Yeah, this is completely nuts. You're sending the service's owner(s) your password and plaintext in the clear. The person(s) operating this service get(s) all the passwords, all the plaintext, and even which IP address is sending/receiving plain texts at what time with each password. It's terrifying.
For what it's worth, I've tweeted at the author asking him to take it down. He seems to be just a well-meaning guy: https://twitter.com/kaepora/status/348530356317741056 NK On 2013-06-22, at 2:45 PM, Julian Oliver <[email protected]> wrote: > ..on Sat, Jun 22, 2013 at 09:15:45AM -0700, Yosem Companys wrote: >> From: Dewald Pretorius, owner of SocialOomph.com >> >> The alarming revelations of the extent to which our privacy is being >> invaded by governments have inspired me to create a free encryption service >> that is for everyone. It is gratis, it's extremely easy to use, and it's >> anonymous (no need to sign up). >> >> https://www.encryptfree.com >> >> Essentially, you use the free service to encrypt the text you want to >> protect, paste the encrypted version into an email, tweet, Facebook post, >> Google+ post, etc., and give the decryption password to the intended >> recipient. The recipient uses the site to decrypt the text using the >> password you chose (only someone who knows the password can decrypt the >> text). > > It's done server-side and so the owner of that service is in the sweet spot, > getting everyone's text in the clear. Whether he actually does delete the text > as he says begs far too much trust. Who says he wouldn't sell out if offered a > ton of money for a back door? I certainly wouldn't use it for anything > remotely > important. > > PGP/GNUPG is a better way to go, done locally on the user's machine. PGP > Desktop > clients can be used for encrypting text, independently of email. > > Here's one for OS X: > > https://gpgtools.org/ > > Windows: > > http://gpg4win.org/ > > Us GNU/Linux users can just use the command line or a GUI like: > > http://utils.kde.org/projects/kgpg/ > http://projects.gnome.org/seahorse/ > > Cheers, > > -- > Julian Oliver > http://julianoliver.com > http://criticalengineering.org > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
