Yosem Companys writes: > From: Dewald Pretorius, owner of SocialOomph.com > > The alarming revelations of the extent to which our privacy is being > invaded by governments have inspired me to create a free encryption service > that is for everyone. It is gratis, it's extremely easy to use, and it's > anonymous (no need to sign up). > > https://www.encryptfree.com
Um... ① You actually send them your plaintext every single time you use the service. If you want to send plaintext to a third party, why not a webmail or IM provider or social network? ② Reference to being run by a Canadian is possibly intended to invoke jurisdictional diversity but the server is hosted in the U.S. (Amazon AWS), not even on machines physically owned by the service operator. ③ Instructions say "give the password to the recipient (obviously not in the same email!)" -- so, how are users supposed to give the password to the recipient? ④ I suspect most users will choose passwords that can be brute-forced easily. There isn't even any advice to users about what a good password would be in this context (and no documentation about whether or how a KDF is used). People here were criticizing harshly criticizing the older version of CryptoCat over vulnerabilities less concrete and fundamental than these. Without (at least) some new browser functionality, "nothing to install" is a massive red flag for any cryptographic application. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
