Secure Web-based Email 11
Peter self-promotes: "If you are looking for an open source, secure web-based email client and server software, CryptoMail Email System that allows you to exchange email securely, you should check out this non-profit organization, Cryptomail.org who devotes their energy to promote the freedom of private communications. The CryptoMail Email System, the client and server are providing security at the transport level and end-to-end message security. In addition, CryptoMail.org also provides a limited free email account for people to experience its secure web-based email." Looks like something similar to Hushmail.
I don't get warm fuzzies... (Score:3, Insightful)
/*
** Joshua Teitelbaum, Sunday, April 15, 2001
**
** Listen BITCHES I'm programmin just what I need
** FUCK THE MRJ,
** FUCK APPLE
** FUCK SUN
** FUCK JAVA
** FUCK THE IRS (See date this was written
** THEY FUCKED UP
** HEY APPLE!!!!!!!!!!!WHAT THE FUCK IS THE WRITE ONCE, RUN ANYWHERE BULLSHIT?
**
** APPLE AND SUN:
** IF YOU DON'T WANT TO LOSE YOUR DEVELOPERS YOU HAVE TO SUPPORT THEM
** IF YOU DUNCES MAKE AND RATIFY THE SPECS, THEN FUCKING ADHERE TO THEM
**
*/
I'm not saying I don't understand-- I've programmed in Java myself, and I have to say that I've felt the same way. But there's a certain level of-- professionalism, I guess, that you expect from a security application.
A lot of the code is good quality code. A lot of it is pure garbage-- crufty, kludgey cobbled-together crap. It needs a serious cleanup, and whoever thinks it's cute to have their clients showing up with a user agent of "TheMelvinsBugzilla 6.66", developed by "MRJ Pussy Developers" needs to grow up a little.
There's a lot of potential, but the immaturity of some of the developers definitely gives me pause. And it's not just in the comments, it's in the code-- carelessness, failure to do sanity checks, etc. And you can't afford to have carelessness in cryptographic code.
How "safe" is this? (Score:1)
Re:How "safe" is this? (Score:1)
It's this e-mail address that they control I don't trust. I don't recognize any of the e-mail addresses, or for that matter, any of the names of the developers. They may be honorable men, but I don't know them. They don't have any traceability through the names, and they don't have any organizational traceability I'd feel comfortable with. (Although I'm not sure either e-trust or BBB online would be appropriate here.)
The point I was trying to make is simply, I wouldn't trust the e-mail account they host with any sensitive information. It doesn't have to be, "Hijack today." It could just as easily be confidential business letters, love notes (especially to someone with an Arabic name), e-mail to or from some medical support group, etc.
What about lokmail? (Score:2, Informative)
I have an account on lokmail.
http://www.lokmail.net It uses PGP and you can provide your own key pair. I think it uses https for communication between your web browser and them.
I have no idea how secure it is but it works ok for me.
Yeah, but... (Score:3, Interesting)
I've got PGP integrated with Eudora and ICQ but no one I send messages to or receive messages from is interested in supporting it. So I continue to post stuff, including some fairly private details, on the equivalent of a post card.
I'd like to see my regular montly bill/statements emailed to me in PGP encrypted form -- surely it's cheaper (and safer) than printing out pages and pages of stuff every month and stuffing them in an envelope.
Everybody can do this (Score:1)
Great performance, no cost, no egomaniac comments in the source.
FreeBSD is so stable, I've already forgotten where my colo-facility is (sort-of)...