Using strong crypto, TunnelX offers a conversation tool that no one can snoop on by Jeff John Roberts.
From the post:
Between NSA surveillance and giant corporations that sniff our messages for ad money, it sometimes feels as if there’s no such thing as a private online conversation. An intriguing group of techno-types and lawyers are trying to change that with a secure new messaging service called TunnelX.
TunnelX, which is free, offers online “tunnels” where two people can meet and share messages and media in a space no one else can see. While TunnelX isn’t the only company trying to restore privacy in the post-Snowden era, its tool is worth a look because it is aimed at everyday people — and not just the usual crowd of crypto-heads and paranoiacs.
Jeff gives a good overview of TunnelX and how it can be used by ordinary users.
TunnelX gives the technical skinny as:
Tunnel X “superenciphers” all stored messages and uploaded files with AES, TwoFish, and Serpent using different 256-bit keys for each layer. (AES is the cipher approved by the U.S. National Security Agency for encrypting classified data across all U.S. government agencies; TwoFish and Serpent are the two most well-known “runner-up” AES candidates.
Tunnel X allows only SSL/TLS-encrypted connections (sometimes called “https” connections). Furthermore, we strongly encourage you to connect with the latest version of TLS (1.2). Finally, as part of our SSL/TLS setup, Tunnel X only allows connections which are secured with a PFS (perfect forward secrecy) ciphersuite. PFS is a technology which prevents encrypted messages from being stored and then decrypted in the future if a server’s private SSL key is ever compromised.
Under “What is a tunnel?” on the homepage you will find a list of technologies that TunnelX does not use!
I just created an account and the service merits high marks for ease of use!
The one feature I did not see and that would be useful, would be a “delete on read” setting so that messages are deleted as soon as they are read by the intended target.
Just another layer of security on top of what TunnelX already offers.
For all the layers of security, realize the black shirts don’t need to decrypt your messages once they discover your identity.
Knowing your identity, they can apply very unreliable techniques to extract messages from you personally. That is one of the problems with saviors of civilization. Given the stakes, no atrocity is beyond them.