[liberationtech] Announcing Scramble.io
DC
dcposch at cs.stanford.edu
Fri Aug 23 01:53:59 PDT 2013
Hi everyone,
I'm DC, and I've been lurking here for a few weeks :)
Since the NSA leaks, I've been inspired to work on an old dream: end-to-end
encrypted email.
One difficult problem in public-key encryption is key exchange: how to get
a recipient's public key and know it's really theirs.
My plan is to make make your email the hash of your public key.
For example, my address is *nqkgpx6bqscslher at scramble.io*
(I borrowed this idea from Tor Hidden Services.)
This lets you build an email system with some nice properties:
* It's webmail. I want something easy to use and understand, unlike PGP, so
that nontechnical people can grok it.
* Webmail has an inherent weakness: if push comes to shove, the NSA can
compel a Scramble server to serve bad Javascript to their users. I want to
give users the option to install the app as a Chrome extension. Same HTML,
CSS, and JS, but served locally, so the server is untrusted.
* You can look up someone's public key from an untrusted server, and verify
that it's actually theirs.
* Anyone can run a Scramble server
* It's open source
* All email between Scramble addresses is encrypted. Both Subject and Body
are encrypted via PGP.
* With some precautions, it's possible to avoid associating your real
identity with your email address at all. This means that even From and To
can be anonymous.
Feel free to try it out! https://scramble.io/
Here's a more thorough description of my design and my motivations:
https://scramble.io/doc/
Finally, here's a more thorough description of the technical details:
https://scramble.io/doc/how.html
Thoughts?
Best
DC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130823/8dd9c710/attachment.html>
More information about the liberationtech
mailing list