Bug#733860: ITP: pond -- Forward secure, asynchronous messaging for the discerning.
Owner: Ximin Luo <firstname.lastname@example.org>
* Package name : pond
Version : 0:git~2014-01-01
Upstream Author : Adam Langley <email@example.com>
* URL : https://pond.imperialviolet.org/
* License : BSD
Programming Lang: Go
Description : Forward secure, asynchronous messaging for the discerning.
For secure, synchronous communication we have OTR and, when run over Tor, this is pretty good. But while we have secure asynchronous messaging in the form of PGP email, it's not forward secure and it gratuitously leaks traffic information. While a desire for forward secure PGP is hardly new, it still hasn't materialised in a widely usable manner.
Additionally, email is used predominately for insecure communications (mailing lists, etc) and is useful because it allows previously unconnected people to communicate as long as a (public) email address is known to one party. But the flip side to this is that volume and spam are driving people to use centralised email services. These provide such huge benefits to the majority of email communication, so it's unlikely that this trend is going to reverse. But, even with PGP, these services are trusted with hugely valuable traffic information if any party uses them.
So Pond is not email. Pond is forward secure, asynchronous messaging for the discerning. Pond messages are asynchronous, but are not a record; they expire automatically a week after they are received. Pond seeks to prevent leaking traffic information against everyone except a global passive attacker.