What is the general opinion on using igolder or pgp.help for encrypting/decrypting pgp?
Are they any reasons that you shouldn't use those? I saw someone mention not using them and I'm curious why you should or shouldn't.
Igolder & pgp.help
What is the general opinion on using igolder or pgp.help for encrypting/decrypting pgp?
Are they any reasons that you shouldn't use those? I saw someone mention not using them and I'm curious why you should or shouldn't.
[4 Points] pgp_help:
[1 Points] theevoinsider:
End to end encryption means only the person who encrypted the message and the person who decrypted the message can ever see it cleartext
Igolder, hanewin, on site encryption all mean you are showing your cleartext message to potentially anyone (sender & receiver still plus) the site staff, the sites hoster, the hosters ISP, hackers stealing packets from the site, government agencies (who the site are either working with or can take the data)
[1 Points] darknetpotter:
If you encrypt on your end, the only person who can access the unencrypted message is you, and then your vendor when he decrypts. Using another service gives your cleartext message to a third party. Why do that?
[0 Points] hdheuud:
I hope that once the vendor realizes you are using Igolder, he stops talking to you
Disclaimer: I wrote https://pgp.help
The intro page outlines the main risks:
I use ContentSecurityPolicy headers to prove that it's not stealing data. These instruct your browser to prevent the website from "phoning home" (or anywhere else) after the webpage is loaded. This gives a solid guarantee that data can't be stolen from this page. However you can also use a network monitor to check that nothing is being sent back, and I'd welcome a code audit (all the code is open source and on github).
Hacking is a big risk. Obviously I try my best to prevent this, for example I mandate HTTPS, and get notified on any code changes. The providers are Cloudflare and Github Pages which are trusted solid platforms. Still it's an omnipresent risk. If you're worried it's easy to download and run a local copy which should be immune to hacking.
As for your browser / PC, your best bet as always is to keep these things up to date!
Having said all that, the stand-alone PGP software is definitely safer, but I've taken as many precautions as I possibly can. It would be possible for me to bundle the website up with chromium (a browser distributable) which would put pgp.help on par with anything else you can download. If there's demand I'll do it!