
Announcing The Dark Mail Alliance – Founded by Silent Circle and Lavabit - cylo
http://silentcircle.wordpress.com/2013/10/30/announcing-the-dark-mail-alliance-founded-by-silent-circle-lavabit/
======
natural219
I appreciate the cheekiness of calling it the "Dark Mail Alliance", but from a
purely PR perspective, it would make sense to reconsider your name if you are
taking the position that encrypted end-to-end email is not solely an interest
of those pursuing shady or deviant activities.

~~~
sandstrom
I totally agree, I _really_ think you should change the name.

Some suggestions:

\- Locke Mail [from John Locke]

\- Mill Mail [from John Stuart Mill]

\- Hobbes Mail

\- Liberty Mail

~~~
RamiK
Freedom \ Liberty \ Patriot \ Constitution Mail would be very effective in
blocking political speeches and biased headlines from cheap attacks. My
personal favorite is Lincoln Mail... Seems highly appropriate on many levels
and should be FOX News proof.

~~~
danudey
As a non-American, all of these terms remind me of irritating American flag-
waving rhetoric (the kind used to justify the types of things that the NSA is
doing right now, for that matter), and I would wager most of the world would
feel the same.

~~~
ics
So why not use multiple brands? I don't think the name is to be taken lightly
at all, and naming it in such a way that doesn't make it such an easy target
could do some real good. They just need to bring the tech, and then we can
have a whole laundry list of names suitable for different languages/cultures.

------
ChuckMcM
I hope they are successful. For a long time I have wished that someone with
the expertise and time would be motivated to create a new email system from
the ground up, and make that system widely available and 'open' (in the sense
of open protocols).

There are many challenges, but if they can pull it off there are many benefits
as well. And perhaps the nicest part is that it is hard to actively oppose
such efforts without revealing an intent.

~~~
SomeCallMeTim
I think the biggest barrier to entry of any new and secure email protocol will
be GMail. GMail (and similar services) are what most people seem to use at
this point.

And GMail won't update to 3.0 in any meaningful way, no matter what, since
they want to be able to mine the data in your email, so they will still be
storing it on their servers "in the clear." Which means the next time NSA
hacks their servers, they'll still be able to read all the email.

Best case is that email 3.0 will interoperate with 1.0, or GMail at least
accepts 3.0, if only to unencrypt it on their servers. Short of that, it would
take a compelling use case to convince people to leave GMail, so we'd be right
back to where we are with email 2.0: No critical mass of adoption, meaning 98%
of the email you receive and write is unencrypted.

~~~
cantrevealname
> GMail won't update to 3.0 in any meaningful way, no matter what

Perhaps this problem can be addressed by having a plugin/add-on/extension that
decrypts the mail within the browser. GMail, Yahoo, or other mail providers
that don't adopt this new and secure email protocol won't get the plaintext of
your message, and preferably not the metadata either.

This requires that the new protocol use a converter or proxy or something to
be able to talk to the existing email infrastructure. I'm sure this idea has
occurred to the Silent Circle and Lavabit guys.

~~~
diydsp
Maybe people could run a local app/filter that extracts keywords from our own
mail and shares them with google. Leave the power completely in our hands to
give to google what we feel like giving them.

~~~
dmix
This patchwork approach to attempting to solve a large broken system has
visibly failed analogously to politics, in terms of preventing the threat of
mass-surveillance.

I don't see how this is any different. We need new technology to solve new
problems. Decentralization. Changing behavior is not easy, but sometimes
necessary. Everything else being proposed seems half-assed (for lack of a
better word) and easily circumventable by a resourceful adversary.

As long as Google (or whomever) holds all the cards and has a lot to lose by
not complying to threat of force (for ex. shareholders and stock prices), then
we won't get anywhere.

------
erikb
I am definitely no security expert, but from my feeling it seems as if
unsecure protocol + secure messaging layer is much more successful in
practical applications than purely secure protocols. Therefore my believe
would be that improving existing secure messaging layers would help the world
much more than creating another secure protocol which nobody will use because
it would require to replace the whole infrastructure. Especially Email seems
to be something that is unlikely to go away, because of its long history, huge
infrastructure and simplicity.

~~~
alextingle
The problem with e-mail is that gathering the meta-data is almost as valuable
as looking inside at the message contents. Secure messaging layers aren't
going to help you there - unless everyone starts using something like Tor.

~~~
betterunix
Why Tor? We have had mix-nets for many years, and they do an excellent job of
protecting metadata. Even old-fashioned cypherpunks remailers do a fine job at
that.

~~~
e12e
Appologies for the spelling errors in this note below - it's an OCR of an old
printout (I've been unable to find a current archive of cypherpunks going back
this far):

Cypherpunks archive-96.02.29-96.03.06: List of reliable remailers

List of reliable remailers Anonymous Remail Service (nobody@vegas.gateway.com)
Sun, 3 Mar 199609:18:03-0500

( Messages sorted by: [date][ threa4][ subject][ author] ( Next message: Adam
Shostack: "Re: NYT on Crypto Bills" ( Previous message: Raph Levien: "List of
reliable remailers" ( Next in thread: Black Unicorn: "Re: your mail"

Thought that this was worth reposting:

>1 attended last weeks "Information, National Policies; and International
>Infrastructure" Symposium at Harvard Law School, organized by the Global
>Information Infrastructure Commission, the Kennedy School and the >Institute
for Information Technology Law & Policy of Harvard Law School.

>During the presentation by Paul Strassmann, National Defense University >and
William Marlow, Science Applications International Corporation, >entitled
'Anonymous Remailers as Risk-Free International Infoterrorists" >the questions
was raised from audience (Professor Chaarles Nesson, >Harvard LAw School) - in
a rather extended debate - whether the CIA and >similar government agencies
are involved in running anonymous remailers >as this would be a perfect target
to scan possibly illegal messages.

>Both presenters explicitly acknowledged that a number of anonymous >remailers
in the US are run by government agencies scanning traffic. >Marlow said that
the government runs at least a dozen remailers and that >the most popular
remailers in France and Germany are run by the >respective government agencies
in these countries In addition they >mentioned that the NSA has successfully
developed Systems to break >encrypted messages below 1000 bit of key length
and strongly suggested >to use at least 1024 bit keys. They said that they
themselves use 1024 >bit keys.

>J ask Marlos afterwards if these comments were off or on record, he >paused
then said that he can be quoted.

>So I thought I pass that on. ft seems interesting enough, don 't you > think?

>Best

> Viktor Mayer-Schoenberger >Information Law Project >Austrian Institute for
> Legal Policy

Groundfog@alpha.c2.org

( Next message: Adam Shostack: "Re: NYT on Crypto Bills" ( Previous message:
Raph Levien: "List of reliable remailers" ( Next in thread: Black Unicorn:
"Re: your mail"

I of 1 05.09.96 01:58

------
natch
My Fucking Mail would be a better name. As in, it's mine, do fucking not read
it. Sorry for the profanity but I think it fits how many people feel about
this.

~~~
krutulis
I do share your sentiment! The shorter "MyMail" makes the same point without
needing the profanity, and your more emphatic name would then be available for
the most desirable MyMail client...

~~~
ape4
MeMail

~~~
insickness
That's the Irish version, as in, "Do not read me mail."

------
zokier
To everyone complaining about the name: it is just the name of the
advocacy/development group. You don't call SMTP mail 'IETF mail', nor should
you call call whatever they come up "dark mail alliance mail".

~~~
jcc80
"Well, Bob, as your viewers may know, 'Smith Mail' came out of a group that
calls themselves 'The Dark Mail Alliance'. This is a group of anti-government
hackers that..."

~~~
gknoy
"... keep their software in a so called 'subversion' repository, clearly for
nefarious ends."

~~~
hackula1
"... it's worse than that. They used git. They can git your kids, git your
job, git your family; all with one command. They can even clone you. These
hackers will be pulling and pushing this country apart!"

~~~
dingaling
Interesting! I hadn't considered that connotation of git.

To Euro-English speakers, 'git' is a rather coarse pejorative term for a
person:

[http://www.etymonline.com/index.php?term=git](http://www.etymonline.com/index.php?term=git)

It's fairly vulgar, of a similar coarseness to calling someone a 'stupid
fucker' in US terms.

The in-joke being that Mr Torvalds chose the name specifically to cause
offense.

------
danielweber
Anyone gone through the checklist yet?
[http://craphound.com/spamsolutions.txt](http://craphound.com/spamsolutions.txt)

~~~
JshWright
What's the relevance? This isn't a spam fighting endeavor.

~~~
Tepix
When you go through the trouble of reinventing email to provide proper
security, you should also solve the spam problem as part of the protocol.

It would be great if the recipient could specify the amount of proof of work
required for example. Or ask for a certain amount of bitcoin in exchange for
accepting promotional material. Or a mail attribute that indicates it's a
newsletter. Lots of interesting possibilities.

~~~
MiguelHudnandez
> you should also solve the spam problem as part of the protocol.

I disagree. Different problems sometimes require mutually exclusive solutions.

In fact, receiving lots of unsolicited mail provides some plausible
deniability. So a spam free-for-all might actually be a useful part of the new
network.

~~~
XorNot
Or you know, renders the system completely worthless because no one can sort
through that much spam.

Which also makes it completely trivial to DDoS into oblivion. And the problem
gets worse then that: the more anonymous it is, the less it's possible to stop
someone from spamming.

Though I suppose you could attack this problem from the email address side:
make it computationally expensive to general an email address, to make
address-hopping as a spammer more difficult.

------
Cort3z
This is very good news. An interesting not here: In Norway the official postal
service, Posten, has introduced something called DigiPost. Post means mail, so
DigiMail. This is essential a secure way of sending information and it is
approved by the Norwegian government for sending and receiving sensitive
information. So you can ask to get your sensitive government stuff through
DigiPost.

My point being: There is already a big market for sending secure emails. If
this Dark Mail, or whatever it is called, is secure enough for a government to
use then the adoption will be huge.

This probably means that it should be called something else than dark. "Normal
people" don't know what encryption is, what NSA is or even why it is bad that
companies like Google read and use their email. They won't know why or even
that their email is insecure. They might have ssl in their Web browser showing
a small lock, so they think they are already secure and don't need this
"SecureMail". It is absolutely critical that the name of this thing is
something that a normal person will feel that he/she needs. Something as
simple as "New Email". Yes, the nerds will rage, but the nerds already knows
why this is a big deal. The name does not need to cater to them. What is
important is to get adoption of this new email platform. And naming it secure
mail will probably not help. And having a dark alliance behind it all is the
worst idea so far. Both words have negative annotations and sounds like a
untrustworthy hacker group or even a terrorist organization. Needless to say,
they need some serious re-branding, and fast.

~~~
userulluipeste
"An interesting not here: In Norway the official postal service, Posten, has
introduced something called DigiPost." "This is essential a secure way of
sending information and it is approved by the Norwegian government for sending
and receiving sensitive information." "There is already a big market for
sending secure emails."

So there are already working solutions for the problem. I wonder - does it
really have to be created some new group of "privacy innovators [that] have
[to be] partnered to lead the charge to replace email as we know it today"? A
descriptive alliance to measure the adherence to a new solution may be a
useful thing, but some new group to reinvent some existing solution is just
political in my view.

------
aj
And this is how committees fail to achieve results ;) The top 20 (?) comments
(or at least the most voted comment thread) is a discussion/argument on just
the name...

------
cottonseed
Terrible name.

~~~
redblacktree
I submit, "Envelope." It's a good analogy, since now we're essentially sending
all of our email on postcards.

~~~
peatmoss
I'd posit that the French already have our backs. A few years ago, the
official body that governs standardized French attempted to wean French-
speaking people from the borrowed English terminology. Et voila! "Courriel," a
portmanteau of courrier and electronique was pilfered from the Quebecois for
the benefit of francophones everywhere. Sadly however, if Google Translate is
any indicator, then "courriel" never made the leap from official to
commonplace.

Now, the electronic part is a given. But what about the courier part? Here's
what Wikipedia says:

> Couriers are distinguished from ordinary mail services by features such as
> speed, security, tracking, signature, specialization and individualization
> of express services, and swift delivery times, which are optional for most
> everyday mail services. As a premium service, couriers are usually more
> expensive than standard mail services, and their use is typically restricted
> to packages where one or more of these features are considered important
> enough to warrant the cost.

Speed, security, individualization, premium? Those all sound like adjectives
that I like!

Let's do the L'Académie française a solid. Let's adopt Courriel and apply the
label only to our fast, secure, individualized, premium electronic
communiques.

~~~
bkirwi
If you're curious: courriel has become the standard term in Quebec, where
adopting English terminology is a little bit more culturally / politically
sensitive.

------
Tepix
From the talk that just finished at Inboxlove, it appears they will use XMPP
for transport, some JSON and encrypted cloud storage.

You receive a message via XMPP that an email is waiting for you on the cloud
storage (similar to MMS). This is also a good solution for the spam problem, I
think.

They have a working prototype, a whitepaper is forthcoming and the community
is welcome to improve the new standard.

~~~
scintill76
Sounds like the cloud storage could help solve the large attachment problem.
Cool.

------
mikegirouard
For those who didn't know already (I didn't, this is new territory for me),
Silent Circle is co-founded by Phil Zimmermann (the PGP guy).

------
r0muald
"Stay connected with the Dark Mail Alliance

[Enter your e-mail] "

~~~
netgineer
And over an unencrypted channel no less, www.darkmail.info doesn't have ssl,
so the NSA will know if you are interested.

~~~
dmerrick
It is not a crime to be interested in something like this.

~~~
e12e
Not yet it isn't.

Remember what happened with "Anarchist's cookbook" and recipes for thermite
and such that used to be readily available on the net, and relatively
uncontroversial. It was just "information" after all. These days it seems
knowing how to do some basic chemistry is considered intent to do harm or
something.

------
theboss
I hope to see this magic new mystery protocol as something similar to
TextSecure, where we have forward secrecy from the OTR protocol.

The current e-mail protocols are far too centralized, which doesn't make
sense. Mail is delivered, and after that, it is no longer in possession of
USPS. This is unlike how E-mail works (even though it kind of seems like
that's what happens).

I hope to see some kind of client being required to run on my computer to
decrypt e-mails at rest and receive e-mails that are delivered to me from the
central server.

~~~
conroy
The protocol is based on SCIMP[0] which supports forward secrecy.

[0]: [https://silentcircle.com/web/scimp-
protocol/](https://silentcircle.com/web/scimp-protocol/)

~~~
theboss
Aha, very good find. Okay then I am pleased.

------
conroy
I'm really interested in their solution for solving metadata leakage. I just
looked over the SCIMP white paper, and it didn't mention anything about
metadata.

~~~
redblacktree
I think not sending all of the data in cleartext will still be a huge
improvement.

~~~
Xylakant
I think this is one of the fundamental misunderstandings: Metadata includes
such interesting things as "who has been sending messages to whom at what
time" and potentially also from where (ip address). This is an avenue to
reconstruct social networks and behavioral patterns, especially if you can
crosslink the data with other public sources. I recommend this visualization
of the movement profile only derived from the collected data of one german
politician (sorry, german only but fairly easy to understand)
[http://www.zeit.de/datenschutz/malte-spitz-
vorratsdaten](http://www.zeit.de/datenschutz/malte-spitz-vorratsdaten)

~~~
lucastx
English version: [http://www.zeit.de/datenschutz/malte-spitz-data-
retention/](http://www.zeit.de/datenschutz/malte-spitz-data-retention/)

------
ad93611
The site [http://www.darkmail.info/](http://www.darkmail.info/) is served over
http and not https. If someone has access to the pipe, it would be easy get
the email addresses of people who submit their email addresses at that site.

~~~
keehun
The marketing system they're using is Mailchimp which I'm sure is also easy to
access for anyone who might've been able to snoop emails off the HTTPS version
of DarkMail.info

------
chiph
Not sure I understand. Both SilentCircle and Lavabit have ceased offering
their services. Are they now combined in an advocacy group to design a new
email protocol and get it adopted by the IETF?

~~~
fulafel
IETF has become less relevant of late, they don't get stuff adopted and have
been taken over largely by architecture astronauts.

~~~
smoorman1024
What do you mean by architecture astronaut?

~~~
lucajona
See "Don't Let Architecture Astronauts Scare You" by Joel Spolsky:
[http://www.joelonsoftware.com/articles/fog0000000018.html](http://www.joelonsoftware.com/articles/fog0000000018.html)

------
alexchamberlain
As much as I hate promotion emails, I do hope they make sure that companies
can still send mass "dark mails" securely, rather than sending the one by
one...

~~~
angersock
Wait wait wait!

Requiring _very strong_ encryption may help make spam email computationally
infeasible.

That alone might be worth it!

~~~
sliverstorm
I thought even extremely strong encryption was computationally quite light-
it's cracking the crypto that takes computing muscle.

~~~
conductor
Maybe they are going to require "Proof of work" \-
[https://bitcoin.it/wiki/Proof_of_work](https://bitcoin.it/wiki/Proof_of_work)

~~~
toomuchtodo
If only there was some way to make spammers do the work of Bitcoin miners....

------
devx
They mentioned having a "web of trust" to help fight spam. But if you use
that, doesn't it mean someone like NSA, who can get everyone's public keys
(which I assume is what they're going to use for this, just like for PGP),
could then identify who are the people talking to each other, and essentially
invalidate all their metadata gather protections? Or would that key be
ephemeral, too?

------
presty
you can listen to more here
[https://www.youtube.com/watch?v=IgV_Z6V_llk](https://www.youtube.com/watch?v=IgV_Z6V_llk)

started at min 30 or so

------
digitalengineer
Can we stop with 'the name sucks' meta discussion and focus on the topic? I
for one would _love_ to see this work out. It'd be goddamntime someone clever
did something about it and I could not imagine two better parties starting
this.

------
pixelcort
Since it hasn't been mentioned yet, OS X and iOS already support S/MIME
encrypted email, and having the private keys live on users' devices and doing
encryption of outgoing messages on users' devices is probably the safest
setup.

~~~
bigiain
Hmmm, I don't know if I'm being outrageously paranoid, but I'm resisting the
temptation to put my PGP private key on my iPhone - because it'd be _way_ too
easy for Apple to extract the key/passphrase if they were coerced by someone
powerful enough, and those "powerful enough" have shown that they consider a
court order granting them the private key used to secure 400,000 people's
email is an appropriate tool when targeting a single individual.

Once that's known, is it really such a stretch to assume that an already
complicit PRISM partner might be convinced/coerced to monitor downloads of
crypto-capablea app from their respective app-stores, and provide or allow
backdoors to their OS that leak private keys?

Maybe that's being overly paranoid, but in the "post Snowden" era, it might
just be a sensible and pragmatic view…

~~~
e12e
It's good to be paranoid - but if you don't trust Apple -- you'll have to be
quite paranoid with your (and every other) iPhone you encounter. After all
they might be recording all sound within range of the mic, for example. Or all
text typed. Or both.

AFAIK Apple is close to best in class when it comes to handling secure
information (keys, pins etc) -- even if they're not perfect.

~~~
bigiain
My assumption is that if the NSA takes a specific interest in _me_ - then
Apple and/or Google could be requested/coerced into making any iOS or Android
device I was suspected of carrying do that.

If I held a top security clearance in a country the US was interested in, or
was a politician, diplomat, drug-dealer, or Occupy Movement organiser - I
wouldn't be happy using a modern smart phone.

As a "nobody", I doubt the NSA would burn those resources on monitoring me.

On the other hand, I wouldn't be _too_ surprised to find the NSA take special
interest in anybody who's downloaded a PGP/GPG app from the App Store or
Google Play - and if I worked for the NSA I'd certainly have entertained the
idea of working out how to subvert iOS/Android to expose private keys and
passphrases using privileged vendor-provided OS access.

And I doubt I'm anything like as smart/creative/evil as the best people
working at the NSA…

(And Apple definitely talk best-in-class talk about secure data handling, but
there are some interesting questions about how your old
passwords/iMessages/keys re-appear on a new iOS device when you replace them…)

------
frank_boyd
Sounds like another reinvention of the wheel, the "email" part of
[http://retroshare.sourceforge.net/](http://retroshare.sourceforge.net/)

~~~
mburns
Dismissing or deriding a project because it is not completely novel is
unhelpful.

Since 'retroshare' hasn't taken the world by storm, maybe that wheel _needs_
to be reinvented.

~~~
frank_boyd
FYI, RetroShare has a solid and solidly growing community.

Of course, if you want to talk about "taken the world by storm" as in
"Microsoft Windows 95": You're right, no encryption software has ever taken
the world by storm. And that has to do with the fact that the general public
doesn't care about privacy, b/c they have no clue how it works and most of all
what the mid- and long-term consequences of losing privacy will be for their
lives.

------
softworks
Email is so broken from a security standpoint I doubt that email 3.0 would
even make it off the ground. You would be better off taking something like IM
which silent circl allready has a secure solution for and adding the store and
forward capabilities that make email email. Then u could have email clients
use that protocol. But asking the entire world to change / upgrade it's email
servers and clients with a fundamentally different protocol. I don't see that
being successful.

------
tocomment
What's wrong with bitmessage?

~~~
nwh
Bitmessage doesn't scale, it's POW doesn't solve any spam problems, and it's
largely insecure. There's been quite a lot of public discussion about just how
hilariously insecure it is.

~~~
tocomment
I didn't know that. Is anyone working on an improved version? It seems like a
great idea in principle.

~~~
nwh
There's room for improvement, but there's a lot of core issues that just can't
be flushed out.

The concept of the POW is to stop spam, as all addresses are inevitably
public, it doesn't really work though, as spammers typically have access to
botnets which can spam all day long. Normal users just have to wait minutes to
send a message.

The scale issue is a weird one, they plan to split the network into different
"streams" with different address types, which just sort of muddles the entire
setup. Ultimately the limit is how much CPU and bandwidth the network can
survive with while mirroring the entire content of the entire network.

There's lots of problems with timing attacks that have been "resolved" with
random sleeps, though nobody is really convinced of that too much.

~~~
sirsar
>The concept of the POW is to stop spam

Your other points are good, but this one is wrong. Bitmessage is currently
bundled with a client because that makes adoption easier, but ultimately,
Bitmessage is first and foremost a protocol. POW increases the cost of
flooding attacks on the network. Clients like Thunderbird (it was easier for
me to integrate Bitmessage with Thunderbird than my regular email provider)
stop spam.

The scaling is a rather hard problem, since, for anonymity, "everyone gets
everything." If you have any ideas about how to scale a network like that, OR
have any comparable methods for hindering traffic analysis, you should
publicize them.

The timing attack mitigation via sleeps /is/ a rather ineffective substitute
for constant-time decryption.

In summary:

1\. POW is a non-issue, and part of the design at least the way you've put it.

2\. Scaling is inevitable given the tradeoffs being made, unless you have a
better idea, for which I will pay money

3\. Timing attacks are a temporary problem, but they can certainly be "flushed
out."

------
dllthomas
"Dark Mail" reminds me of Chrono Trigger...

~~~
hmsimha
I was going to say something about it providing 5 points of magic defense :P

------
nherment
I don't understand how anyone of you can say "it's never going to take over
email 1.0". Success is a lot about realisation. We have to start somewhere and
this is a good start as any.

Having a standard is certainly a necessity. I definitely see secure email
starting as a niche and if the user experience is at least as good as gmail I
don't see any reason why a new email system would not take over.

It's not going to happen overnight but there definitely is a need for it.
Lavabit and Silent Circle are proofs that this need is real.

There are major issues with replacing the current email:

1) there is no good open source email interface (if I'm wrong, please point me
to this gem). Roundcube is good but not good enough when you come from gmail.
I don't know of anything better than roundcube.

2) the threshold for a company to implement secure email is too high. Having a
secure standard with secure libraries certainly lower that threshold

3) the current open source mails are GPL like licenses. This sucks for
companies and individuals. Give them the ability to do what they want,
including money. Replacing email is not going to happen without investment.
Technology investments are mainly done by companies, only exceptionally by
individuals.

Anyway, if anyone wants to take a shot as implementing an easy to use &
opinionated (ie standardisation vs customization) webmail, chime in:
[https://github.com/nherment/dolphyn](https://github.com/nherment/dolphyn)

(edit: form & typos)

------
pekk
Why did Lavabit ever need to have my messages in the clear?

The problem is manufactured and the solution is missing the point.

------
betterunix
What exactly remains to be developed? We have Mixmaster, Mixminion, Sphinx,
etc....

------
speedyrev
SPOILER: A year from now we find out this is an NSA black ops project.

~~~
eruditely
Ladar is a hero. I would trust him over myself.

~~~
e12e
Which is why he would make such a great front for a black op... ;-)

------
computerhead
"dark mail alliance" group, here is what you need to do...

1\. get a new website, terrible design even from a 1995 point of view it is
bad. Drop shadows on tag-lines are tacky. Not that tech people care, but if
you want to take over the world. Try starting by having a decent designer on
your team.

2\. the only way to "truely" fix this for good is to not use email. instead,
use a different form of communication (im thinking of...)

3\. work with a few "enterprise companies" 4\. get some capital 5\. lastly,
email is really still on 1.0, there was really no 2.0... unless you consider
the time before the internet as 1.0 when the government used internal mail.
But as we know mail today technically its still 1.0

------
hafichuk
Has anyone actually confirmed that Ladar Levison is behind this?

~~~
jontas
Here he is on video discussing it:

[https://www.youtube.com/watch?v=IgV_Z6V_llk](https://www.youtube.com/watch?v=IgV_Z6V_llk)

I guess I wasn't actually there in person to witness it so I can't confirm he
wasn't one of those Tupac holograms[1].

1:
[http://www.youtube.com/watch?v=TGbrFmPBV0Y](http://www.youtube.com/watch?v=TGbrFmPBV0Y)

------
yaiu
I wish they would give some sort of freebie to prorated Lavabit users that
were were SOL due to the shutdown.

------
balabaster
This is awesome, but will it be open sourced so that everyone can inspect the
code and verify its sanctity?

------
xanth
In all seriousness my opinion can be summed up as; Open Source Or GTFO

------
infocollector
Can we not just do this with an open alliance and pick up a name ?

------
tbfrench
LinkedIn to announce Dark Mail support.

------
shazow
Maybe better yet, EncMail.

------
tylerkahn
If you were interested in seeing any details whatsoever about the protocol
there are none either in the article or on the official website.

~~~
dochtman
They appear to be talking about this thing:

[https://silentcircle.com/web/scimp-
protocol/](https://silentcircle.com/web/scimp-protocol/)

I thought we didn't want to use the NIST curves (like ECC-384?) anymore...
seems something like Curve25519 might be better.

~~~
JshWright
We're working on moving away from NIST curves as a default.

[http://silentcircle.wordpress.com/2013/10/17/this-one-
goes-t...](http://silentcircle.wordpress.com/2013/10/17/this-one-goes-to-414/)

------
ebbv
The name "Dark Mail" is going to automatically be associated with the "Dark
Net" which brings up thoughts of drug dealing and child pornography. This is
their first problem.

The second is their approach. Overcoming the install base of current email, no
matter how much better your new offering, is practically impossible. So
instead secure layers on top of existing email is your only feasible option.

------
ps4fanboy
Something like Secure Mail, Safe Mail, Trust Mail, Private Mail sounds better
than Dark Mail

