[liberationtech] pgp message encryption and decrypion using just a browser

[Brandon Wiley]

On Mon, Sep 27, 2010 at 11:33 AM, David Dahl <david at ddahl.com> wrote:

> On Mon, Sep 27, 2010 at 8:57 AM, Brandon Wiley <brandon at blanu.net> wrote:
>
> I have built a similar system using pure Javascript implementations of RSA
> > and AES which I can send you if you'd like. My original goal was to
> develop
>
> You should put it up on github or bitbucket. I would like to see it.
>

Fair enough. Here it is: http://github.com/blanu/jscrypto The parts you
might be interested in are in lib/ and api/.

right, this is the second application I would like to work on. I was
> thinking about having a shared key for each feed you are allowed to
> follow, to make it simple and fast.
>

Shared keys might just pass the "good enough" threshold. I think the goal
should be to just make the default mode not be full disclosure of your
information to the service provider. If the provider has to try to actively
subvert your privacy, then I think that's good enough. So with shared keys,
you would need to send each follower a public key encrypted copy of the
shared key when they follow you. Then in order to decrypt your messages the
provider (or anyone really) would at least have an account that follows you.
To have any kind of protection against bots, you'd need to have a private
feed where you manually accept each follower.

The weakness of this system is that accepting one trojan horse reveals all
of your messages and then blocking existing followers would of course mean
you'd need to encrypt and publish all of your messages again with a new
key and then distribute that key. This seems pretty okay to me as it reduces
the privacy issues to an already existing issue of not making connections
with strangers. Everything except for good judgement can be automated away.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100927/4ab2901f/attachment.html>