-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Moritz Bartl: > Hi, > > On 14.02.2013 11:42, adrelanos wrote: >> What if Hushmail (or any other mail provider) had recommended the >> user to install a browser add-on to do encryption locally? Could >> they get forced to convince the user to install a malicious >> browser add on, on request by law enforcement? > > Most likely. Why not?
I was actually thinking exactly this myself. > > "My" way would be to produce the browser addon independently from > offering mail services. The mail provider would then just be > recommending the "third-party" addon -- even if the addon is made > specifically for that service (or web interface). > > Browser plugins for en/decryption were often discussed here and > you should be aware of their issues. In short, you cannot create a > safe en/decryption plugin and at the same time have high > usability. > I don't see any point in a browser extension if you're going to go to the extent of installing that why not just use an email client. It would use a lot less bandwidth to use a email client like Thunderbird and use POP/IMAPS than a web interface anyway. I'd also argue that it's a lot more secure too, given that implementations like FireGPG always had issues. Also, the source code for the extension would need to be available, and then it would be bound to particular browsers, not a good move in my opinion. It would also be only available then on particular platforms. I know for example with PGP I can decrypt emails on Android using K9/Kaiten with APG. Also as it would only be used with one provider, the code would have a lot less widespread usage in comparison to something like Enigmail and Thunderbird or Sylpheed etc. I also think hushmail's Java requiring extension is a lot less usable than a decent mail client with pgp support, even inexperienced users detest horribly slow java applets. Then there's also the fact that Oracle can be kinda slow to fix 0day Java exploits, and those nearly always revolve around the web browser. - -- scarp | A4F7 25DB 2529 CB1A 605B 3CB4 5DA0 4859 0FD4 B313 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRHPKFAAoJEF2gSFkP1LMTl+wP/io9fHqggZUCQXihfRjVWInF 12xnpJMiM5amVCTHv0ypUEU0FB+zlPRXCZPWOkoKw9P8NK/NZuEq0KFVXT1SKxRS l2WBmVIdOwj1r7dGxIEc2HL/+St47qunQAWcOluRAvIY1UHFSZFRS29zvQr72WDt +OYOrciFmR2cu+qMx9xtJzZx3637yZ/VYiHFhrE3bJ2tXAaESmwT78MdhTbJr+/Z qimUDyUtWt08vuQ6+mbipxVUWBadpw64zvV66v4ZUGoj9utzYqW/PYiYrdZ9Pk7V Y62mlcN8ylGSfiQDUvmAUcHJgEp8QUlPpVLzYxY4wZHNYLNyMtnHP3qFRb/samix dXljclYEoGkDxmJFudbI2FQGJAurNYzrz2wE+K4HH307MLE5G4gCIxQ8MdgUZefa roQkhcSjm2/H+dxGIHBBr5wKjkJ8F41nEnLdtzuOq76zd/n1TgAqAxcLAaNItYql 0qg2+9bmZDZqoVXzqaOsgrkeA0emRObTE4vg4bvVVPxsqSib/YJwlCwmEhSqz8JA yD+yYqoKnsBRZgQngAV1tQrBJAulFlsnVVLyJ1s52JK+0ZKhY429GQDv/hBA+uke +f+5n2BfXcJ9ACNt12S9dlBr8jyMDPx16S5b0y/clBUNcK0PtCTsOHAfig2TnXZG j5IQ8TH/ShiZwCCPgm03 =BYdp -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk