Reply to post:

Go dark with the flow: Lavabit lives again

Anonymous Coward
Anonymous Coward

The biggest flaw is whether the client-side decryption code could be trojaned to ping a copy of your keys and passwords to an NSA server after you've entered them, then served selectively to targets of interest. Is there a way to sign a javascript file with a key, pin that key to a domain/file (so any variation gets reported and rejected), and have the browser reject any code that fails that signature check?

Even so, that then assumes the provider is able to keep control of their signing key, won't be complicit with an NSL letter to sign a trojan. Perhaps keep the signing key offshore with a third party that won't sign any code he hasn't personally inspected, or use some kind of federated approach that requires x out of y third parties to inspect and sign the code.

Tough nut to crack with the current web (in)security technology.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon