Having just come on board, I’ve been having a poke around the progclub projects.

One that caught my eye immediately was Pccipher. It’s a client-side javascript symmetric encryption library. Fricking cool stuff!

Yeah, yeah. As John pointed out, this isn’t what you’d use to set up your own community bank or anything. That is, it’s client-side, so it can’t be trusted, right? Well, I guess that’s if you’re playing the part of the server. But if you are the client, that finger can point the other way.

Like webmail. Yay, searchable, forever capacity, and no administration headaches. But always at the back of my mind is the fact that every single word I type is sent off to the mothership. All the better to server you ads (and… you know, whatever else they feel like doing). In my case, that’s gmail, but pick whichever poison you want.

Lately there has been a bit of media buzz about some “secure” mail systems shutting themselves down, rather than yield more than they’d like to the US government. To me, anyone trusting those services in the first place must be a bit mad in the first place. Once the unencrypted content has left your system, you have no real certainty how it’s going to be handled afterward. Horse bolted.

I’m sure Lavabit, and the others, likely worked extremely hard to build a technically bulletproof system. That’s pretty worthless in an environment where “BB” can slap them in the face with a secret letter, and force them to hand over their keys.

It would be nice to have an option to lock down the content before it leaves my machine. Not that I’ve anything to hide — it just really pisses me off on principle, the level of unashamed snooping that is going on in the interwebs these days.

GPG is a great option for this, and if I was using a local email client, it’d definitely be the way to go. I remember Enigmail working well.

But dammit, gmail is just so easy. Principle vs Laziness: the ongoing battle… I know I’m going to lose this one a lot of the time, so something I can use easily with webmail is going to be the way to go.

This is why Pccipher caught my eye. With both Firefox and Chrome providing solid frameworks for building plugins and extensions in javascript, it screams for marriage with a nice javascript encryption library.

I’m going to start with a firefox addon. Why firefox? Isn’t Chrome the cool kid on the block? Well, I’ve played more with Mozilla’s awesome Jetpack addon framework. Mozilla has put a crapload of effort into making things easier to build plugins and extensions for Firefox. Chrome’s equivalent, to me anyway, feels much more work has gone into locking your extension down, so it fits the chrome app store’s view of the world. I really can’t be arsed jumping through those hoops for fun, so Firefox it’ll be.

I’ve waffled on enough for now. To prepare the environment for next time though, these things will be needed:


Comments

comments powered by Disqus