Antes nos quejabamos de microsoft, como el Gran Hermano, pero resulta que ahora tenemos uno que lo ha desbancado, y para colmo, usando parte del software libre que tanto defendemos. He visto este documental en la televisión alemana: http://www.dw.com/es/google-potencia-mundial/av-19496300 A traves de ese documetal, me he enterado de un buscador anonimo, que además no filtra y ordena los resultados como lo hace Google: https://www.startpage.com/ Y un correo electrónico que supuestamente es mas seguro, pero pago: https://www.startmail.com/ Design considerations When creating StartMail, we were presented with several choices concerning security, privacy and user experience in our service. In this section we address the most notable decisions. Webmail vs Desktop client Our goal in creating StartMail was to develop a beginner-friendly OpenPGP client. We decided to ofer a webmail client rather than a desktop (or mobile) application, for several reasons. First, many email users have grown accustomed to using a browser to access their mail. Second, since users expect to be able to access their mail from diferent devices, a webmail solution gives them an alternative to OS-specifc applications and allows them to beneft from the ubiquity that browsers ofer. Finally, there are already secure OpenPGP compatible desktop clients that can be confgured to work with StartMail via IMAP. Te StartMail Web application is a PGP-enabled mail client for the Web. Nevertheless we also ofer full support for traditional email clients using IMAP. Client-side vs Server-side encryption By design, OpenPGP operations (such as encryption and decryption) can take place either on the server or on the client. In StartMail, all OpenPGP operations take place server-side. We have opted to perform cryptography on the server after throughly considering the client-side option. We rejected it because OpenPGP operations in a Web browser take place in a JavaScript context, which is not at all the right environment for cryptography. A number of compelling reasons why this is the case are described by Matasano in this excellent article: http://www.matasano.com/articles/javascript-cryptography/ . Among the reasons for rejecting client-side cryptographic operations are: • Browser JavaScript is not ready for cryptography in terms of programming primitives such as a reliable source of random numbers, mathematical functions etc. • Te malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: the server providing the JavaScript could easily place a backdoor in the code, or the code could be modifed at runtime through another script. Tis requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography. • JavaScript is executed in an environment (the browser) over which the programmer has extremely little control. In these conditions it becomes hard or impossible to perform secure memory management, protect against timing attacks, and so forth. In simpler terms: JavaScript is a poor environment for handling such a delicate operation as cryptography. What's more, JavaScript code that runs in the browser can be infuenced by any other piece of JavaScript code running in the same browser window, and sometimes even by other pages. Tese conditions make it unfeasible for us to guarantee the same level of security we can ofer by delivering server-side cryptography. A commonly cited beneft of performing cryptography client-side is that, in theory at least, the server or mail provider never has access to the user's OpenPGP private key, thus reducing the amount of trust that the user needs to place in the mail provider. In practice, however, this security beneft is illusory. Te only occasion in which OpenPGP private keys are truly not in contact with any server or server-provided code, is by performing cryptography through native desktop applications (e.g.GnuPG or GPGtools). StartMail already fully supports this through IMAP. https://www.startmail.com/documents/whitepaper/whitepaper.en_US.pdf Que opinan? Salu2 -- USA LINUX OPENSUSE QUE ES SOFTWARE LIBRE, NO NECESITAS PIRATEAR NADA Y NI TE VAS A PREOCUPAR MAS POR LOS VIRUS Y SPYWARES: http://www.opensuse.org/es/ Puedes visitar mi blog en: http://jerbes.blogspot.com.ar/ -- Para dar de baja la suscripción, mande un mensaje a: opensuse-es+unsubscribe@opensuse.org Para obtener el resto de direcciones-comando, mande un mensaje a: opensuse-es+help@opensuse.org