An Interview with Simon Persson of CounterMail

Tom Ritter tom at ritter.vg
Mon Oct 14 14:30:09 PDT 2013


"You can delete the private key from our server (but we recommend this
only for advanced users, your private key is always encrypted on our
server anyway"

This sounds pretty similar to Lavabit. The server stores your emails
encrypted, but they're decrypted for you when you login, using your
password as the key to decrypt your private key.  The difference (I
think, I never used Lavabit) is that you can retrieve the private key
from Countermail and then ask them to delete it.  It would be even
nicer if they let you upload your public key so they never see the
private key.  You'd still have to trust them not to copy plaintext as
it's coming in, which depending on how you think about it might be
equivalent to them having a private key to your mail in the first
place.

In all these 'secure email' providers, they all have the same problem:
they see incoming plaintext, and could be compelled to store it/record
it. It's not their fault, they do the best they can, it's just how
email works.

-tom



More information about the cypherpunks mailing list