Hacker News new | comments | show | ask | jobs | submit login
Petraeus should have used PrivateSky
2 points by bribriinlondon on Nov 16, 2012 | hide | past | web | favorite | 3 comments
Browser based identity based encryption with embedded 2-factor authentication - http://privatesky.me

PrivateSky is a browser based encrypted messaging and managed file transfer service. The keys are only available to the sender and recipient, not even CertiVox staff can access the keys. They are not physically able to comply with CALEA requests, as all encryption and decryption happens in the browser.

Summary? Why is SSL not needed for the site? (could I MITM some JavaScript that does something bad?)

The domain is registered via an American provider, using a proxy service. This seems strange.

Sign up for the service, it's free. The service is served over SSL so there is little risk of MITM (that would require a Diginotar style hack). The marketing site does not require SSL. We are not collecting and you are not transmitting any information on the marketing site (except for Google Analytics). The domain is registered at GoDaddy. Yes, we are not big fans of GoDaddy, but it's a pain to move your domain registrations. The domain proxy service is standard when you don't want to receive a lot domain spam to your technical contact.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact