[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor-compatible secure email systems



coderman wrote:
> On 10/12/06, Total Privacy <nosnoops@xxxxxxxxxxx> wrote:
>> ...
>> Using PGP or similar to make an encrypted file (txt or word or
>> something).
>> Then attach it to an ordinary webmail upload function, to send it over to
>> the recipient that alreday are informed of my public key (and who´s key I
>> have). All this whitout any need for Thunderbird or anything in computer.
> 
> something like freenigma?
> http://www.freenigma.com/
> 
> you have to trust them with your keys, but at least provides some
> protection for the scenario you describe.
> 

Why would you trust the freenigma people with your secret keys?

This article by Ben Laurie sorta sums it up nicely:
"Oh dear. So freenigma can decrypt my mails (and anyone else they care
to give the session key to). What’s more, it looks like they have your
private key, too, so they can impersonate you.

They don’t say how you decrypt, but I presume the story will be
described with the same disingenuousness: no, you don’t send your
encrypted mail to the server, just send us the encrypted session key and
we’ll decrypt that for you. How comforting. Not."

http://www.links.org/?p=130 (google cache:
http://72.14.253.104/search?q=cache:33Eoh50ZCQ8J:www.links.org/%3Fp%3D130+http://www.links.org/%3Fp%3D130&hl=en&gl=us&ct=clnk&cd=1&client=safari
)


It would be ideal to use something like this when it's available:
http://www.shmoo.com/soc/gpgreasemonkey.html

Regards,
Jacob