Unconfigured Ad Widget

Collapse

Secure cyber communications system

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • andytothemax
    Member
    • Oct 2003
    • 151

    Secure cyber communications system

    Some programmers and I are developing a communications system that relies on client-side encryption with no stored passphrases or keys. It's a secure alternative/supplement to email, like Lavabit (http://lavabit.com), only it probably won't get shut down by the government. I believe it would be useful to anyone who wants to keep his or her communications private.

    You can try out the prototype here: https://r.raellic.com

    Currently, it most closely resembles a product called HushMail (https://www.hushmail.com) only it has several major improvements.

    I'm posting on my favorite 2A forum because I need to know what features people would want. For example, should I develop a Gmail or Facebook plugin? Those would be quite costly, so I don't want to do them unless people actually want them. Any other requests or suggestions? Thanks!

    sigpic
  • #2
    bigmike82
    Bit Pusher
    CGN Contributor
    • Jan 2008
    • 3876

    What's a defense grade trusted operating system?

    Signed up...happy to see some other folks try to run with this.

    The registration process failed for me too.

    Token does not exist / Account is already activated
    -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

    Comment

    • #3
      echoThreeOneSix
      Senior Member
      • Dec 2013
      • 1332

      so it would essentially be a secure VPN sorta thing?

      edit: after reading up on hushmail, it's only encrypted between hushmail users (my quick read might be wrong). would the goolge plug in decrypt the message or how would that work? I would think the plug in's would create huge vulnerabilities.

      you know it's either secure, or convenient but never both...
      Last edited by echoThreeOneSix; 10-03-2014, 5:50 PM.
      Originally posted by m---------------1
      Bump... also interested in 1911 for trade
      ...as a trade for a glock 43. wtf guys, wtf.

      Comment

      • #4
        bigmike82
        Bit Pusher
        CGN Contributor
        • Jan 2008
        • 3876

        Well, in this case, your recipients are giving up a fair chunk of convenience as they need a little bit of tech knowhow to decrypt the message. Essentially, you're using javascript on your local browser to encrypt the message (thereby prevent your key from leaked in cleartext to the server / govmint). Once you have that encrypted message, it looks like you can use raellic to send the message or send the message yourself via email.

        Your recipient can then decode it with OpenSSL or via the Raellic site.

        The nice thing about the service is that it uses standard, open-source, audited software the sensitive stuff. I think it's similar to the new Mega implementation where it, too, encrypts the files locally on your machine prior to the server getting it.

        I think it's a solid start, but they've obviously got a ways to go.

        Please correct me if I'm wrong, Andy.
        -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

        Comment

        • #5
          speedrrracer
          Veteran Member
          • Dec 2011
          • 3355

          I think you should work on the plugins. See if my logic holds any cows:

          It's always a trade-off...convenience vs security. Paranoid mode or tin foil hat mode also means no one needs your service...open ssl & a normal email client can do all that.

          So if someone is using your service, I think it implies they're interested in the convenience aspect, which suggests that broad adoption would be achieved by things increasing convenience, like gmail / facebook plugins...

          Comment

          Working...
          UA-8071174-1