Whiteout Mail: HTML5 powered GPG webmail

Whiteout.io HTML5 mail App with integrated OpenPGP encryption from Munich, Germany. Usable as a chrome extension, mobile phone app or self-hosted (Node.js). They also offer free and paid managed mailboxed. The code has undergone a full security audit of their sourcecode by Cure53.

Using JavaScript Whiteout will establish a encrypted end-to-end connection from you browser/the app/the extension to the IMAP server.

Keys can easily be generated (2048 bit) on the client, imported, exported and revoked. Users have the option to use a encrypted private key sync if they conveniently want to use the same key on multiple devices. Whiteout will transparently search for public keys of peers by querying common public key servers. Sent encrypted mails are encrypted to self before they get saved to Sent.

Whiteout can handly one one mail account at a time. Extended features like signatures are also currently not supported.

The company behind Whiteout also offers a paid and a free email service. They claim to save all emails encrypted using the users privately held key. That means Email (after beeing received and temporarily stored unencrypted at Whitout servers) would need to go to a client to be encrypted with the private key there and then sendt back to server to be permanently stored.

In Mailout we find two interessting concepts: For one the ability to pre-encrypt data before sending it out. And for the other that this functionality requires no software installation process.

OpenPGP.js

A pure Javascript implementation of the OpenPGP protocol: OpenPGP.js. Only supports browsers that implement window.crypto.getRandomValues. Code base has undergone two complete security audits from Cure53.

Noteable integration: Whiteout.io HTML5 mail App with integrated OpenPGP encryption from Munich, Germany. Usable as a chrome extension or self hosted (Node.js). They also offer free and paid managed mailboxed. The code has undergone a full security audit by Cure53. Users have the option to use encrypted private key sync if they want to use Whiteout on multiple devices.

Neocities now on IPFS

Part time project by Kyle Drake & Victoria Wang. In April they reported having 44k websites. In July they raised about 13k to create learning courses.

They offer 100MB free per user. They feature a simple online code editor to create ones website. The whole plattform is OSS.

In september they did a nice writeup on the benefits of and the need to use something like IPFS.

Still somewhat broken, dead links eg. their blog provides an index with dead links.

Long-term, if things go well, we want to use IPFS for storing all of our sites, and issue IPNS keys for each site. This would enable users to publish content to their site independently of us. If we do it right, even if Neocities doesn't exist anymore, our users can still update their sites. - Neocities Blog

Goodware in the wild?!

Symantec features a piece about Linux.Wifatch giving this information:

Wifatch is a IoT/router targeting piece of software that probably spreads using Telnet to devices that use weak passwords. Wifatch is mostly written in Perl and its code is not obfuscated, there are even debug messages and a Richard Stallmann quote:

To any NSA and FBI agent reading this: please consider whether definding the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example.

The software tries to remove common exploits and hardens the system eg. by deactivating Telnet. It attaches the device to a p2p network from where it receives signed updates.

Wifatch was first seen in the wild in 2014. It's mostly prevalent in China, Brazil and Mexico.