Yes but my point was they didnt have to throw out the baby with the bathwater; silent circles email I think was basically two products combined: 1. end2end secure, store-and-forward encryption between silent circle users; 2. server-side encryption of opportunistically SSL encrypted (potentially unencrypted) incoming emails + presumably unencrypted outgoing emails. Why not keep 1? They obviously have the technology for it because they have retained encrypted SMS-like functionality which is the same key management and information flow. Not forgetting there is a 3rd "product" which is the defacto which is normal email: 3. opportunistically encrypted (SSL) email (as well as SMIME (dont trust due to CA malfeasance) or self-managed PGP/GPG which for some reason people find difficult). and users who lose 1 & 2 due to the no-notice product end-of-life will probably just switch to 3 as an alternative to stopping communicating. Even catching a flight with a USB drive apparently is risky via UK re the curiously named David Miranda (Miranda rights eh) seems they demanded decryption keys. Seems like people who are couriering data ought to encrypt it with the recipients public key before travel. Adam On Tue, Aug 20, 2013 at 06:03:39PM -0700, Rich Jones wrote:
I think the point that they're making is that one communicates differently when one knows the line is tapped. Better self censorship than blabbering with delusions of security. This isn't a philosophy which I personally agree with, but I believe this was their intention.
On Tue, Aug 20, 2013 at 5:51 PM, Adam Back <[1]adam@cypherspace.org> wrote:
On Tue, Aug 20, 2013 at 12:32:00PM -0400, John Young wrote:
Bluntly, anybody who peddles security is a cheat. Those withdraw it are worse.
I was thinking something like that about the silent circle shutdown. It seems to me their problem case was the mail in (they would be encrypting that to the user PGP key or equivalent, after sender optional use of SSL to deliver it to them). So would not a more sensible change be to disable mail in? So then only silent circle users could encrypt messages to each other. Even that would add pressure to other users to also get a silent circle account and so be a business advantage. Puzzlingly spun "to protect our users privacy we removed their encryption feature" - so they'll probably send it plaintext instead, great. Adam
-- Rich Jones OpenWatch is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch [2]for iOS and [3]for Android!
References
1. mailto:adam@cypherspace.org 2. https://itunes.apple.com/us/app/openwatch-social-muckraking/id642680756?ls=1&mt=8 3. https://play.google.com/store/apps/details?id=org.ale.openwatch&hl=en