With Lavabit’s closure and Silent Circle’s shutdown of its Silent Mail, the question is where to turn next for a secure email service.
Prims-break.org has a few suggestions on which to consider trying out and which to definitely don’t, whether it’s a service or a piece of software.
Mega CEO Vikram Kumar has also announced that they are working on a new secure email service that will run on server networks that will be legally inaccessible to US authorities.
Whether that means New Zealand or another country like Iceland is still to be decided, as Mega founder Kim Dotcom is worried about New Zealand government’s apparent inclination for laws that would force service providers to cooperate with the authorities by handing over decryption keys or providing a backdoor into their servers.
Kumar says that they are working on the aforementioned email service, but that it could take many months to deliver a product they are satisfied with.
They are working on finding a solution to keep Mega secure even if SSL/TLS is compromised, and are experimenting with new and still theoretical technologies such as Bloom filters.
“The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,” he shared with ZDNet’s Rob O’Neill.
“If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible, but very, very hard. That’s why even Silent Circle didn’t go there.”
Mega, which is currently just a file hosting service, opted for client-side encryption so that they don’t know what type of content is uploaded, they don’t have or store the encryption keys, and consequently can’t hand them over to anyone.
Vikram says that “Mega will never launch anything that undermines its end-to-end encryption core security proposition”. While he seems optimistic about their plans, only time will tell whether they will succeed in creating a secure and usable encrypted email service.