the host OS level irrespective of ANY security that the client may have."

      Deliberately circumventing technical measures implemented to protect content... you may want to double-check just how legal that is in your country ^^;

  5. DropBear

    IMHO if you're relying on someone else to handle encryption / keep keys for you, you're doing it wrong...

    1. sabroni Silver badge

      from the article:

      >> If you don't like the idea of Virtru's cloud holding your keys, you can set about creating your own one if you ask nicely. <<

      The article says this is designed for normal users, as such they probably do want to trust someone else with the keys as the alternative is most likely not having keys.

    2. Gordon 10
      Black Helicopters

      @dropbear

      So you're saying a reasonable level of secured comms should only be available to the techo-elite who have the time, background and understanding to manage it all themselves?

      Bravo Sir /slowhandclap.

      The only valid point you have - and its somewhat oblique to your post - is that the accessability for ordinary users to the current state of encryption controls is piss-poor. If Virtru are taking steps to make it better - even if there are gotcha's that make it unsuitable for the truly paranoid - they deserve all the encouragement they can get.

      Having said that it looks a little like a "me to" product thats only getting funded due to the current Snowdon debate to me. The fact that its US based also counts against it.

      But if they can "do an apple" and make encryption easily accessable to the masses I would probably overlook some of their downsides.

      It seems there are 2 areas of debate we should be having and only 1 is being pursued so far.

      1. Robust End to End encryption including masking of metadata, origination and destination.

      2. An encryption product that "just works" like an Apple product. Preferably without even mentioning the word "key" to the average joe user.

      Infact if I runningin Blackberry, Apple or Google right now I would be beavering away on as many simplified encryption functions as I could get away with.

      Especially BB as they have previous forn in this area and are completely failing to take advantage of it - think a global network of BES nodes all chosen at random at send time, and a peer to peer comms systems that means the decrypt key moves between nodes on a random basis or upon decryption request.

      1. John Sanders

        Re: @dropbear

        """So you're saying a reasonable level of secured comms should only be available to the techo-elite who have the time, background and understanding to manage it all themselves?"""

        Yes, after all the unwashed masses are raving to store their data on Office365 or Dropbox.

        1. Anonymous Coward
          Anonymous Coward

          Re: @dropbear @John Sanders 11:54

          Tee hee! Apparent IT guys calls other people unwashed!

      2. I. Aproveofitspendingonspecificprojects

        Oh dear gordon!

        3<<< Don't let anyone with his credentials anywhere near your email accounts.

        Yes folks [s]Presidunce George the thickest[/s] the idiot that didn't know that he had to keep all his emails for posterity had an advisor from the NSA. And today he's offering you secure email (that can track your contacts through your mail, and their contacts through theirs AND delete your messages from not only their computer but anyone else they send it on to as well.)

        I love it.

        Only on the interweb pipe thingy...

      3. Anonymous Coward
        Anonymous Coward

        Re: @dropbear

        the accessability for ordinary users to the current state of encryption controls is piss-poor.

        Now that I agree 100% with. I'm fed up with having to un-scare clients - provided you take some sane measures, a lot of security does not involve the chanting of full length PGP keys and the ritual slaughtering of some chickens to just safely send an email to family. The amount of BS in this market is truly staggering. My problem is that this outfit is one of them as it's 100% US based, and thus not trustworthy - good intentions are not enough to stand up against an official wanting to legally grab some data, and there is little chance that anyone else will be able to pull off the stunt that Lavabit got away with.

        If Virtru are taking steps to make it better - even if there are gotcha's that make it unsuitable for the truly paranoid - they deserve all the encouragement they can get.

        Mwah - I don't think much of an outfit that installs code on my devices, sorry. They control the software, they can be tasked with creating a backdoor. No thanks.

        Having said that it looks a little like a "me to" product thats only getting funded due to the current Snowdon debate to me. The fact that its US based also counts against it.

        Exactly my opinion!

        But if they can "do an apple" and make encryption easily accessable to the masses I would probably overlook some of their downsides.

        No, but I'll get to that below.

        It seems there are 2 areas of debate we should be having and only 1 is being pursued so far.

        1. Robust End to End encryption including masking of metadata, origination and destination.

        2. An encryption product that "just works" like an Apple product. Preferably without even mentioning the word "key" to the average joe user.

        Yes, but you forget the absolute first condition that must be met: it should absolutely, positively, definitely NOT be a company based in the US or be a company subject to any US leverage. There is simply no point whatsoever in building a better safe if any official can just wander in and request the owners to open that safe because they're bored and want to rummage through people's private life in the name of "fighting" terrorism.

        Especially BB as they have previous form in this area and are completely failing to take advantage of it - think a global network of BES nodes all chosen at random at send time, and a peer to peer comms systems that means the decrypt key moves between nodes on a random basis or upon decryption request.

        Now you're making it complex again :). BB has indeed the best credentials to get it right, especially by using QNX as it's a realtime OS and thus also capable of proper voice crypto. But what do those idiots do? They allow Android apps. It's like building a vault in a castle with moat, gate and drawbridge and subsequently organising a burglar party inside that castle. Duh. Maybe Jolla will do something smart with Sailfish .- who knows?

    3. Jon Gilpin

      Virtru Dev here:

      Virtru does host the keys, but not your data. We will fight any government request for keys described here: http://blog.virtru.com/faq-on-government-surveillance/

      For the more technically savvy users, we are making the key manager open source and available for private use. By hosting your own keys and those you communicate with will have to contact your key server to decrypt your message.

      Additionally, we are working on Public Key wrapping for keys that come into our system. Then keys hosted at Virtru have the same guarantees as PGP, but is much more user friendly to use.

      1. Quxy
        Facepalm

        Missing the point

        In my experience (even my computer-illiterate relatives have been using email encryption since the early 90s) there are two major "user friendlyness" issues with existing public-key email encryption that have limited its widespread adoption:

        1. Secure distribution of public keys.

        2. Anonymising meta-data (e.g. headers).

        Since Virtru doesn't claim to address #2, and doesn't seem to do anything to make #1 easier, it's hard to see what this product does, other than introducing more proprietary, unvetted technology into an already Balkanised email ecosystem.

        1. Cliffodemus

          Re: Missing the point

          Yup, this is snake oil. If you want to enable Alice and Bob to communicate securely, you don't start by giving Charlie keys.

        2. tom dial Silver badge

          Re: Missing the point

          I miss the point about secure distribution of public keys. Public keys are, well, public. The primary difficulty is knowing for sure whose key, which can be verified in a number of ways, such as direct personal delivery, key signing by trusted endorsers, or direct communication (out of band, such as telephone) of either the key text or its fingerprint. Virtru may be trying to take the place of a trusted endorser (the Public Key wrapping). To that I ask "what will they do to earn my trust?"

          Someone also should explain how, other than using Tor or similar, one could anonymise the metadata.

          1. Quxy

            Re: Missing the point

            What I meant by "secure" (without using the expressions "web of trust" or PKI) is a high level of confidence in establishing the authenticity of the binding between a public key and its owner. Is Virtru proposing to set themselves up as a CA?

      2. Duke2010

        Any thoughts on basing yourself outside of the US? Somewhere with better privacy laws? Then you wouldn't need to worry so much about fighting the government, a battle you will certainly loose.

        After everything we now know why would you start up from fresh in the US!

      3. Anonymous Coward
        Anonymous Coward

        Virtru Dev here:

        Virtru does host the keys, but not your data.

        Well, then I don't need you. My email has to live somewhere too.

        We will fight any government request for keys described here: http://blog.virtru.com/faq-on-government-surveillance/

        You guys still don't get it, do you? There is nothing to "fight" - either you run a company compliant with local laws or you go to jail. I am staggered that people can get their heads so far up their investor's rear ends that they don't see that technology is not the issue at all. There is plenty of tech available which allows you to contain and protect information, but if any random official can legally force you to cough up user data in cleartext (or build backdoors to do so), then your specific brand of crypto sauce becomes simply irrelevant.

        All this BS about "fighting" and "resisting" may sound heroic but is really complete rubbish - you should ensure you're legally in a good position to start with, and that has not been possible in the good old US of A from even before 9/11. The current algorithm for identifying a company capable of protecting your privacy starts with if in US, depending on US or subject to US leverage, avoid like the plague. Game over, and you did it all by yourselves..

  6. Chozo

    Startups like this wound my heart with a monotonous languor.

    1. sabroni Silver badge
      Thumb Up

      That's beautiful man!

    2. John Savard

      Hey, I remember that one from David Kahn's The Codebreakers too!

    3. tom dial Silver badge

      I'm sitting at a slightly wobbly table in a car dealership awaiting completion of service. Almost tested the manufacturer's claim that this laptop has a keyboard drain.

    4. Anonymous Coward
      Anonymous Coward

      blessant mon coeur d'une lanquor monotone

      A code phrase for the start of the invasion. What is being invaded and by whom?

  7. sabroni Silver badge

    If alice can't trust bob

    it doesn't matter how she shares stuff, he's got a memory. You don't have to screen grab or freeze a browser or whatever to recall the contents of an email.

    This service is about stopping derek, igor and hank from looking at the mail in transit, isn't it? And it sounds like it makes a decent fist of it.

    1. Anonymous Dutch Coward
      Holmes

      Re: If alice can't trust bob

      Unless Hank is your nice local US government spook, that is. Perhaps doing a bit of industrial espionage. Perhaps just digging through your email correspondence with your extramarital... ehrm companion.

      Cynic? Me?

      1. sabroni Silver badge

        Re: Unless Hank is your nice local US government spook

        I thought it was obvious that I chose the name Hank to indicate an american. What exactly is your point?

  8. Anonymous Coward
    Anonymous Coward

    I'm all for bringing encryption to the masses, but...

    ...in a post Snowden world, who can we really trust now (especially a bloody ex-NSA guy?) I just can't bring myself to accept and trust any closed source solutions anymore.

    These companies just don't get the real problem here do they? We've lost ALL trust in them. Take the corporates/governments/money out of the equation, make it free, open and a basic right for every digital citizen to have easy access to the best-in-class technology without anything getting in the way.

    1. Gordon 10

      Re: I'm all for bringing encryption to the masses, but...

      Nice sentiment but you are somewhat missing the point. Name one purely FOSS product that actually user friendly enough for public consumption by the average joe. Im desperately trying to think of one but cant.

      Fact is in lots of cases Corporates exist and make money by taking something fundamentally complex and implementing it in a way the average pleb can use.

      Amazon's notorious 1-click button for instance - how many other websites have you wished for that on and not had it or an equivalent.

      1. Anonymous Coward
        Anonymous Coward

        @gordon

        There is an openPGP plug in for Thunderbird, works very well and requires almost no initial setup.

        Problem is it requires the user to take enough interest in protecting their own privacy to spend a few seconds not watching cat videos, so not suitable for 98% of users.

        1. Anonymous Coward
          Anonymous Coward

          Re: @gordon @notauser 13:22

          Ah, yes; a cat video joke. Ho ho - suppose you have to play to the audience. The Internet was so much better when it was a bunch of nerds arguing on Usenet whether Kirk or Picard was better, huh?

          1. Anonymous Coward
            Anonymous Coward

            Anonymous Coward 15:36

            Looks like I touched a nerve there, like your cat videos do you?

            You're in the wrong place if you don't like nerds commenting, maybe you should go back to pointing and drooling on you tube. (and it wasn't a joke).

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm all for bringing encryption to the masses, but...

      @Gordon - "Nice sentiment but you are somewhat missing the point. Name one purely FOSS product that actually user friendly enough for public consumption by the average joe. Im desperately trying to think of one but cant."

      Which is why I said - "...basic right for every digital citizen to have EASY access..."

      At the moment we have various free/open solutions but in most cases, as you pointed out, we don't have the 'easy' bit. We need simple/free/open standard ubiquitous tools/technology that is 'on' by default. Not something Google owns, or Microsoft or the NSA etc.. something for the masses, created by the masses.

    3. John Sturdy
      Black Helicopters

      Re: I'm all for bringing encryption to the masses, but...

      especially a bloody ex-NSA guy

      Does that make much difference? There are two specific situations in which I'd mistrust a company offering closed-box security:

      1. Where they employ someone who's publicly known to have been on the NSA's payroll

      2. Where they don't employ anyone who's publicly known to have been on the NSA's payroll

      I might make an exception to case (1), if that person is Mr Snowden.

      1. Robert Sneddon

        Once a spook

        Mr., Snowden claims he is still working for the NSA even now. Anyone claiming to be ex-NSA still has "connections", still moves in the same circles as his "ex" colleagues and if you use a product produced by someone like that to secure your data from the NSA then you are taking a lot on trust.

        Of course this guy could be ex-NSA in the same way a lot of folks claim to be ex-SAS (aka a "Walter" as in Walter Mitty). No way to tell is there?

      2. Fair Dinkum

        Re: I'm all for bringing encryption to the masses, but...

        Three: the company is US based. Even if I trust that people, it would be against the US law for them to _not_ hand over the key.

        Sorry. Horse, barn door, went to Mexico, died and went to heaven.

  9. scrubber

    Is this a case of...

    Poacher turned Gamekeeper?

    1. I. Aproveofitspendingonspecificprojects

      Re: Is this a case of...

      Is this a case of poacher turned gamekeeper?

      Yes it is part of the great game and we plebs are in the sights.

      But it is all in a good cause and it is all in America. And it all a massive improvement on the communications they would have had had Guilliane got in. Can you imagine Motorola write-offs being issued to his secret services... oh wait...

      That sounds good... hang on.. I meant...

  10. Duke2010

    "We won’t provide your keys to anyone – unless we are ordered to divulge them by a judge with jurisdiction over us."

    No need to read anymore, already its insecure. The fact it will be an ex-nsa guy holding your keys is hilarious.

    I have read of other secure webmail services in development based around only the owner holding keys. Lets see how they pan out. If someone else has your keys its pointless!

    1. Metrognome

      Lavabit was secure but only by virtue of its owner preferring to shut the whole thing down rather than surrender his keys.

      Having said that, shutting down your stervice at every official request isn't exactly a recipe for success.

      Kudos to the Lavabit guy nonetheless.

  11. John Sanders
    Boffin

    Let me point the obvious:

    Suppose that I can not copy and paste, but I can see the message, If I can see the message I can transcribe it.

    Then following this to its logical conclusion to protect a secret message, we need to stop sending it.

    There fixed it for you.

    1. Gordon 10
      Meh

      Re: Let me point the obvious:

      Or to put it another way. If you dont 100% trust the recipient of a message or are not 100% confident that the contents cant bite you on the ass dont send it.

      To be fair that kinda missed the point. The point is not to have a 100% secure solution, its to raise the barrier of entry against passive attacks, an active attack against email whether by a single person (the recipient) or a state actor is always going to succeed.

      1. John Sanders
        Happy

        Re: Let me point the obvious:

        """The point is..."""

        How long have you been here sir?

        1. Anonymous Coward
          Anonymous Coward

          Re: Let me point the obvious:

          "How long have you been here sir?"

          Give him a break. He has just been promoted to Captain and is keen to show off.

      2. Anonymous Coward
        Anonymous Coward

        "...always going to succeed...."

        .....well, maybe not. Here's an example of a cipher that has withstood a century plus of attack. Of course, it could be a hoax, but the point is....no one (not even the NSA) can tell!

        http://en.wikipedia.org/wiki/Beale_ciphers

    2. John Deeb

      Re: Let me point the obvious:

      It would be very annoying if text couldn't be copied to and from documents or other emails. Perhaps it's just me but that's what I tend to do especially with important exchanges. And lets just imagine hitting reply and saving as draft. Who controls now the content of your draft?

      That said, if the security is just about sending certain attached documents (and as such having clear message boundaries, the mail body is then just a separate document but conceptually not "email" anymore!) the system could become way more simple: the attached document or its keys will be stored externally and needing online verification to open. In combination with watermarking some authentication of that document might be possible since copy/past and taking picture or screenshots won't get the watermark or other embedded keys out. Which is a more interesting and common concern than any authorization to read it, at least to the general user.

      Of course there are already many systems like that. Generally sensitive documents are not transmitted "as is" over the public network anyway or with raising awareness people will eventually stop doing that at least. The risk of sending it to the wrong people by mistake is itself already way higher and happening way more often than any snooping and hacking.

  12. Alan Bourke

    Disabledt cut & paste eh?

    Let's see how you do against screen cap software,

    1. Mephistro

      Re: Disabledt cut & paste eh?

      "Let's see how you do against screen cap software,"

      Or against a camera/smartphone.

    2. Anonymous Coward
      Anonymous Coward

      Re: Disabledt cut & paste eh?

      "Let's see how you do against screen cap software,"

      The movie industry already tried to prevent screen grabbers etc being able to get a copy of their extremely valuable content. How well did that work out for them?

      Or, given that email tends to be static, take a picture of it with your phone (as has already been suggested).

  13. batfastad

    Honeypot?

    That is all.

  14. Anonymous Coward
    Anonymous Coward

    Where is the need?

    Seeing that the e-mail world traffic is composed of :

    - 2/3 spam

    - 1/3 inane gossip and links to cat videos

    - 1/4 inane internal business memos and reports

    - 1/8 inane personal emails to family, partners and friends

    137.5% of all sent e-mails have absolutely no interest whatsoever to anyone (including the recipients most of the time!)

    Doesn't really leave much that would really call for hard encryption does it :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: Where is the need?

      Beautiful!

      Made me spit coffee and then realise I need to go to the pub!

  15. McHack
    Linux

    Saline programming solution

    "In addition, we have cryptographic components written in C and compiled to NaCl..."

    Compiled to salt? We are drowning in redundant and reiterated acronyms and abbreviations.

    Let's hope it wasn't using C#, or Visual C, or anything M$. They can't be trusted, either pre- or post-Snowden.

  16. John Deeb

    Just making things difficult is not solving it

    All I read is "we're going to make email way more difficult for ordinary users". As such, this will remain a niche product, by design! Not sure if the creators realize it though. A company really shouldn't be the one to supply these features which just seem bolted onto a limiting infrastructure. It should be added to mail protocols and gateways (like X400 implementations attempted). Managing and using those was already difficult for the relatively more computer savvy email users in the 90's. It's not going to be easier now.

    And yes, it's waiting for the external plug-ins to backup these sensitive mails before they expire or get revoked by a compromised account. A product like this cannot control all the layers and applications and they should not even try as security becomes quickly obscurity that way.

  17. grammarpolice
    Devil

    Useless

    This is all totally pointless because if the bad men know you have a secret they will force you to tell them the secret (give you the keys) or they will do nasty things to you (like imprisonment, thanks Paul Beresford!).

    The only workable solution is one whereby you don't have a secret that is detectable by any known means, i.e. steganography. This puts the burden of proof on the courts to show that you actually had a secret in the first place. Of course, it's still not 100% watertight because it will probably be countered by a Yanukovych-style squad of hit men who will come around and anonymously break your kneecaps because you made life difficult for them anyway.

    1. willi0000000

      Re: Useless

      speaking of pointless . . .

      it does you absolutely no good to break someone's kneecaps anonymously.

      [the whole point of the exercise is for the victim to know who did it and be unable to retaliate]

  18. tom dial Silver badge

    I call BS

    "Research from Harris Interactive, commissioned by Virtru, found that 83 per cent of Americans are concerned about the privacy of their email communication, and even more have not yet taken steps to secure their email because they don't know how. Americans worry about being targeted by advertisers based on the content of their private emails (83 per cent) as well as messages being read by unintended recipients (75 per cent)."

    Harris Interactive, is not what I think of as a purveyor of anything approaching valid research. They self-classify as a market research firm, their web site reeks of shilldom, and their respondents appear to be self-selected and perhaps drawn in by the rewards. It does not improve the credibility of this research, so called, that Vertru hired it done, perhaps to bolster a business plan and justify funding solicitations. I was unable to locate the actual poll results or the interview schedule on which it might have been based. In particular, the wording of the questions is important and might explain why the results seem to show that 5 Americans of 6 express "concern" about email privacy, but fewer than 1 in 6 report having done *anything* about it because they don't know how.

    GPG, and I assume PGP, just are not that hard to set up for POP3 and IMAP clients, and Mailvelope, despite having some issues that require care in use, also is not that hard. It is likely that the level of concern really is quite low and that its extent in the population will decay over time back toward whatever was normal in years previous to 2013; and that the great majority of those who "don't know how" didn't actually take the trouble to try and find out.

  19. JustWondering
    Thumb Down

    Meh

    As far as I can see, the only people that would trust this guy with their emails are those who don't really care who sees them, obviating the need for this service.

    That's one of the problems of hanging out with a poor crowd when you are younger, your reputation follows you.

  20. Anonymous Coward
    Anonymous Coward

    NSA

    Backdoors are so yesterday. Try the front door instead.

  21. Zot

    Would it be more secure if...

    ...I simply give my friends a large RAR password key to keep on their desktop? They can copy and paste the key to decompress the email file I send them. That way I can send them links to cat videos without the slimy snoops knowing about it.

  22. John Smith 19 Gold badge
    FAIL

    3 little words. THE PATRIOT Act

    Anything of this company is US based and the USG will root your data.

    After all.

    Encrypted email users --> Something to hide -->Now we get the good stuff.

  23. littlegreycat

    Show me the money?

    Firstly I will fess up to being deeply embroiled in secure email and PKI in the late '90s

    At the time it was already straightforward to secure email with mail clients.

    All you needed was a plug in and a certificate.

    Shortly afterwards signing and encryption were built in to Microsoft email clients.

    Still there today.Nobody I know uses them.

    At the time a certificate cost 10UKP a year and nobody was worried enough to pay that each year to secure email.

    Nobody seems to want to pay for anything. (Freetards?)

    Anyway, two things to consider.

    (1) How much is this service going to cost a year and what happens to your encrypted emails if you fail to renew?

    (2) Do you really want an email service which requies you to be online at all times so you can read saved emails? [I am assuming this from the remote key server.]

    Agree about the research - everyone is concerned or worried about everything from insecure emails to hungry kittens. I suspect more people would give cash to save kittens than secure emails.

  24. Pascal Monett Silver badge

    "we would fight an order to cooperate"

    And here's how the fight would go :

    Government Spook : "Hand over the encryption keys for user #362846284, please."

    Virtru : "We. Will. Not."

    Government Spook : "Then you go to jail as a terrorist and get held indefinitely without trial, and we'll ransack your servers and get the keys anyway."

    Virtru : "Here. They. Are."

    Government Spook : "If you say anything to anyone about this, you go to jail same as before. Sign here."

    Virtru : "Sir! Yes Sir!"

This topic is closed for new posts.

Other stories you might like