Re: Harvard and MIT Students Launch ‘NSA-Proof’ Email Service | Betabeat

[grarpamp]

On Tue, May 20, 2014 at 11:05 AM, Kelly J. Rose <iam at kjro.se> wrote:
> Which is totally subverted if you are American citizens or located in the
> us. Simply by the national security letters.
>
> You could have the sexiest cryptosystem ever and the NSL attack will still
> beat you if you put it on American soil.

If you operate a machine upon which plaintext 'email' for users transits/sits
on their behalf, you will still be subverted and beaten (literally or
not)... either
remotely by cooperative agreements (or simply giving), or your own local
mitm, [extra]legal force major, etc. The only way out of the mess is either:
a) basically start street protesting to change global law and practice
and somehow manage to create utopia.
b) defend in depth and bury all user messaging within secure p2p darknet
overlay networks where only Alice and Bob are parties to the plaintext content.
And the code you run to get on it is developed and audited by separate
groups, be they well known nyms on such nets, or real world.

Any proposed messaging system that is centralized, not pay anonymous,
not open, works by you giving up key material you shouldn't, or you needing
to demandload their code instead of running your own trusted copy... isn't
worth your time. Otherwise stick with plain old email, text, and whatever
the fad of the day is. And don't try to call either of them secure.

> This kind of problem should be tackled by some honest idealists from either China, Russia

Yet people applaud eliminating such idealists, even eg:
Iraq, Iran, Cuba, DPRK, Venezuela, Israel, etc.
Keep on wiping out your only counter voices and you'll
get what you asked for next. None of these suggested places/people
are immune either, only alternatively 'hard'[er] under some
given threat models.

lavaboom.com and protonmail.ch both appear deliver you their
code (javascript) on the fly to run in your browser. Yeah, that's
secure.