We’re members of the Global Encryption Coalition and we are fighting attempts from governments to undermine or ban the use of strong encryption – AMA

This page summarizes the projects mentioned and recommended in the original post on /r/privacy

Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • appleprivacyletter

    An open letter against Apple's new privacy-invasive client-side content scanning.

    Hi, the Global Encryption Coalition doesn't take stands as a Coalition but members often do... and 90 or so groups and experts wrote a letter earlier this year in opposition to that: https://appleprivacyletter.com/ (note that ISOC, where I work, did not join that letter)

  • mailvelope_client

    Roundcube plugin to use Mailvelope's OpenPGP-support

    Webmail: Many people don't even use an e-mail client today -- they use webmail to access their messages, or they use a local app that itself depends heavily on a webmail server on the backend to do the heavy lifting. When the server is doing the e-mail handling and rendering work, the server has to have access to the cleartext. Even in situations where the messages are decrypted in javascript (or a Java applet) on the client side, if the client-side code is sent by the server, the server could be compromised and told to send different code (see Hushmail's failures in 2007) How do we fix this? We need more e-mail client developers to take e2ee e-mail seriously, and we need them to focus on security and usability. Browser-extension-based e-mail clients are another possibility (e.g. Mailvelope and its interaction with webmail) systems like Roundcube), but they still rely on a lot of metadata to be exposed on the server-side.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  • TextSecure

    A private messenger for Android.

    Authentication: for any encrypted messaging system, one of the critical concerns is about whether you know who the other party is. (if i send you a confidential message without knowing that you are who i think you are, it might end up leaking to the wrong person). Most modern encrypted messaging apps (e.g., Signal) rely on a single central authority to identify users, mainly punt on independent authentication -- you might get the occasional "key changed" message or alert, but most people don't have a way to respond to those, other than just accepting it and moving on. Traditional work on e2ee e-mail got bogged down in authentication questions, and we have two competing (and non-interoperable) mechanisms for authentication: OpenPGP certificates (which support independent networks of identity certiifcation) and S/MIME certificates (which depend on the same trust model that we use for the Web). Both are still in use today, but it's hard for OpenPGP users to send messages to S/MIME users, and vice versa. How do we fix this? Either one standard wins out, or implementers prioritize adopting both standards concurrently, and make room . I think e-mail implementers have a lot to learn from the (lack of) attention given to authentication by e2ee messenger systems like Signal.

  • Roundcube

    The Roundcube Webmail suite

    Webmail: Many people don't even use an e-mail client today -- they use webmail to access their messages, or they use a local app that itself depends heavily on a webmail server on the backend to do the heavy lifting. When the server is doing the e-mail handling and rendering work, the server has to have access to the cleartext. Even in situations where the messages are decrypted in javascript (or a Java applet) on the client side, if the client-side code is sent by the server, the server could be compromised and told to send different code (see Hushmail's failures in 2007) How do we fix this? We need more e-mail client developers to take e2ee e-mail seriously, and we need them to focus on security and usability. Browser-extension-based e-mail clients are another possibility (e.g. Mailvelope and its interaction with webmail) systems like Roundcube), but they still rely on a lot of metadata to be exposed on the server-side.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts