Quote from: foxen624 on August 09, 2013, 10:48 pmWell, that's reassuring... or is it? It's just when the co-author of PGP suggests that it may not be enough to keep the government from getting through anyway.. well, it did get me somewhat concerned and I wanted to get the thoughts of others in this community...If you read Jon Callas' comments carefully, they make perfect sense, particularly to those of use with some understanding of how the technology works. Quote We designed our phone, video, and text services (Silent Phone and Silent Text) to be completely end-to-end secure with all cryptography done on the clients and our exposure to your data to be nil. The reasons are obvious  the less of your information we have, the better it is for you and for us.Silent Mail has thus always been something of a quandary for us. Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it with SMTP, POP3, and IMAP cannot be secure. Callas is mostly right here. Email can be made secure, but it requires using tools and techniques that will literally make the average user's head explode. All of Silent Circle's other services are point-to-point, from one user to another, whereas email is based on store-and-forward technology. You have to understand that when the net was initially developed, the technological landscape was _very_ different to what it is now. DSL and cable modems didn't yet exist -- almost all communications took place via dial-up lines using laughably slow modems -- at least by today's standards. The best you could ever get on a dial-up line using a conventional modem was 56 Kbits/second. I'm old enough to remember when modems were a "buck a baud" -- when I scored a brand-new Hayes 1200-bit modem for about $700, I felt like I had won the lottery! (Remember even the slowest high-speed connections today, at about 1 megabit/second, are almost one thousand times faster than these old lumbering beasts.) When email was developed, back in the day, computers all too often communicated over dial-up lines via long-distance. These transfers (usually over UUCP, Unix to Unix Copy Program) usually took place in the middle of the night, when long-distance rates were lower. Part of the reason that email messages are store-and-forward hearks back to those days -- someone figured out that machine A could call machine B for a cost of a local call, and machine B could call machine C for the cost of a local call, whereas a call from machine A to machine C might incur long-distance toll charges. The entire point behind using a store-and-forward system was to reduce communications costs to the operators. The problem is that the current email standards, based on store-and-forward, are too well established to abandon easily, if at all. Silent Circle could come up with a new standard, but then it wouldn't be email as any of us would recognize it. You note that he's not saying anything about the Feds breaking PGP; that because it's highly unlikely that they have done so. Finally, here is some information on Silent Circle's Silent Mail offering, from a archived copy of their website: you can see that they were offering a email service, with 1GB of storage, and also a service to manage user keys (likely similar to Hushmail.)I'm sure you can understand how both of these would provide extremely attractive targets to LEA. Quote * Encrypted Email - Send completely encrypted emails and files directly to other Silent Mail users or to any email address. * Plug-N-Play -   Easy, quick and secure. Simply plugs directly into your existing mail client (Outlook, Mac Mail, etc). * PGP Secure -   The world's most used encryption designed by our founders Phil Zimmermann and Jon Callas   * 1 GB of Storage - Get a @SilentCircle.com email address. Comes with 1 GB of encrypted storage.What Silent Mail Can and Cannot Do:Silent Mail is an encrypted email service that provides secure, encrypted email with minimal burden to its users. Silent Mail integrates with any email client that supports IMAP on any device. Silent Mail offers two modes of working:- Complete end-to-end encryption with you, the Silent Mail user, holding your own OpenPGP key or S/MIME certificate. - Managed encryption using our PGP Universal encryption servers that manage keys and certificates for you. The first mode of operation offers full email security, but is hard to use. Most of the world does not use email encryption precisely because it is hard to use. There are many ways to use OpenPGP or S/MIME, and our PGP Universal servers make the encryption easier.The second mode of operation is convenient, but not as secure. All you have to do is configure your email client to use our servers and your email will be encrypted. The downside is that our servers create and manage your keys. We separate duties with our staff between email management and key management. The people managing your email can't read it and don't have access to your keys. The people who manage the encryption server don't have access to your email. Only you can decide whether this meets your security needs. We are pleased if it does, and understand if it doesn't.There are some things that Silent Mail cannot do. Our Silent Phone, Silent Text and Silent Eyes utilize peer-to-peer (device-to-device) encryption, which means your device holds the encryption keys, not us. Silent Mail uses server-side encryption.Nightcrawler4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B   (MIT clearnet keyserver)PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B  (IndyMedia https: clearnet keyserver)PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090  (Silk Road Forums PGP Key Link)PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0