I appreciate the cheekiness of calling it the "Dark Mail Alliance", but from a purely PR perspective, it would make sense to reconsider your name if you are taking the position that encrypted end-to-end email is not solely an interest of those pursuing shady or deviant activities.
I think the "Dark" in "Dark Mail Alliance" is meant more in the sense that it's "off the grid" of NSA spying capabilities, not that it's meant to be used for nefarious purposes.
The “dark” part is not so much the issue: why not leave out “mail” altogether? E-mail 3.0 won’t be e-mail as people know it (and will continue to associate with the very concepts 3.0 seeks to avoid). It shall be something different enough to give it another name — at least to avoid confusion, or to prevent spin doctors from taking advantage of the associations and mental model people have on the concept of e-mail. Nobody thinks of “e-mail” when you mention Snapchat, Facebook messages, Twitter… That would be different if these services had names like Snapmail, Facemail, Tweetmail, or Darkmail.
1. I'd give the alliance a generic name that won't come off as threatening or malevolent when used out of context in news articles. Make it boring to talk about the alliance so it can operate larger and and with less scrutiny.
2. If you really really want to politicize the products, launch several regionally branded services, that can use the same architectural design, but leverage the cultural mores of individual freedom for those areas. What catches on in Germany may not be what sells in Spain/Italy/Greece today, for example.
However,
The "FMail" suggestion, or something similarly benign, is a strong choice, in that it diminishes the effect of partisan rhetoric and allows the tool to be sold on its actual merits.
3. Then you can gin up radical "Free the email!" action groups to run around and be obnoxious for you, take the heat and phoenix themselves into new groups every so often.
I agree. I would prefer something like the "MyMail" alliance, because that's really what this is about. It's about making mail mine again. Mainly has been totally owned by people who are not us, whether it is the NSA owning it via dragnet surveillance or Google using it to serve ads. It's not just our mail, but their mail as well.
This name also appeals to ego. Ego matters. Talking about freedom and ideals will appeal to a minority, but you need a name that appeals to people's ego if you want to succeed.
This is not the same but is related to the ideas that Seth Godin expoused in his TED talk about being remarkable. Nobody likes receiving email, but they like receiving MeMail. Me. Me. Me. Me. I want my email to be about me. If it is not, it is noise and tedium. Never underestimate an appeal to ego.
If the system they create is excessively vulnerable to political pressure, then it would be better to find that out sooner rather than later. If bad PR threatens their ability to operate, then perhaps they should not be operating.
I hope they are successful. For a long time I have wished that someone with the expertise and time would be motivated to create a new email system from the ground up, and make that system widely available and 'open' (in the sense of open protocols).
There are many challenges, but if they can pull it off there are many benefits as well. And perhaps the nicest part is that it is hard to actively oppose such efforts without revealing an intent.
I think the biggest barrier to entry of any new and secure email protocol will be GMail. GMail (and similar services) are what most people seem to use at this point.
And GMail won't update to 3.0 in any meaningful way, no matter what, since they want to be able to mine the data in your email, so they will still be storing it on their servers "in the clear." Which means the next time NSA hacks their servers, they'll still be able to read all the email.
Best case is that email 3.0 will interoperate with 1.0, or GMail at least accepts 3.0, if only to unencrypt it on their servers. Short of that, it would take a compelling use case to convince people to leave GMail, so we'd be right back to where we are with email 2.0: No critical mass of adoption, meaning 98% of the email you receive and write is unencrypted.
I am definitely no security expert, but from my feeling it seems as if unsecure protocol + secure messaging layer is much more successful in practical applications than purely secure protocols. Therefore my believe would be that improving existing secure messaging layers would help the world much more than creating another secure protocol which nobody will use because it would require to replace the whole infrastructure. Especially Email seems to be something that is unlikely to go away, because of its long history, huge infrastructure and simplicity.
The problem with e-mail is that gathering the meta-data is almost as valuable as looking inside at the message contents. Secure messaging layers aren't going to help you there - unless everyone starts using something like Tor.
My Fucking Mail would be a better name. As in, it's mine, do fucking not read it. Sorry for the profanity but I think it fits how many people feel about this.
I do share your sentiment! The shorter "MyMail" makes the same point without needing the profanity, and your more emphatic name would then be available for the most desirable MyMail client...
To everyone complaining about the name: it is just the name of the advocacy/development group. You don't call SMTP mail 'IETF mail', nor should you call call whatever they come up "dark mail alliance mail".
"Well, Bob, as your viewers may know, 'Smith Mail' came out of a group that calls themselves 'The Dark Mail Alliance'. This is a group of anti-government hackers that..."
This is very good news. An interesting not here: In Norway the official postal service, Posten, has introduced something called DigiPost. Post means mail, so DigiMail. This is essential a secure way of sending information and it is approved by the Norwegian government for sending and receiving sensitive information. So you can ask to get your sensitive government stuff through DigiPost.
My point being: There is already a big market for sending secure emails. If this Dark Mail, or whatever it is called, is secure enough for a government to use then the adoption will be huge.
This probably means that it should be called something else than dark. "Normal people" don't know what encryption is, what NSA is or even why it is bad that companies like Google read and use their email. They won't know why or even that their email is insecure. They might have ssl in their Web browser showing a small lock, so they think they are already secure and don't need this "SecureMail". It is absolutely critical that the name of this thing is something that a normal person will feel that he/she needs. Something as simple as "New Email". Yes, the nerds will rage, but the nerds already knows why this is a big deal. The name does not need to cater to them. What is important is to get adoption of this new email platform. And naming it secure mail will probably not help. And having a dark alliance behind it all is the worst idea so far. Both words have negative annotations and sounds like a untrustworthy hacker group or even a terrorist organization. Needless to say, they need some serious re-branding, and fast.
And this is how committees fail to achieve results ;)
The top 20 (?) comments (or at least the most voted comment thread) is a discussion/argument on just the name...
One of the biggest issues with security-conscious systems is that people don't want to be seen as using something that only "people with something to hide" would be using.
The average American watches a show like SVU and learns that TOR is how kiddie porn is traded, not that it is how dissidents in Iran or Russia communicate with Journalists. They hear about the "darknet" and assume that that is where illegal activity goes on.
So "dark mail" gives the complete wrong connotation and basically means this is DOA unless they completely rebrand.
Like everyone else (with any common marketing sense), it seems like something like "security" or "privacy" would be much more positive connotations than "dark."
A quick search shows SecureMail and PrivateMail are commercially used, but LockedMail and SignedMail aren't.
I don't think it'd be too late to (eventually?) do a rebrand/cobrand for the product, especially if someone comes up w/ something particularly good. I think something that even a slight bit of spitballing would turn up something much better.
Some thoughts on naming:
* If the first word ends in e like securemail/privatemail you actually get email in the word
* something that could be shortened like email, but will connote secure sending - "send me that via pmail/smail"
* something that has familiar connotations of privacy/sealed delivery (registered mail?) or something might work as well
Also agreed. It's for the same reason I don't like the name darknet. The FBI was already lobbying Congress and saying the Internet is "going dark", implying that they thought that will scare congress into acting, and giving them more powers.
It should be named the Private Mail Protocol, or something. If it stands up to scrutiny, as soon as there is a nice looking e-mail client for it, I'll start using it, and try to use Gmail as little as possible, or not at all. I know Google won't adopt it, so I won't even bother to ask them to adopt it. I'll just switch.
I agree. This is a case where some marketing thinking would probably help.
Lots of large businesses would probably like something like this (the ones that buy rsa keyfobs and use VPNs). My old company would strongly discourage email from the company system to non company email address for security reasons.
From the talk that just finished at Inboxlove, it appears they will use XMPP for transport, some JSON and encrypted cloud storage.
You receive a message via XMPP that an email is waiting for you on the cloud storage (similar to MMS). This is also a good solution for the spam problem, I think.
They have a working prototype, a whitepaper is forthcoming and the community is welcome to improve the new standard.
I hope to see this magic new mystery protocol as something similar to TextSecure, where we have forward secrecy from the OTR protocol.
The current e-mail protocols are far too centralized, which doesn't make sense. Mail is delivered, and after that, it is no longer in possession of USPS. This is unlike how E-mail works (even though it kind of seems like that's what happens).
I hope to see some kind of client being required to run on my computer to decrypt e-mails at rest and receive e-mails that are delivered to me from the central server.
I'm really interested in their solution for solving metadata leakage. I just looked over the SCIMP white paper, and it didn't mention anything about metadata.
The site http://www.darkmail.info/ is served over http and not https. If someone has access to the pipe, it would be easy get the email addresses of people who submit their email addresses at that site.
Not sure I understand. Both SilentCircle and Lavabit have ceased offering their services. Are they now combined in an advocacy group to design a new email protocol and get it adopted by the IETF?
As much as I hate promotion emails, I do hope they make sure that companies can still send mass "dark mails" securely, rather than sending the one by one...
They mentioned having a "web of trust" to help fight spam. But if you use that, doesn't it mean someone like NSA, who can get everyone's public keys (which I assume is what they're going to use for this, just like for PGP), could then identify who are the people talking to each other, and essentially invalidate all their metadata gather protections? Or would that key be ephemeral, too?
Can we stop with 'the name sucks' meta discussion and focus on the topic? I for one would love to see this work out. It'd be goddamntime someone clever did something about it and I could not imagine two better parties starting this.
[+] [-] natural219|12 years ago|reply
[+] [-] sandstrom|12 years ago|reply
Some suggestions:
- Locke Mail [from John Locke]
- Mill Mail [from John Stuart Mill]
- Hobbes Mail
- Liberty Mail
[+] [-] chadillac83|12 years ago|reply
[+] [-] twelvechairs|12 years ago|reply
[+] [-] matthuggins|12 years ago|reply
[+] [-] rhythmvs|12 years ago|reply
[+] [-] mattlutze|12 years ago|reply
1. I'd give the alliance a generic name that won't come off as threatening or malevolent when used out of context in news articles. Make it boring to talk about the alliance so it can operate larger and and with less scrutiny.
2. If you really really want to politicize the products, launch several regionally branded services, that can use the same architectural design, but leverage the cultural mores of individual freedom for those areas. What catches on in Germany may not be what sells in Spain/Italy/Greece today, for example.
However,
The "FMail" suggestion, or something similarly benign, is a strong choice, in that it diminishes the effect of partisan rhetoric and allows the tool to be sold on its actual merits.
3. Then you can gin up radical "Free the email!" action groups to run around and be obnoxious for you, take the heat and phoenix themselves into new groups every so often.
[+] [-] malandrew|12 years ago|reply
This name also appeals to ego. Ego matters. Talking about freedom and ideals will appeal to a minority, but you need a name that appeals to people's ego if you want to succeed.
This is not the same but is related to the ideas that Seth Godin expoused in his TED talk about being remarkable. Nobody likes receiving email, but they like receiving MeMail. Me. Me. Me. Me. I want my email to be about me. If it is not, it is noise and tedium. Never underestimate an appeal to ego.
[+] [-] borplk|12 years ago|reply
[+] [-] jlgreco|12 years ago|reply
[+] [-] drcube|12 years ago|reply
[+] [-] fusiongyro|12 years ago|reply
[+] [-] louischatriot|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] noptic|12 years ago|reply
[+] [-] ChuckMcM|12 years ago|reply
There are many challenges, but if they can pull it off there are many benefits as well. And perhaps the nicest part is that it is hard to actively oppose such efforts without revealing an intent.
[+] [-] SomeCallMeTim|12 years ago|reply
And GMail won't update to 3.0 in any meaningful way, no matter what, since they want to be able to mine the data in your email, so they will still be storing it on their servers "in the clear." Which means the next time NSA hacks their servers, they'll still be able to read all the email.
Best case is that email 3.0 will interoperate with 1.0, or GMail at least accepts 3.0, if only to unencrypt it on their servers. Short of that, it would take a compelling use case to convince people to leave GMail, so we'd be right back to where we are with email 2.0: No critical mass of adoption, meaning 98% of the email you receive and write is unencrypted.
[+] [-] erikb|12 years ago|reply
[+] [-] alextingle|12 years ago|reply
[+] [-] natch|12 years ago|reply
[+] [-] shazow|12 years ago|reply
[+] [-] krutulis|12 years ago|reply
[+] [-] zokier|12 years ago|reply
[+] [-] jcc80|12 years ago|reply
[+] [-] danielweber|12 years ago|reply
[+] [-] BoppreH|12 years ago|reply
[+] [-] JshWright|12 years ago|reply
[+] [-] Cort3z|12 years ago|reply
My point being: There is already a big market for sending secure emails. If this Dark Mail, or whatever it is called, is secure enough for a government to use then the adoption will be huge.
This probably means that it should be called something else than dark. "Normal people" don't know what encryption is, what NSA is or even why it is bad that companies like Google read and use their email. They won't know why or even that their email is insecure. They might have ssl in their Web browser showing a small lock, so they think they are already secure and don't need this "SecureMail". It is absolutely critical that the name of this thing is something that a normal person will feel that he/she needs. Something as simple as "New Email". Yes, the nerds will rage, but the nerds already knows why this is a big deal. The name does not need to cater to them. What is important is to get adoption of this new email platform. And naming it secure mail will probably not help. And having a dark alliance behind it all is the worst idea so far. Both words have negative annotations and sounds like a untrustworthy hacker group or even a terrorist organization. Needless to say, they need some serious re-branding, and fast.
[+] [-] aj|12 years ago|reply
[+] [-] cottonseed|12 years ago|reply
[+] [-] numbsafari|12 years ago|reply
One of the biggest issues with security-conscious systems is that people don't want to be seen as using something that only "people with something to hide" would be using.
The average American watches a show like SVU and learns that TOR is how kiddie porn is traded, not that it is how dissidents in Iran or Russia communicate with Journalists. They hear about the "darknet" and assume that that is where illegal activity goes on.
So "dark mail" gives the complete wrong connotation and basically means this is DOA unless they completely rebrand.
[+] [-] lhl|12 years ago|reply
A quick search shows SecureMail and PrivateMail are commercially used, but LockedMail and SignedMail aren't.
I don't think it'd be too late to (eventually?) do a rebrand/cobrand for the product, especially if someone comes up w/ something particularly good. I think something that even a slight bit of spitballing would turn up something much better.
Some thoughts on naming:
* If the first word ends in e like securemail/privatemail you actually get email in the word
* something that could be shortened like email, but will connote secure sending - "send me that via pmail/smail"
* something that has familiar connotations of privacy/sealed delivery (registered mail?) or something might work as well
[+] [-] redblacktree|12 years ago|reply
[+] [-] devx|12 years ago|reply
It should be named the Private Mail Protocol, or something. If it stands up to scrutiny, as soon as there is a nice looking e-mail client for it, I'll start using it, and try to use Gmail as little as possible, or not at all. I know Google won't adopt it, so I won't even bother to ask them to adopt it. I'll just switch.
[+] [-] acomjean|12 years ago|reply
Lots of large businesses would probably like something like this (the ones that buy rsa keyfobs and use VPNs). My old company would strongly discourage email from the company system to non company email address for security reasons.
[+] [-] kevmoo1|12 years ago|reply
[+] [-] r0muald|12 years ago|reply
[+] [-] Tepix|12 years ago|reply
You receive a message via XMPP that an email is waiting for you on the cloud storage (similar to MMS). This is also a good solution for the spam problem, I think.
They have a working prototype, a whitepaper is forthcoming and the community is welcome to improve the new standard.
[+] [-] scintill76|12 years ago|reply
[+] [-] mikegirouard|12 years ago|reply
[+] [-] r0muald|12 years ago|reply
[Enter your e-mail] "
[+] [-] theboss|12 years ago|reply
The current e-mail protocols are far too centralized, which doesn't make sense. Mail is delivered, and after that, it is no longer in possession of USPS. This is unlike how E-mail works (even though it kind of seems like that's what happens).
I hope to see some kind of client being required to run on my computer to decrypt e-mails at rest and receive e-mails that are delivered to me from the central server.
[+] [-] conroy|12 years ago|reply
[+] [-] ad93611|12 years ago|reply
[+] [-] chiph|12 years ago|reply
[+] [-] alexchamberlain|12 years ago|reply
[+] [-] angersock|12 years ago|reply
Requiring very strong encryption may help make spam email computationally infeasible.
That alone might be worth it!
[+] [-] devx|12 years ago|reply
[+] [-] presty|12 years ago|reply
started at min 30 or so
[+] [-] digitalengineer|12 years ago|reply