[Cryptography] ? recommendations for secure communications
John Denker
jsd at av8n.com
Thu Oct 12 14:01:15 EDT 2017
Hi --
Suppose you were a reporter at a small local newspaper.
No great tech skills and no great resources. Still,
you want people to be able to send you confidential
tips and leaked documents.
The standard answer is SecureDrop. It seems pretty
decent to me. It's a complicated system, but I
don't see any way to simplify it without sacrificing
a significant amount of security.
I suppose Signal makes sense for simple messages, but
even so there is a record of who called whom. And
AFAICT there is no good way to attach typical documents.
Can email be secured in a reasonable way for ordinary
non-wizard users, or has everybody given up on this?
More narrowly, is it worth trying to provide some security
for the average non-techie gmail user? In particular, has
anybody we know evaluated this plugin for adding PGP to
the gmail web interface?
https://chrome.google.com/webstore/detail/cryptup-encrypt-gmail-wit/bnjglocicdkmhmoohhfkfkbbkejdhdgc
Anything else you would recommend?
Considerations include:
-- ease of installation
-- general ease of use
-- attachments
-- security w.r.t message body
-- security w.r.t metadata
Favorite maxim:
Metadata is data.
A cryptosystem that leaks metadata is a cryptosystem that leaks.
More information about the cryptography
mailing list