Slashdot Mirror

← Back to Stories (view on slashdot.org)

After Lavabit Shut-Down, Dotcom's Mega Promises Secure Mail

Posted by timothy on from the why-can't-he-and-mcafee-have-a-reality-show? dept.

Lavabit may no longer be an option, but recent events have driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption. ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail: "'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.'"

3 of 158 comments (clear)

  1. The Universal Declaration of Human Rights by Max_W · · Score: 4, Insightful

    The should be developed an international mechanism of verifications of the Article #12 of The Universal Declaration of Human Rights. Many countries have signed it. The should be international inspections of data centers, telephone companies, etc.

    http://www.un.org/en/documents/udhr/index.shtml#a12

    Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

  2. Chasing the wrong target. by DerekLyons · · Score: 4, Insightful

    I've said it before and I'll say it again, this concentration on encryption is fiddling while the house burns. Encryption is sexy, and easy, and kewl, and l33t... but it won't protect against the real threat - traffic analysis.

  3. Privacy in 2 years by Okian+Warrior · · Score: 5, Insightful

    This whole thing about privacy will be a non-issue in about 2 years.

    There's currently a mass-exodus away from US-based cloud services, and (within the US) away from all cloud services.

    Cloud services will have to provide privacy or go out of business. The only way to ensure privacy is client-based encryption keys and open-source software. Since it's impossible to control the distribution of open-source software, the client-side package will end up being free.

    This is a good thing, IMHO. Cloud services will focus on the actual service, they won't be able to rummage around in our lives (both corporate and personal), they won't be able to "monetize" their customers as products to advertisers, and the NSA will be shut out of much illegal snooping.

    People are already thinking about how to encrypt existing web-based mail services, and I'm even hearing rumors about replacing SMTP altogether with a more secure protocol.

    Expect a lot of wailing and gnashing-of-teeth from the government, proposals to make this or that protocol "illegal" or to require government backdoor access, but in the end it will come down to simple economics.

    There is an enormous market-driven push towards more privacy. Edward Snowden has had a measurable effect on the world, and probably deserves the Nobel peace prize he was nominated for.