From the sendinc.com FAQ question asking if the site stores user's messages:
"We only have possession of your files while they are being encrypted & decrypted. Once you send the message, we don't store a copy of the message (or attachments)."
How are we supposed to know this is the case? All we have is the company's word that they do not log your messages. This is essentially key escrow, and the problem with that idea is that you must trust the company holding your key.
What happens if you want to keep a secret from the US government? The company that does this is based in Texas, so they are susceptible to pressure from the Feds. Even if Sendinc.com does have good intentions, all it would take is one FBI agent waving a National Security Letter to demand that this company log all the messages it is handling.
It is quite likely that this service is good for minor uses. For truly secure secure crypto though, the only real solution is to protect your own keys.
Drew
· 1 year ago
Doing the same thing as literally dozens of other companies. First to mind is http://www.trustmesecurity.com though atleast they've released an API so that you can integrate the encryption without using a proprietary client.
Sean O'Connor
· 1 year ago
If you are interested in a similar solution which you can run on your own server and not have to trust a thrid party check out sPaste at https://spaste.com.
*Disclaimer: I am the autor and maintainer of sPaste
df
· 1 year ago
What extra does using Send give compared to e.g. where both sender and receiver are using gmail and logged in using ssl - just the same, encrypted connection.
Sean O'Connor
· 1 year ago
In this situation there is no protection against somebody with access to googe's servers or against somebody who may intercept the message as it potentially goes across the public internet between google's data centers.
Mihai Secasiu
· 10 months ago
going to a site every time I want to send an encrypted message seem more of a show stopper then spending an afternoon (highly exagerated ) figuring out how to use pgp and then being able to send encrypted mail just like sending normal mail.
Mihai Secasiu
· 10 months ago
going to a site every time I want to send an encrypted message seem more of a show stopper then spending an afternoon (highly exagerated ) figuring out how to use pgp and then being able to send encrypted mail just like sending normal mail.
All Comments
"We only have possession of your files while they are being encrypted & decrypted. Once you send the message, we don't store a copy of the message (or attachments)."
How are we supposed to know this is the case? All we have is the company's word that they do not log your messages. This is essentially key escrow, and the problem with that idea is that you must trust the company holding your key.
What happens if you want to keep a secret from the US government? The company that does this is based in Texas, so they are susceptible to pressure from the Feds. Even if Sendinc.com does have good intentions, all it would take is one FBI agent waving a National Security Letter to demand that this company log all the messages it is handling.
It is quite likely that this service is good for minor uses. For truly secure secure crypto though, the only real solution is to protect your own keys.
*Disclaimer: I am the autor and maintainer of sPaste