[pdx]

I knew this is the first thing I would read. We are becoming pretty predictable.

I tire of hearing this repetitively, every time somebody attempts to take this path, but I recognize you are doing it for anybody that is new and didn't hear the other warnings.

Isn't the perfect the enemy of the good?

Can we recognize that this is a good first step, and definitely constitutes a huge improvement over gmail/yahoo type webmail solutions?

You can still quickly add a disclaimer that you hope they quickly begin the large task of development of native windows/mac/linux/ios/android apps that will remove the javascript concern.

If you spit on everything that is not perfect, you may be steering people away from taking any action to protect their privacy.

[acabal]

Not in this case, I don't think. If there's a way to break encryption, even in the smallest way, then it's not really encrypted, and calling it "good enough" does a disservice to people who actually expect it to be flawless.

Look at Lavabit, which was good but not perfect... everyone thought they were protected enough, and then the government came knocking and all of a sudden the little gotcha of "Well, Lavabit did have access to your data after all, even though they promised not to look and also be really careful about their encryption keys" is the crack they use to blow the entire thing open. (Though that was a pretty damn big crack, admittedly.)

If there's a way to break in, then it will be broken in to--and then "good enough" all of a sudden becomes "tragically and dangerously broken" for the kinds of people who trusted it the most: activists, whistleblowers, informants, political radicals, etc.

[pdx]

That's fair, and I do not want him to stop warning us. I recognize his expertise.

I just feel that these sorts of criticisms, that are not sandwiched with at least a little positive message, are keeping people paralyzed in gmail and yahoo and msn while they wait for perfection.

[tptacek]

What positive message are you looking for here? Are you just glad people are trying to protect people, even if they're failing?

[read]

tptacek, can you suggest a design for end-to-end email encryption delivered through a browser?

As theboss mentioned [1], is:

(a) browser crypto theoretically impossible, is it

(b) that something's practically from browsers today (like build-in crypto code) for a practical solution, or is it

(c) that existing attempts have not attempted to do something that is theoretically possible?

If I understood you correctly, you alluded verification might be possible [2] but it seems there isn't yet a clear description or understanding of what's possible and what's not.

[1] https://news.ycombinator.com/item?id=7757892

[2] https://news.ycombinator.com/item?id=7757678

[tptacek]

Verification isn't possible in modern browsers. This is an inherently hard problem, one that has caused some people who've launched carefully-designed encrypted mail systems to abandon the effort.

[read]

Am I understanding you correctly that verification IS possible in browsers, just not the existing modern ones (e.g. because of limitations in the existing modern ones) and that browser crypto is possible?

(I recognize it might inherently be a hard problem, but hard does not equal impossible. I also recognize there are benefits to a simpler solution that can outweigh the benefits of a harder solution.)

[tptacek]

I don't know about the "perfect" and the "good", but the "trivially breakable" is definitely the enemy of "keeping secrets from governments".

[pdx]

You choose to ignore my point. Obviously you know about "perfect" and "better than gmail", right?

[tptacek]

Then Gmail is more secure than this service, because Google's servers are pinned in browsers, so you can't compromise them by compromising any CA in the CA hierarchy.

[fareastcoast]

I don't really agree with this. Gmail is compromised by the NSA sending one email to Google.

[prayag]

I hear you dude but this is clearly not "end-to-end" encryption. End-to-end has a very specific meaning. End-to-end encryption means a messaging system in which one or more compromised node from node 1 to N-1 could not eavesdrop on the message. In this solution if you get access to node 1 (the server), you get access to the message. It's binary. There's either end-to-end encryption or there isn't. This one isn't.

[kingzero]

> Can we recognize that this is a good first step, and definitely constitutes a huge improvement over gmail/yahoo type webmail solutions?

No its not. "Browser crypto" in the form of JS is broken. There are many different possible attacks. So a false sense of security is actually worse then no security at all.

[afreak]

If you're concerned about keep things private, having it technically sound is important. This application fails that and as a result deserves to be shot down.

There is no need for niceties when you're trying to promote something as secure when it isn't.

[stonogo]

> Isn't the perfect the enemy of the good?

Yes, but neither of those descriptors apply to this product.

[john_b]

One can worry about making a system perfect once it solves the problem it sets out to solve. They chose to build on a platform (browsers) that has known security issues at a conceptual level, and have apparently ignored those issues while advertising an end-to-end secure service. That doesn't inspire trust. Perfect comes after working.

[sp332]

tptacek doesn't seem to be "spitting". He just pointed out that the crypto can be broken by the server so this doesn't count as end-to-end crypto.