

Petraeus should have used PrivateSky - bribriinlondon

Browser based identity based encryption with embedded 2-factor authentication - http://privatesky.me
======
bribriinlondon
PrivateSky is a browser based encrypted messaging and managed file transfer
service. The keys are only available to the sender and recipient, not even
CertiVox staff can access the keys. They are not physically able to comply
with CALEA requests, as all encryption and decryption happens in the browser.

------
nodata
Summary? Why is SSL not needed for the site? (could I MITM some JavaScript
that does something bad?)

The domain is registered via an American provider, using a proxy service. This
seems strange.

~~~
bribriinlondon
Sign up for the service, it's free. The service is served over SSL so there is
little risk of MITM (that would require a Diginotar style hack). The marketing
site does not require SSL. We are not collecting and you are not transmitting
any information on the marketing site (except for Google Analytics). The
domain is registered at GoDaddy. Yes, we are not big fans of GoDaddy, but it's
a pain to move your domain registrations. The domain proxy service is standard
when you don't want to receive a lot domain spam to your technical contact.

