

Good time for someone to build a GOOD secure email replacement? - Hilyin

I don&#x27;t have the skills necessary to build it, but this feels like this scandal could be a good catalyst to start an adoption of a secure email replacement.
======
luxpir
Perhaps someone could explain how starting from scratch and building an
encrypted p2p email system would be insecure?

That is, an imaginary mail client (hosted or local) with encrypted storage,
transfer and constant processing of emails routed to other active mail
clients. Perhaps split and routed over several nodes, as with Skype. Without
the PGP-style need to exchange keys in advance, and based on an open standard
of some kind. File transfer could be interesting this way, as with BitTorrent
Sync.

Spam filtering an anonymous, encrypted service such as this seems nigh on
impossible. Could there be a way to enforce accountability? Or whitelisting
only messages you want to receive on reviewing sender/title details? Not any
practical way I can conceive. Perhaps the only way is to manually approve each
new contact. Clicking 'no' to 1000 spam addresses a month might get a little
tedious, however. A shared blacklist could do the trick, but it's hardly a
robust solution.

I've often thought this to be the most obvious direction to look in for a
solution, yet I'm very sure that I'm simplifying the likely vast problems its
developers would face.

~~~
luxpir
So, after using HNSearch for recent PGP comments, it turns out that at least
one such solution exists [1]. It can be found here:
[https://bitmessage.org](https://bitmessage.org), along with its interesting
whitepaper from 2012 outlining its operation.

I'll try to submit it to HN to raise awareness.

[1]
[http://news.ycombinator.com/item?id=5845858](http://news.ycombinator.com/item?id=5845858)

------
hardwaresofton
In the end, isn't it more about where it's built than the product?

If the product is within reach of an unreasonable governing body, then it's in
danger right?

------
claudius
Email is secure iff you use it properly. Just like everything else.

~~~
glitch273
How about a system where it's secure even if the user is dumb.

~~~
claudius
Do you have _one_ example of a system that is secure even if the user is dumb
(for example forgets to lock the front door)?

~~~
sx43
Bio-metric passwords (i.e. fingerprint / eye scan).

~~~
claudius
Fingerprints are left all over the place all the time, and it is probably not
much more difficult to acquire eye scans.

And for such a system, the user would have to re-use his passwords at many
different places again…

~~~
infinii
“My name is Werner Brandis. My voice is my password"

