I appreciate the cheekiness of calling it the "Dark Mail Alliance", but from a purely PR perspective, it would make sense to reconsider your name if you are taking the position that encrypted end-to-end email is not solely an interest of those pursuing shady or deviant activities.
I hope they are successful. For a long time I have wished that someone with the expertise and time would be motivated to create a new email system from the ground up, and make that system widely available and 'open' (in the sense of open protocols).<p>There are many challenges, but if they can pull it off there are many benefits as well. And perhaps the nicest part is that it is hard to actively oppose such efforts without revealing an intent.
I am definitely no security expert, but from my feeling it seems as if unsecure protocol + secure messaging layer is much more successful in practical applications than purely secure protocols. Therefore my believe would be that improving existing secure messaging layers would help the world much more than creating another secure protocol which nobody will use because it would require to replace the whole infrastructure. Especially Email seems to be something that is unlikely to go away, because of its long history, huge infrastructure and simplicity.
My Fucking Mail would be a better name. As in, it's mine, do fucking not read it. Sorry for the profanity but I think it fits how many people feel about this.
To everyone complaining about the name: it is just the name of the advocacy/development group. You don't call SMTP mail 'IETF mail', nor should you call call whatever they come up "dark mail alliance mail".
Anyone gone through the checklist yet?
<a href="http://craphound.com/spamsolutions.txt" rel="nofollow">http://craphound.com/spamsolutions.txt</a>
This is very good news. An interesting not here: In Norway the official postal service, Posten, has introduced something called DigiPost. Post means mail, so DigiMail. This is essential a secure way of sending information and it is approved by the Norwegian government for sending and receiving sensitive information. So you can ask to get your sensitive government stuff through DigiPost.<p>My point being: There is already a big market for sending secure emails. If this Dark Mail, or whatever it is called, is secure enough for a government to use then the adoption will be huge.<p>This probably means that it should be called something else than dark. "Normal people" don't know what encryption is, what NSA is or even why it is bad that companies like Google read and use their email. They won't know why or even that their email is insecure. They might have ssl in their Web browser showing a small lock, so they think they are already secure and don't need this "SecureMail". It is absolutely critical that the name of this thing is something that a normal person will feel that he/she needs. Something as simple as "New Email". Yes, the nerds will rage, but the nerds already knows why this is a big deal. The name does not need to cater to them. What is important is to get adoption of this new email platform. And naming it secure mail will probably not help. And having a dark alliance behind it all is the worst idea so far. Both words have negative annotations and sounds like a untrustworthy hacker group or even a terrorist organization. Needless to say, they need some serious re-branding, and fast.
And this is how committees fail to achieve results ;)
The top 20 (?) comments (or at least the most voted comment thread) is a discussion/argument on just the name...
From the talk that just finished at Inboxlove, it appears they will use XMPP for transport, some JSON and encrypted cloud storage.<p>You receive a message via XMPP that an email is waiting for you on the cloud storage (similar to MMS). This is also a good solution for the spam problem, I think.<p>They have a working prototype, a whitepaper is forthcoming and the community is welcome to improve the new standard.
I hope to see this magic new mystery protocol as something similar to TextSecure, where we have forward secrecy from the OTR protocol.<p>The current e-mail protocols are far too centralized, which doesn't make sense. Mail is delivered, and after that, it is no longer in possession of USPS. This is unlike how E-mail works (even though it kind of seems like that's what happens).<p>I hope to see some kind of client being required to run on my computer to decrypt e-mails at rest and receive e-mails that are delivered to me from the central server.
I'm really interested in their solution for solving metadata leakage. I just looked over the SCIMP white paper, and it didn't mention anything about metadata.
The site <a href="http://www.darkmail.info/" rel="nofollow">http://www.darkmail.info/</a> is served over http and not https. If someone has access to the pipe, it would be easy get the email addresses of people who submit their email addresses at that site.
Not sure I understand. Both SilentCircle and Lavabit have ceased offering their services. Are they now combined in an advocacy group to design a new email protocol and get it adopted by the IETF?
As much as I hate promotion emails, I do hope they make sure that companies can still send mass "dark mails" securely, rather than sending the one by one...
They mentioned having a "web of trust" to help fight spam. But if you use that, doesn't it mean someone like NSA, who can get everyone's public keys (which I assume is what they're going to use for this, just like for PGP), could then identify who are the people talking to each other, and essentially invalidate all their metadata gather protections? Or would that key be ephemeral, too?
you can listen to more here <a href="https://www.youtube.com/watch?v=IgV_Z6V_llk" rel="nofollow">https://www.youtube.com/watch?v=IgV_Z6V_llk</a><p>started at min 30 or so
Can we stop with 'the name sucks' meta discussion and focus on the topic? I for one would <i>love</i> to see this work out. It'd be goddamntime someone clever did something about it and I could not imagine two better parties starting this.
Since it hasn't been mentioned yet, OS X and iOS already support S/MIME encrypted email, and having the private keys live on users' devices and doing encryption of outgoing messages on users' devices is probably the safest setup.
Sounds like another reinvention of the wheel, the "email" part of <a href="http://retroshare.sourceforge.net/" rel="nofollow">http://retroshare.sourceforge.net/</a>
Email is so broken from a security standpoint I doubt that email 3.0 would even make it off the ground. You would be better off taking something like IM which silent circl allready has a secure solution for and adding the store and forward capabilities that make email email. Then u could have email clients use that protocol. But asking the entire world to change / upgrade it's email servers and clients with a fundamentally different protocol. I don't see that being successful.
I don't understand how anyone of you can say "it's never going to take over email 1.0". Success is a lot about realisation. We have to start somewhere and this is a good start as any.<p>Having a standard is certainly a necessity. I definitely see secure email starting as a niche and if the user experience is at least as good as gmail I don't see any reason why a new email system would not take over.<p>It's not going to happen overnight but there definitely is a need for it. Lavabit and Silent Circle are proofs that this need is real.<p>There are major issues with replacing the current email:<p>1) there is no good open source email interface (if I'm wrong, please point me to this gem). Roundcube is good but not good enough when you come from gmail. I don't know of anything better than roundcube.<p>2) the threshold for a company to implement secure email is too high. Having a secure standard with secure libraries certainly lower that threshold<p>3) the current open source mails are GPL like licenses. This sucks for companies and individuals. Give them the ability to do what they want, including money. Replacing email is not going to happen without investment. Technology investments are mainly done by companies, only exceptionally by individuals.<p>Anyway, if anyone wants to take a shot as implementing an easy to use & opinionated (ie standardisation vs customization) webmail, chime in: <a href="https://github.com/nherment/dolphyn" rel="nofollow">https://github.com/nherment/dolphyn</a><p>(edit: form & typos)
"dark mail alliance" group, here is what you need to do...<p>1. get a new website, terrible design even from a 1995 point of view it is bad. Drop shadows on tag-lines are tacky. Not that tech people care, but if you want to take over the world. Try starting by having a decent designer on your team.<p>2. the only way to "truely" fix this for good is to not use email. instead, use a different form of communication (im thinking of...)<p>3. work with a few "enterprise companies"
4. get some capital
5. lastly, email is really still on 1.0, there was really no 2.0... unless you consider the time before the internet as 1.0 when the government used internal mail. But as we know mail today technically its still 1.0
The name "Dark Mail" is going to automatically be associated with the "Dark Net" which brings up thoughts of drug dealing and child pornography. This is their first problem.<p>The second is their approach. Overcoming the install base of current email, no matter how much better your new offering, is practically impossible. So instead secure layers on top of existing email is your only feasible option.