[liberationtech] Any thoughts on this?
Nadim Kobeissi
nadim at nadim.cc
Sat Jun 22 13:00:15 PDT 2013
Yeah, this is completely nuts. You're sending the service's owner(s) your password and plaintext in the clear. The person(s) operating this service get(s) all the passwords, all the plaintext, and even which IP address is sending/receiving plain texts at what time with each password. It's terrifying.
For what it's worth, I've tweeted at the author asking him to take it down. He seems to be just a well-meaning guy:
https://twitter.com/kaepora/status/348530356317741056
NK
On 2013-06-22, at 2:45 PM, Julian Oliver <julian at julianoliver.com> wrote:
> ..on Sat, Jun 22, 2013 at 09:15:45AM -0700, Yosem Companys wrote:
>> From: Dewald Pretorius, owner of SocialOomph.com
>>
>> The alarming revelations of the extent to which our privacy is being
>> invaded by governments have inspired me to create a free encryption service
>> that is for everyone. It is gratis, it's extremely easy to use, and it's
>> anonymous (no need to sign up).
>>
>> https://www.encryptfree.com
>>
>> Essentially, you use the free service to encrypt the text you want to
>> protect, paste the encrypted version into an email, tweet, Facebook post,
>> Google+ post, etc., and give the decryption password to the intended
>> recipient. The recipient uses the site to decrypt the text using the
>> password you chose (only someone who knows the password can decrypt the
>> text).
>
> It's done server-side and so the owner of that service is in the sweet spot,
> getting everyone's text in the clear. Whether he actually does delete the text
> as he says begs far too much trust. Who says he wouldn't sell out if offered a
> ton of money for a back door? I certainly wouldn't use it for anything remotely
> important.
>
> PGP/GNUPG is a better way to go, done locally on the user's machine. PGP Desktop
> clients can be used for encrypting text, independently of email.
>
> Here's one for OS X:
>
> https://gpgtools.org/
>
> Windows:
>
> http://gpg4win.org/
>
> Us GNU/Linux users can just use the command line or a GUI like:
>
> http://utils.kde.org/projects/kgpg/
> http://projects.gnome.org/seahorse/
>
> Cheers,
>
> --
> Julian Oliver
> http://julianoliver.com
> http://criticalengineering.org
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list