After Lavabit Shut-Down, Dotcom's Mega Promises Secure Mail 158
Lavabit may no longer be an option, but recent events have driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption. ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail:
"'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.'"
Links? (Score:5, Informative)
Are those actual links, or just the <a> tags?
Article (Score:5, Informative)
http://torrentfreak.com/dotcoms-mega-debuts-spy-proof-messaging-this-summer-email-follows-130711/ [torrentfreak.com]
A link to an actual article.
Will need better security than current (Score:5, Informative)
According to Security Now/Steve Gibson, the encryption/security on the MEGA file site is not very sound
https://www.grc.com/sn/sn-390.htm [grc.com] (search for "Java Crypto" to get about 3/4 way through the show) or listen to the podcast..
MEGA is well intentioned Im sure, but the Javascript code in MEGA does not cut it for serious security, and they need to dp waaay better for an email service.
Remember that ALL THE DATA is being retained now, so one crack in the system and there is a way in.
Air tight security is do-able, but needs to be serious - I wish Mega lots of luck.
Re:New Plan (Score:4, Informative)
Not at all.
1. Press soft clay up to the seal to get an impression..
2. Open envelope, read, close.
3. Fire clay. Smooth it down a little carefully.
4. Melt wax, apply clay stamp.
You can use Gmail + Penango! (Score:3, Informative)
The matter of protecting your e-mail is a simple one - there are standards (S/MIME). What you need to look in a provider is:
(1) They SHOULD NEVER have copies of your private keys
(2) They should follow published standards
(3) Allow S/MIME e-mails
For example, if you want to use your Gmail account with military-grade security that neither NSA can read, just install Penango in your browser and send messages encrypted - this solution is also used by US military and corporations. Penango does not hold any of your private information and/or your keys - so they can not be forced by anybody to give out your secret.. simply because they do not have it!!!! For more info, go to http://www.penango.com/
Goddammit, why can't people learn? (Score:3, Informative)
If you want secure email, don't put it in the cloud. People who try to set up new cloud services to get attacked aren't helping, and can't deliver on what they want to make people believe they can.
It's not hard to set up a mail server. It's not hard to use PGP. Be at least a little harder target.
Just say no to the goddamn cloud, already.