![]() ![]() Sending a password used for one-time decryption through iMessage, Signal, or a similar service for a message sent by email offers very little risk of compromise because it’s a different path. For most people that could be by phone or a secure end-to-end messaging tool. That can be set up in person or using an “out of band” method-that is, any method other than email. The only flaw in this arrangement is that the recipient has to know the password. The message and any attachments are encrypted locally, so your words and files never leave the device. As with SecureMyEmail, Protonmail never possesses user secrets to unlock that data.)įor everyone else, SecureMyEmail lets the sender create a password that wraps a message in strong encryption using a key that expires in a period from one hour to 31 days. Protonmail has similar-or even higher-levels of protection and privacy, but requires use of a address and passes secured data through its own servers. (This makes it distinct from Protonmail, the closest competing offering. Users of email clients that have plug-ins for PGP or GPG can also receive, validate, and decrypt messages from SecureMyEmail. Recipients who also use SecureMyEmail-admittedly, a small number so far-can receive encrypted messages without any additional effort. Regardless, Witopia never sees the unencrypted private key or learns the user’s password protecting it. This facilitates installing the same key on other copies of SecureMyEmail, but it’s not required. Witopia offers users the option of uploading their private key using an escrow method, in which users set their own additional password known only to them. The private key is kept strictly protected and local for that decryption. This is a public-private key pair, the kind used in public-key cryptography, which allows the free distribution of the public key for others to use to encrypt messages that only the recipient can decrypt. SecureMyEmail uses its software to let a user create a key locally if they don’t have one. Plug-in-based solutions still require users to manage their own keys, distribute the public component to others, and find their own secure solution for recipients who don’t use GPG or PGP software. (The software operates within your browser on desktop platforms, but handles encryption and decryption entirely on your device.) While this resembles GPG plug-ins available for some email clients, it’s more comprehensive, simple, and expansive. Version 2 relies on existing email accounts-$30 a year for up to five accounts-with its multi-platform software acting as a combination of email client and encryption manager. “We’re all so hungry for privacy, but we all use this thing every day,” he says of email. Knowing that billions of emails are sent each day, Bullock says Witopia retooled an earlier version of SecureMyEmail, which was too restrictive. That’s too tall an order for anyone, even if Slack and others have tried to displace email for business and group communications. But Bullock isn’t trying to paint email as something his company can replace.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |