[liberationtech] Anyone tested this?

Steve Weis steveweis at gmail.com
Thu Jun 23 09:28:14 PDT 2011 

Privatesky.me is based on Certivox. Details are scant, but this page implies
that Certivox is using identity-based encryption (IBE):
http://certivox.com/index.php/technologies/ondemand-key-generation/

That page talks about Certivox issuing keys to senders, which are combined
with a recipient's identity to generate the recipient's public key. That's
the classic IBE model. However, private keys in IBE systems are generally
issued by a central authority. That's consistent with having to install a
Silverlight client from Privatesky before you can read any messages.

If Privatesky is issuing private keys to each client, the statement in the
FAQ (https://privatesky.me/faq)  "Can you see my stuff? Can you see my data?
No." is not accurate. Users would be completely trusting the key-issuer.
That's why IBE systems are generally proposed for an enterprise setting,
where a central authority controls issuing keys.

I've been talking with their CTO on Twitter and asked if this is the case:
https://twitter.com/#!/sweis/status/83931891618693121

On Thu, Jun 23, 2011 at 6:46 AM, Yosem Companys <companys at stanford.edu>
wrote:
>
> PrivateSky shields online exchanges from prying eyes
>
> (AFP) – 16 hours ago
>
> SAN FRANCISCO — A free service launched on Wednesday called PrivateSky
lets Internet users shield email, Facebook updates, and other online
exchanges from hackers or other unwanted snoops.
>
> The service from startup CertiVox comes as hackers appear to be rampaging
through the Internet, cracking defenses at companies, attacking public
websites, and tricking their way into email accounts to spy on contents.
>
> PrivateSky works with Internet Explorer (IE) browsers to provide
encryption for whatever people type into message boxes and decodes it only
for those they chose.
>
> Users highlight blog posts, Facebook updates, email messages or other text
then indicate who should be allowed to read them. Missives are decrypted
only for intended recipients.
>
> "It is literally one click encryption and decryption," said CertiVox
founder and chief executive Brian Spector.
>
> Internet security firm Trend Micro warned this month that cyberattackers
have attempted to infiltrate Web-based email services run by Microsoft and
Yahoo! as well as Google.
>
> "There has been a variety of recent attacks on popular Webmail platforms,"
Trend Micro senior threat researcher Nart Villeneuve said in an online post.
"In addition to Gmail, Hotmail and Yahoo! Mail have also been targeted."
>
> Trend Micro released the news after Google said a cyber spying campaign
originating in China had targeted Gmail accounts of US officials, military
personnel, journalists, Chinese political activists, and officials in
several Asian countries, mainly in South Korea.
>
> Encrypting email is seen as a way to thwart email snooping, but the
process has typically taken a bit of software savvy.
>
> CertiVox set out to make encryption simple with PrivateSky. "This is kind
of like arming the citizenry," Spector said.
>
> The encryption service works on any Web-based email such as Gmail, Hotmail
or Yahoo! Mail as well as posts at social networks.
>
> CertiVox started with IE because of its global popularity but is adapting
the service to other Web browsing software. CertiVox intends to eventually
encrypt photos and other large data files as well as text.
>
> The application for IE browsers is available for download online at
https://privatesky.me.
>
> Copyright © 2011 AFP. All rights reserved.
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
>
> You will need the user name and password you receive from the list
moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110623/bb3799f5/attachment.html>

More information about the liberationtech mailing list