Slashdot Mirror
Silent Circle Follows Lavabit By Closing Encrypted E-mail Service
Okian Warrior writes "Silent Circle shuttered its encrypted e-mail service on Thursday, in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy. The company announced that it could 'see the writing on the wall' and decided it would be best to shut down its Silent Mail feature. 'We’ve been debating this for weeks, and had changes planned starting next Monday. We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision.' The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation."
Does anyone have replacement recommendations for people who used these services?
The US government is basically forcing technology firms to move else where.
Does anyone have replacement recommendations for people who used these services?
The first rule of Fight Club is: You do not talk about Fight Club.
It turned out that the visit from Homeland Security after the "pressure cooker" and "backpack" searches weren't a result of Google monitoring but of a report from the guy's employer after finding the search on his work computer.
Does anyone have replacement recommendations for people who used these services?
I would say "something hosted outside the US", but as the international banking community has shown, Uncle Sam's jack-booted foot extends well outside our own borders.
So that really leaves "GPG" as you sole realistic option. End to end encryption, with no one but you and the recipient knowing what you wrote. Of course, "they" can compromise either end, but it deprives them of the ability to funnel everything on the wire into their data centers for 4th-amendment violating goodness.
Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.
The same thing the Fourth Amendment is for. Keeping out people who have no business reading your mail.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
The company announced that it could 'see the writing on the wall'
They were however not able to read it.....
---
political types who don't want their election strategies sent to the their opposition because someone at the NSA supports the other political party. political dissidents in "friendly" countries like Saudi Arabia who would be turned over at the drop of a hat. people who are negotiating contracts with the government and don't want their negotiating strategies revealed. whistleblowers.
So i guess, you didn't use envelopes for your mail before email?
Why use clothes even? What do you have to hide?
Why whisper?
That's right... it's called privacy.
I don't think Silent Circle would commit an effective suicide just preventively. Lavabit, while technically not saying a word about NSLs, told us very clearly what the request was. If the government criminals are not idiots, they learned and worded the Silent Circle order in a way that prevented such disclosure.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Yes, that's what the official story may be... but who knows? Just two or three days ago was the whole exposing of how the government admitted that they have been coming up with "alternate explanations" of how they get various pieces of intelligence so that the official explanations don't point to prism/etc. So truly, how can we possibly know?
- First they ignore you, then they laugh at you, then ???, then profit.
Lavabit and silent circle inspired me to think about some kind of peer to peer distributed email system.
Although currently everyone can install an email server (e.g. there are several available in debian). It is not what would solve the problem. Not just because it requires technical expertise, but also because it requires too much dedication on your side to maintain your freshly installed server. Also to make sure it has outside access with SMTP port, and so on. Not mentioning that it needs about 100% uptime. Such solution is too much centralized.
I was thinking about p2p email more like this one which I googled right after I had this initial idea. This is a proof of concept so it can work.
Key features would be:
1) uses p2p distributed encrypted file system, like tahoe
2) each p2p node can act as email receiver/sender
3) to send email to someone you use nick@1.2.3.4 where 1.2.3.4 is any IP that is running p2pemail. Simplest would be 127.0.0.1 if you just run a p2pemail node yourself.
4) everyone can have p2pemail account, just connect via https to nearest p2pemail node. It can be running on your computer or anywhere else. Doesn't matter. This just requires setting up an account name on your side, and a lenghty password, which is also used as a sha256 seed for private key for encryption of your emails and also as a PGP signature for you emails.
5) PGP signing emails would be so easy, that it would be a new standard.
6) all encryption and decryption is done locally on your computer either in javascript or in your email client. Just make sure that your browser and computer are not compromised.
7) if any of p2pemail nodes are running compromised code (eg. like compromised tor nodes) they still cannot read your email, because they have no acces to your private key. The only hope they can have is to monitor when you are accessing your data, but only if a request to the compromised node is made.
8) even if huge NSA datacenter decided to store all p2pemail data, they still cannot read it, and have nobody to file a warrant to.
If we combined that with bitcoins we would get additional (optional) features:
9) buy storage with bitcoins, while buying decide how many copies of your data you want to have (can change this anytime later). Offer any price you want, lower bids might not be taken.
10) provide encrypted storage space and get paid. If you store multiple copies of same data (might be possible before p2pemail gets popular) ensure that at least it is on different physical locations, otherwise you might be compromising security
11) create whitelists with people from whom you want to receive email, add mandatory bitcoin fees if anyone not on the whitelist wants to send you email.
12) You can create various stages if whitelisting, depending on domains you can define different prices to receive email. Or you can say that first email is free for everyone, and each next will be paid or not depending on if you received spam. Or configure spamassasin to decide for you.
PROBLEM: where do my friends send email to?
ANSWER: your_nick@p2pemail.org/net/com/info (we need to register many domains, and use many IPs to resolve those dns-es)
PROBLEM: Will my address still be the same after long time?
ANSWER: your nick in p2pemail will be the same, tell your friends that if they cant send email (eg. govt seized all p2pemail domain names), then they have to find some p2pemail node. Google it, or install one themselves. If they can't do that, you can solve this by installing a node yourself, and making sure it has the same domain name all the time. Services like dyndns can help you with that.
well maybe that's just a pipe dream. But the proof of concept implementation that I linked above gives some hope. What do you think?
#
#\ @ ? Colonize Mars
#
This is the reason why the fourth and fifth amendments exist. The fourth/fifth amendments does not exist for the purpose of protecting criminals. The fourth/fith amendments exist to protect innocent citizens from otherwise accidentally incriminating themselves. If it's extremely dangerous (and often incriminating) to speak to the police for a few hours in an interrogation, imagine what the police could do with years worth of email conversation.
This is how it works:
1) The government suspects you of a crime (rightly or wrongly)
2) The government looks up your email history to try to find something with which to convict or embarass you (do you honestly think that if you have years of email conversations that there's not SOMETHING in there that could do this?)
3) The government uses that as leverage against you
Remember, most people "don't have anything to hide", and therefore don't care that much about their privacy. The problem is that most Americans commit 3 felonies a day, and therefore, by definition do have something to hide, even IF they've done nothing wrong intentionally.
If you think it can't happen to you, think again. They searched for years and eventually found something to prosecute him with.
Seriously, watch the first video. 15 minutes now could very well save you from a life of jail, if the police come knocking.
-=Lothsahn=-
Who gives a damn?
I see no reason to defend the situations in which I could choose to encrypt something. I am not going to open my stuff up to you so that I can prove I'm not a terrorist unless you have something to suggest that I am. That's not how it works in a free society.
This "we'll assume everyone is guilty and ignore the ones we don't care about" mentality is crap, and in complete opposition to privacy, freedom, and everything else the US claims to hold so dear.
It doesn't matter if I'm discussing something I'd like to patent, my financial statements, my medical condition, having an affair, or planning to BASE jump off a building -- it's none of the governments business, and without evidence to suggest I'm doing something they need to be concerned about, they can fuck off.
This is just an undue control over your citizens, and sadly, everyone else on the planet since these guys are tapping pretty much everything.
That more an more people might choose to encrypt on general principles is something the NSA is just going to have to learn to deal with -- because I see no point in helping them any more than I can avoid.
America is rapidly becoming some of the same things they used to criticize the Soviets for. And that is sad.
Lost at C:>. Found at C.
The fourth/fith amendments exist to protect innocent citizens from otherwise accidentally incriminating themselves.
And even more specifically, the fourth and fifth amendment exist to protect innocent citizens from being forced into incriminating themselves by an overreaching government who is trying to silence dissidents.
People frequently overlook the historical context of the Bill of Rights. You have a bunch of people who had just fought a revolution against a government that they believed was oppressive, and they were trying to safeguard themselves against falling under another oppressive government. The Bill of Rights was created specifically for that reason. Essentially, you have a bunch of people who were recently rebels, who want to limit the government's ability to quash a rebellion, silence dissidents, or subvert a popular uprising.
To guide them, they look through their recent history for the tools employed by the power they had just thrown off. The British had limited speech, forbidden ownership of guns, stationed military personnel in people's homes, performed searches without cause, etc. In order to prevent a new oppressive government from using those tools, the authors of the Bill of Rights made them illegal.
So it's not really a defense to say, "This should be ok, because we're only trying to catch dissidents, terrorists, and enemies of the state!" The founding fathers were dissidents, terrorists, and enemies of the state. The Bill of Rights was written to protect exactly those kinds of people.