Today brings news from two outlets working on the problem of securing electronic messages. The announcement thus far getting the most press comes from a fairly large group of rather smart people calling themselves The Dark Mail Alliance working on a software and service level tools to handle the email privacy problem. The group getting less attention is smaller and still very intelligent No Such lAbs team which has a announced pricing and other details on a hardware tool for handling the secure email problem. What are we to think of the two approaches?
Generally I think anything that gums up the screws of the surveillance state with more ciphertext is good. Details came out about the Dark Mail Alliance project at the Inbox Love email conference's keynote speech and if there is time I might break apart considerations from the speech, but waiting for white papers would probably be prudent. The involvement of internet saints Ladar Levinson and Phil Zimmerman is promising. At the very least this represents a promising channel for conveying messages. I have to wonder though how much attention they will pay to attempting to protect against diddling in the underlying hardware of software layers.
The approach of No Such lAbs, the people behind the Phuctor, proceeds from the assumption of a generally more hostile computing environment, per their initial announcement of the Cardano:
It is sad reality that such guarantees are all but absent in today’s computing world. We make it our business and purpose in life to create products that may be used to enact absolute guarantees, to verify them and to enforce them - and in the process we both create the measures by which you can evaluate the freedom available in the world in which you live as well as provide the bricks upon which a free world may be built, one bit at a time.
This no doubt has influencing it Stanislav Datskovskiy's laws for sane computing. While Dark Mail offers a plaform built on potentially untrustworthy platforms, the Cardano offers a self contained device for public key cryptography. The Cardano promise is that when its physical security is maintained it may be used to securely even in tandem with hostile communications channels and hostile hardware.
While the recent attention to Levinson and Zimmerman makes most efforts they could announce newsworthy, it does raise some concern that the effort which assumes more extreme obstacles to be overcome is receiving so little attention.
Update: If it isn't clear, I plan on buying some Cardanos and personally think the Dark Email thing is probably going to end up being snake oil. Like tor it seems like something that might inconvenience adversaries, but it lacks the assurances of an in itself device.