[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Email provider for privacy-minded folk
-----BEGIN PGP SIGNED MESSAGE-----
> On 14.02.2013 11:42, adrelanos wrote:
>> What if Hushmail (or any other mail provider) had recommended the
>> user to install a browser add-on to do encryption locally? Could
>> they get forced to convince the user to install a malicious
>> browser add on, on request by law enforcement?
> Most likely. Why not?
I was actually thinking exactly this myself.
> "My" way would be to produce the browser addon independently from
> offering mail services. The mail provider would then just be
> recommending the "third-party" addon -- even if the addon is made
> specifically for that service (or web interface).
> Browser plugins for en/decryption were often discussed here and
> you should be aware of their issues. In short, you cannot create a
> safe en/decryption plugin and at the same time have high
I don't see any point in a browser extension if you're going to go to
the extent of installing that why not just use an email client.
It would use a lot less bandwidth to use a email client like
Thunderbird and use POP/IMAPS than a web interface anyway.
I'd also argue that it's a lot more secure too, given that
implementations like FireGPG always had issues.
Also, the source code for the extension would need to be available,
and then it would be bound to particular browsers, not a good move in
It would also be only available then on particular platforms. I know
for example with PGP I can decrypt emails on Android using K9/Kaiten
Also as it would only be used with one provider, the code would have a
lot less widespread usage in comparison to something like Enigmail and
Thunderbird or Sylpheed etc.
I also think hushmail's Java requiring extension is a lot less usable
than a decent mail client with pgp support, even inexperienced users
detest horribly slow java applets. Then there's also the fact that
Oracle can be kinda slow to fix 0day Java exploits, and those nearly
always revolve around the web browser.
scarp | A4F7 25DB 2529 CB1A 605B 3CB4 5DA0 4859 0FD4 B313
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
tor-talk mailing list