dcposch
commented
10 years ago Might do this in the future, but for now this is handled by the FAQ.
Closed dcposch closed 10 years ago
dcposch
commented
10 years ago Might do this in the future, but for now this is handled by the FAQ.
If someone wants the strongest guarantees--not just encrypted subjects and message bodies, but full anonymity--they have to be very careful.
Threat 1. If one person's email address becomes public, then a central adversary will know all the Scramble addresses that have communicated with that person, and will have a head start deanonymizing those addresses
Threat 2. If one person's passphrase or private key is compromised, everyone in their address book is no longer anonymous. This could happen by many means---and in some cases, such as a keylogger, the victim wouldn't even know that anything had happened. This also implies Threat 1 on all their second-degree connections: people who are in the address books of the no-longer-anonymous contacts, but not in the address book of the victim himself.