FAQ: Technical Questions & Answers
What is GoodCrypto's design?
Transparent protection for whole groups at a time.
Our guiding principles are:
- Protect everyone at once
No training. No clicks.
Bruce Schneier points out, "If there is anything PGP has taught us, it's that one click is one click too many." Protecting one person at a time is inefficient. You have to try to train each one to protect themselves. The success rate is not high.
Most cracked systems are user systems because ordinary people have no idea how to protect themselves online.
- Layered protection
For example, web access is filtered, aggregated by groups and protected by Tor. And, mail can be configured to use multiple encryption methods.
- Use tested and trusted components, such as GPG and Tor
We are very slow to use new protection schemes until they have been audited and their reliability proven.
- Preconfigured distribution
Just boot it. Preconfigured. Support. Security updates. Reproducible build.
- Decentralized
All your private information is on your own server. Automatic key management with no central servers. P2P public key distribution. Key pinning.
- Integrate with existing mail and browsers
Uses the same SMTP, IMAP, and POP servers you use now. Same mail clients and browsers. Same antispam and antivirus. Integrates at the MTA level.
- Don't use known compromised encryption
This may seem obvious, but some compromised crypto is standard. State sponsored standards are generally crippled so the state can crack them, which of course means others can crack them.
- Don't trust too much
That includes us. Encourage people to audit GoodCrypto. The goal is to be tested and trusted, not blindly trusted.
- Virtualization to protect against embedded malware
Ed Snowden says that VMs are "a big step up" against persistent threats. That matches our experience.