Hi, > I thought this was very important.
I don't think so. > You could go a step > further and have a server that manages keys/users for you, or a > collection of federated servers. Such a beast might look very much > like the PGP Universal server. And this was the heart of SC's problems and - realistic - fears, not the "insecure email" marketing talk. They have used PGP Universal, managed and generated the keys for their clients, because of the mobile computing demands(?) of their customers - or their incompetence(?) / not existing ressources to develop a mobile OpenPGP solution? As Phil said in <http://www.forbes.com/sites/parmyolson/2013/08/09/e-mails-big-privacy-problem-qa-with-silent-circle-co-founder-phil-zimmermann/>: 'We didn’t have a PGP client that could run on a smartphone, and our market is primarily smartphone users. So how [could] we get it? Get a server side implementation of PGP, a Symantec product called PGP Universal, meant for enterprise customers who want to manage keys on the servers. So that’s what we were using. But if someone comes to us and forces us to hand over the keys, [we're in trouble.]' Yes, that is true, if a "privacy" company like SC acts like a company with a PGP email gateway. > As you can see, email security has become more complex than it used to > be. In the past, securing the body of the message was sufficient. The > tools and techniques used for snooping were not on a large enough > scale to allow the metadata to be useful. This is old and well known stuff since the old ZKS days. A company like SC resp. all email privacy services need also an additional layer to anonymize or pseudonymize emails with an infrastructure similar to the mixmaster/mixminion network or a companion piece to email like Pond to hide metadata an identification data too. But the error is not only on SC's side, because we have heard since years, that email is no longer important, that all the kids are using IM and that all things are done with the browser, so we need ony an anonyization solution for transport like Tor and so the focus went away from email and not so much was invested to develop and fix solutions for email. Fixing the reply block problems with mixmaster/mixminion? Develop good nym servers? Oh no, that's not important. But, as Ladar replied in <http://www.democracynow.org/2013/8/13/exclusive_owner_of_snowdens_email_service> to Amy's question 'Do you think people should use email?': 'Yeah, I think it’s a great way to communicate ... And I think email still has a very important role to play in communication between people.' ACK. Does SC really think, that all can be done with P2P instant messaging solutions? I don't think so. Show me a 'liberationtech' SC P2P-IM mailing list. Oh yeah, we have IRC channels/XMPP groupchat rooms for that? -- Katana -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
