How do we make web stuff that's secure enough for human rights workers?

Discuss

5 Responses to “How do we make web stuff that's secure enough for human rights workers?”

  1. vance_tam says:

    Use an Iron Key with a truecrypt volume, and GPG to send email via Gmail.

    Hushmail hasn’t been in the least secure in many years:

    http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

    (yeah, there’s no “l” on that URL.)

    If you don’t control the encryption, you control nothing.

  2. GeorgeMokray says:

    This is something that Google Ideas and their head, Jared Cohen, are very concerned with and may actually be working on.  How much I trust them with it is another question.

  3. Paul Renault says:

    What about CryptoCat?
    https://crypto.cat/

    /D’oh: Shoulda read the article first. Cryptocat it is!

    /Hmm! Article about an article about CryptoCat:
    http://www.wired.com/threatlevel/2012/08/security-researchers/all/

  4. When communicating with amateur and non-technical people there is nothing you can do to ensure high security of your communications. The best solution I can suggest is public key cryptography, but that doesn’t help secure your key at the receiving end and it doesn’t solve the rubber hose problem or just people filming your fingers while you enter the passphrase.

Leave a Reply