On 12/1/2016 at 7:40 PM, "Don Saklad" wrote:How do you let your M.D. know about emailselfdefense.org and gnupg.org so that it's easier for folks unfamiliar to setup and use than having to go over the too long material, the too complicated material?
===== Hushmail has a marketing pitch to Medical Personnel about compliance with medical privacy laws, and allows hushmail users to send encrypted e-mails to any email address even if the receiver does not use hushmail. The receiver gets a message that an encrypted e-mail has been sent, and a link to a site where it is stored for only 72 hours. Upon following the link, the receiver types in an answer to a pre-arranged question between the doctor and the patient, and sees the plaintext, and/or the file attachment. The receiver is allowed only 3 tries, and if all are wrong, the message is removed from the site. So it's pretty simple to use, (simple enough that busy doctors are not interested in learning GnuPG :-((((( ) The doctor calls the patient, and arranges the question and answer, and then can send files encrypted as attachments. An MITM attack is not practical as the doctor and patient share the secret over a different channel (phone, person to person in the office, etc.) It is, however, very vulnerable to a DNS attack. The MITM can simply access the site, enter the wrong answer 3 times, and the message is removed. I pointed this out to a doctor who uses this, and his response was basically that it's "not in his threat model", (although it was much longer in ordinary language.) The only suggestion I would have, is for a similar e-mail service that uses GnuPG, without a backdoor for the government, which Hushmail has, and market this to the "Patients", and have a link to an easy GnuPG gui tutorial, once people think that encryption can be useful and 'fun'. vedaal
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
