Lavabit returning

5 respuestas [Último envío]
libredrs

I am a member!

Desconectado/a
se unió: 01/29/2012
SuperTramp83

I am a translator!

Desconectado/a
se unió: 10/31/2014

Ladar Levison for president! :)

libredrs

I am a member!

Desconectado/a
se unió: 01/29/2012

...........

hack and hack
Desconectado/a
se unió: 04/02/2015

Now that it's here, I wonder if it's worth it.

I mean, I even might try and make GPG work instead.
But for GPG:
- lots of efforts to setup and use properly on my part, same thing for people I communicate with.
- who you communicate with, and email title are leaked.
- at least you control the process from start to finish.
- since most people have compromised OS, At least the OS owner could in theory access what's onscreen (thus decrypted). That's added to the downsides listed in the link : http://www.howtogeek.com/187961/why-no-one-uses-encrypted-email-messages/.

Bottom line:
- it takes two to tango (both need a libre OS),
- GPG seems to take more effort to setup, leaks some metadata, but at least I have more control over it than DIME (no 3rd party I have to trust).

A good thing is the possibility to setup DIME on my own server (if it really is free software), and it would be an option that even my parents could make work (even if they use non-free OS, at least it takes some players out of the game, like the email provider).

onpon4
Desconectado/a
se unió: 05/30/2012

> at least I have more control over it than DIME (no 3rd party I have to trust).

If I understand correctly, DIME's encryption in "paranoid" mode should be just as secure as GnuPG (assuming it's good cryptography). It's end-to-end encrypted. It just supports allowing users to trust the server for ease of use.

hack and hack
Desconectado/a
se unió: 04/02/2015

I see. So it should be even better since it leaks less data.
Well, ultimately, I would need to trust that the owner actually installed the right software on his server, right?

EDIT:
Reading again what you wrote, and also the following, I see that trusting the server isn't an obligation:
The server will never have access to a user’s private keys (encrypted or decrypted). Paranoid mode minimizes the amount of trust a user is required to place in their server, at the expense of functionality. Paranoid mode does not support webmail access or allows users access their account from multiple devices without an external method for synchronizing their key ring.

So since the keys can never be on the server if chosen, and that the software is free, then there shouldn't be any need to trust the server.

But then any VPS should be as good in theory. Obviously this sounds like a huge headache and I wouldn't dare trying, I'm just not understanding if the service provided is different from installing the software on any random VPS.