The NSA’s
metaphorical rampage over our rights and privacy expectations has only gotten
worse as more documents are leaked to the public. Chief amongst the “victims”
has been any expectation of privacy when using email. The founder of Lavabit,
the encrypted email company Edward Snowden used before the service was forced to
shut down, openly stated that if people knew what he knew about email they too would
be fearful about using it. Silent Circle, a similar service, also shut down in
an effort to avoid being forced to expose its users’ secrets. While all of this
was going on, it seemed like any hope of regaining a modicum of privacy was non-existent.
Luckily, the predictions appear to have been premature as efforts are ramping
up to safeguard future internet users.
Silent
Circle and Lavabit, despite having shut down their respective operations, have
joined forces to rebuilt email with privacy and security at its core. Called
the DarkMail Alliance, it is a soon to be formed non-profit organization that
would be in charge of maintaining and organizing a new email protocol. ArsTechnica
reports that the organization seeks to replace the Simple Mail Transport
Protocol (SMTP), which is used for all current email communications, in its
entirety. One of the main goals of doing this is to provide this as both an add-on
and as a service for existing email providers. This way the protocol gets the
most adoption and users are more likely to take an interest in the product. The
founders are still looking into ways to deal with things like multiple device
usage for the same account, but they are at least making an effort to fix
things unlike other critics. There are plans for a Kickstarter campaign in the
nearby future with the first large donors getting early access to the code to
ensure they are the first to support the protocol.
This is
not the only effort I have heard of lately that tries to solve the email
security problem we are facing. A Kickstarter campaign (which failed to my
knowledge) was raising funds to create a peer-to-peer email network. It sought
to provide encrypted end-to-end transportation of all of your data. Another,
easier to use program, is Mailvelope. Mailvelope is a plugin for Google Chrome
and Mozilla Firefox web-browsers. The plugin generates secure cryptography keys
for users that are stored locally on disk. The plugin then hooks into email
clients like Gmail and offers to allow for easy encryption and decryption of
emails at the click of a button. Or at least it does so long as you can locate someone’s
public encryption key. Either way, the plugin works as expected and stays
entirely within the browser. You can even use encryption keys you generate
outside of the browser with other applications.
I am
hoping that DarkMail Alliance can match what Mailvelope is currently offering
me, but I will be fine either way in the meantime. Having a secure email
client, regardless of my lack of need for one right now, is important on the
principle alone. I don’t like being spied upon. It feels weird and can seem to imply
that I am guilty of some form of wrongdoing. The NSA has even gone as far as
hijacking the fiber optic cables Google and Yahoo privately use to communicate
between their different data centers. The NSA has no restraint and will keep
trying to get ahold of our data. Even if I don’t need encrypted email, I like
to think that my occasional use of it is my own little form of protest against
what they are doing.
No comments:
Post a Comment