I found out of - and begun testing on - a web-based e-mail service dubbed
MailVault. While there are countless mail services out there with various but plenty of features for each, why is this a contender?
MailVault allows you to use OpenPGP encryption straight out of your mailbox, without the need to copy/paste content or to use additional applications. You use a passphrase to create a key pair that you can use to sign or decrypt your e-mail [obviously you need someone else's public key to encrypt mail going to them.] All in all, it sounds like a sweet service, short of a few less-than-minor issues:
Yesterday as I was trying this, incoming mail did not reach my Inbox. I tried again today with both encrypted and unencrypted mail but to no avail. I guess you cannot really use this service right now, I will check back to see whether the messages were delayed or not.
Your private key is stored on some server, somewhere. Where cypherpunks worry about keys being stored in the VRAM of the computer during encryption, these guys store keys and make an attempt to advertise their service as super-safe. Which is not and will never be. Sure, it makes sense to use the service for minimal tasks, but then again why bother? It is no safer, in the fight against Big Bro, than plaintext. Since both keys are stored on the server there is little in the way of either impersonating or opening your messages.
False sense of security is much, much worse than paranoia.
cryptographycypherpunk
