[HacktionLab] Own-Mailbox: Self hosted web mail PGP/ HTTPS

Thu Sep 24 09:10:38 UTC 2015

On 24/09/15 09:13, Jim McTwanky wrote:
> "100% confidential", "100% secure"
> 
> "*Own-Mailbox allows you to send and receive 100% confidential messages
> even with people who don't use email encryption yet.* For this purpose
> we introduce PLM, a new technique that allows you to send a filtered and
> temporary *HTTPS link* to your contacts. This link points to your
> private message hosted on your Own-Mailbox."

Hi,

Point taken, nothing is 100% secure and its unfortunate to make such
grandiose rhetorical claims in the context of security.

Still, I'd still say this will help frustrate mass surveillance efforts
which seems to be the threat model they're protecting against. And be
usable by mere mortals which is the audience they seem to be aiming for.

> So, it's relying on public key infrastructure i.e. putting it's trust in
> a 3rd party the CA.

They're going to use lets encrypt, which is an initiative of the EFF and
others https://letsencrypt.org/.

I'm more inclined to put trust in that effort than most other CAs, but
they could in theory be rogue or compromised.

Either way, the cert is generated per device, so if you didn't trust
letsencrypt, you could train people to verify the cert fingerprint or
install your own CA into their browsers and self-sign.

The main point is this: while TLS isn't perfect (there's the CA problem
and maybe more implementation attacks (as there might be in PGP or OTR
implementations too) and you need to disable lots of ciphers), it does
meet the goal of making mass surveillance a lot harder whilst being
"usable by humans". And TLS also lets you have some nice things like
forward secrecy.

I'm very interested to see if we can come up with a better idea for how
to do the crypto on this sort of device. Thoughts?

Cheers,

> 
> No such thing as 100% secure. This is nowhere near.
> 
> Cheers,
> 
> Jim
> 
> 
> 
> 
> On 23/09/15 23:16, sam at bristolwireless.net wrote:
>>
>> This looks kind of interesting £52.10 inc P&P, they are just over
>> halfway to crowd funding target, they need another 800 people to back
>> them to get it made.
>>
>> I'm tempted to take a punt, what do people think?
>>
>> https://www.own-mailbox.com/
>>
>> "Own-Mailbox is a personal email server you can run in your own home,
>> with strong privacy protection measures integrated at its core. It
>> provides self-hosted email addresses, or connects with your existing
>> email address. In both cases, you can seamlessly send and receive
>> encrypted emails from anywhere in the world, through the Own-Mailbox
>> webmail interface, through a smartphone app, or using external email
>> software (such as Thunderbird or Outlook).
>>
>> Own-Mailbox, is very easy to set-up and use - as easy as a GMail account.
>>
>> Own-Mailbox automatically encrypts your emails using Gnu Privacy
>> Guard, a strong encryption software. This is the same software that
>> has been used by Edward Snowden (as shown in the movie citizenfour).
>>
>> Own-Mailbox allows you to send and receive 100% confidential messages
>> even with people who don't use email encryption yet. For this purpose
>> we introduce PLM, a new technique that allows you to send a filtered
>> and temporary HTTPS link to your contacts. This link points to your
>> private message hosted on your Own-Mailbox."
>>
>>
>> https://www.kickstarter.com/projects/1547898916/own-mailbox-the-first-100-confidential-mailbox
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> HacktionLab mailing list
>> HacktionLab at lists.aktivix.org
>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> 
> 
> 
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> 

-- 
Charlie Harvey
IT Director
New Internationalist

t: +44 (0)1865 403249
f: +44 (0)1865 403346
w: http://newint.org/
k: http://ox4.li/gpgkey/

New Internationalist is an independent not-for-profit communications
cooperative. Our multi-award winning magazine, New Internationalist,
brings to life the people, the ideas and the action in the fight for
global justice.

New Internationalist Publications Ltd. is incorporated in England
under no.1005239.

New Internationalist, Old Music Hall, 106-108 Cowley Rd.,
Oxford, OX4 1JE, UK

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20150924/8e318d99/attachment.sig>