This is just a suggestion. I posted it here so anyone could also suggest/share/post an idea about this and came open for discussion. I emailed CService about this last July; I dont know what's the status 'till now. Now, its open for idea whether it is helpful/good or just a waste of time. Btw, please move this Topic if this is not the proper Forum to be posted about this.
I just noticed that CService Emails doesn't have GPG keys as an option for some users to send secured messages. But since lots of Users (with usernames) send their private data to any of CService Emails (specially X@Undernet.org
) just to change some settings of their Account, it is possible to read/modify those Data/contents while on Transit by some Attackers before it reach its destination (cservice emails).
Example, One User want to change an email or revert back temp manager changes, so he will also send his Username, Verification question/answer, channel name, etc. And he will send it X@Undernet.org
. Since the contents are not encrypted with the GPG of email@example.com
email (coz it doesnt have yet a GPG key for encryption) and the User is in the Compromise Network, it is possible to read/modify those Contents on Transit by an Attacker.
So I suggest to have a GPG keys for each of CService emails. If one User send his Private data to any of CService emails and encrypted it with CService Public key of the email, even the User is on a Compromise Network, its impossible to decipher those Contents by an Attacker since only the CService has the Private Key to unlock its Contents. Thus, the User is sure that his data is Sent and reached its Destination securely.
Generating a GPG keys for each emails is so fast and easy, and one thing it's free. Once you've generated it, you only have to Post the public keys of those Emails on the website, and you are the one to keep the Private keys secure or in safe place for deciphering encrypted emails.
Contact emails of most Open Source projects used GPG keys for their emails. Specially companies and government agencies for secure communications. I hope it will minimize stealing of Usernames and registered Channel takeovers.
Anyways, hope you understand what I mean... and I'm sorry in advanced for my grammars and spellings...
Thanks a lot, good luck and God bless!!!
- araw1 (nick/username)