Side note: please don't use LibTech as a marketing tool. Occasional mentions are good, but I feel like you're flagging it a little too much and too often. Just a friendly note. :)
On Sun, Aug 11, 2013 at 1:10 PM, Francisco Ruiz <[email protected]> wrote: > Twice again, privacy has taken a hit across the land. Lavabit and Silent > Mail are gone, and to quote Phil Zimmermann, “the writing is on the wall” > for any other encrypted email provider located in US territory. This is sure > to be repeated for servers located in Europe and other countries. Is this > the end of encrypted email? > > It might well be the end of encrypted email _servers_, at least for a while, > but not of encrypted email itself. I’ve posted this a few times here, but > let me repeat it: you only get real security if the encryption is handled > completely client-side. Then you don’t rely on a server that can be shut > down. You can use any mail system, web-based or otherwise. They’d have to > shut down every mail provider and every text provider in order to shut you > down. This is what PGP was when it started. We need to go back to that. > > And yes, client-side today might mean JavaScript. What’s so wrong with that? > Sure, it is easy to intercept and modify, but it is also transparent and > easy to check. If the user is willing to check a hash of the source code, > JavaScript isn’t any less tamper-proof than compiled code. And who even gets > to look at compiled code these days (especially if it resides in a server)? > > This is one of the reasons why I am developing PassLok. Thanks to feedback > from members of this forum, the security provided by PassLok is stronger > than ever, but you don’t have to believe me. Download it from its source at > https://passlok.site44.com (once you have it once, you have it forever), > look at it, run it, test it. Get its SHA256 hash from its help page and > check it. If you’re as paranoid as I am, you can watch me reading that hash > (with some nice background music to make tampering with it more difficult), > in this youtube video: https://www.youtube.com/watch?v=VHR_w0FCkC0 > > There’s no legal action that can shut down PassLok because it consist of > pure code, and pure code is speech, protected from government interference > under the 1st amendment to the US Constitution. > > If you don’t think this is enough, let us all know. Let’s come up with a > solution. Meanwhile, I appreciate any suggestions on how to make PassLok > more secure and easier to use. > > > -- > Francisco Ruiz > Associate Professor > MMAE department > Illinois Institute of Technology > > PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok > > get the PassLok privacy app at: http://passlok.com > > -- > Liberationtech is a public list whose archives are searchable on Google. > Violations of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > [email protected]. -- @kylemaxwell -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
