Tor-compatible secure email systems
Jacob Appelbaum
jacob at appelbaum.net
Fri Oct 13 01:19:56 UTC 2006
coderman wrote:
> On 10/12/06, Total Privacy <nosnoops at fastmail.fm> wrote:
>> ...
>> Using PGP or similar to make an encrypted file (txt or word or
>> something).
>> Then attach it to an ordinary webmail upload function, to send it over to
>> the recipient that alreday are informed of my public key (and who´s key I
>> have). All this whitout any need for Thunderbird or anything in computer.
>
> something like freenigma?
> http://www.freenigma.com/
>
> you have to trust them with your keys, but at least provides some
> protection for the scenario you describe.
>
Why would you trust the freenigma people with your secret keys?
This article by Ben Laurie sorta sums it up nicely:
"Oh dear. So freenigma can decrypt my mails (and anyone else they care
to give the session key to). What’s more, it looks like they have your
private key, too, so they can impersonate you.
They don’t say how you decrypt, but I presume the story will be
described with the same disingenuousness: no, you don’t send your
encrypted mail to the server, just send us the encrypted session key and
we’ll decrypt that for you. How comforting. Not."
http://www.links.org/?p=130 (google cache:
http://72.14.253.104/search?q=cache:33Eoh50ZCQ8J:www.links.org/%3Fp%3D130+http://www.links.org/%3Fp%3D130&hl=en&gl=us&ct=clnk&cd=1&client=safari
)
It would be ideal to use something like this when it's available:
http://www.shmoo.com/soc/gpgreasemonkey.html
Regards,
Jacob
More information about the tor-talk
mailing list