

Overview of projects working on next-generation secure email - bruo
https://github.com/OpenTechFund/secure-email

======
betterunix
"in an age where we better understand the power of social network analysis and
the sensitivity of the social graph, the exposure of metadata by a "Web of
Trust" is no longer acceptable from a security standpoint."

That depends on your security goal. Your goal might be to check to see if a
message was sent by the person listed in the "From" field, in which case WoT
can work very well.

"Nearly every project here uses Trust On First Use (TOFU) in one way or
another"

This is not perfect either. In the scenario I described above, TOFU may be
less useful than WoT. There are also scenarios in which TOFU makes no sense at
all -- maybe I want to anonymously send an encrypted message to someone, and I
have no point of reference for their key.

"This is not possible with the traditional protocol for email transport,
although it will probably be possible to piggyback additional (non-backward
compatible) protocols on top of traditional email transport in order to
achieve metadata protection."

Ahem:

[https://en.wikipedia.org/wiki/Cypherpunk_anonymous_remailer](https://en.wikipedia.org/wiki/Cypherpunk_anonymous_remailer)

~~~
mike-cardwell
The trouble with the web of trust is that it's basically analogous to
publishing your contact list. It may solve some problems, but it creates
entirely new ones at the same time.

------
pbiggar
Tangential: anyone know of an overview of projects working on next-gen IRC? I
know the standard HipChat, Campfire and Flowdock, and recently discovered
Slack and [http://kato.im](http://kato.im). Would love a full list.

~~~
akkartik
[https://news.ycombinator.com/item?id=7267226](https://news.ycombinator.com/item?id=7267226).
Telegram seems most important in the context of security.

~~~
zmanian
Cryptocat and Text Secure are most important in terms of security. Telegram
still looks like security theater.

~~~
akkartik
Ack, you're right. Subliminal marketing takes hold again :/

My intention was to push back on the references to hipchat, campfire and so
on.

------
axansh
Looking great,Looking forward for shortcut keys like gmail. Yes i know i am
hoping more :) but if i will get chance i will implement it.

------
fyolnish
It's a bit ironic that freedombox is using an expired certificate

