lol, I thought I was about to prove you wrong because I had STARTTLS enabled on our incoming mail server and was surprised to find remote MTAs using it as I'd turned it on to protect our users' outgoing mail authentication.

$ telnet mx1.hotmail.com 25
Trying 65.55.37.120...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 col0-mc4-f34.Col0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/ [msn.com]. Violations will result in use of equipment located in California and other states. Tue, 25 May 2010 16:00:36 -0700
helo fuckface
250 col0-mc4-f34.Col0.hotmail.com (3.10.0.73) Hello [85.189.31.174]
starttls
554 Unable to initialize security subsystem
^]

$ telnet gmail-smtp-in.l.google.com 25
Trying 209.85.229.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP s4si17050707wbc.88
helo fuzznuts
250 mx.google.com at your service
starttls
502 5.5.1 Unrecognized command. s4si17050707wbc.88
^]

At least someone is security concious, this is Fastmail's smtp - now owned by Opera

% telnet in1.smtp.messagingengine.com 25
Trying 66.111.4.72...
Connected to in1.smtp.messagingengine.com.
Escape character is '^]'.
220 mx3.messagingengine.com ESMTP . No UCE permitted.
helo opera
250 mx3.messagingengine.com
starttls
220 2.0.0 Ready to start TLS
^]

TLS encryption only protects from the client to the server, you have no guarantees about the security of the server-to-server connection nor of the pop/imap server to receiving client. Only message encryption with an OpenPGP implementation or similar can offer that.

But Gmail may not support STARTTLS, but it supports IMAPS, and uses HTTPS by default in the webmail.

What I'm more curious about is why there hasn't been (AFAIK) an app that uses an asymmetric public-key encryption method. The solution from TFA takes the combination of the users' keys to generate a password, ...

Public key encryption is crunch intensive - even in the good direction. (It's "effectively impossible" in the "bad" direction, which is the whole point.) Too crunch intensive to be practical when encrypting streams, even with current fast processors.

So it's usually used to generate and exchange a "session key" (and perhaps periodically replace it with a new one) for a symmetric cypher that takes less crunch and is "secure enough" if the amount of material it encrypts is limited.

Try a valid ehlo, rather than a bogus 'helo fuckface'. Some mail servers won't bother to honor starttls unless they are talking to a conforming server.

Just a small comment, I don't think you can group Thailand with Iran when it comes to restricting/monitoring communications. They do block websites (trivial to get around if you want to) but they don't block dissent against the government in any way, and I'm guessing they monitor it less than the NSA monitors US citizens.

And that's beside the fact that you can get pre-paid mobile phones for the equivalent of $10 in cash with very cheap add-on minutes (also pay for those in cash) which for all practical purposes are untraceable, because if you're paranoid you can switch them around or whatever.

I'm defending Thailand because the foreign press has distorted what happened there recently quite a bit. It's nothing like Iran. People are free to protest the government, despite what it may seem after the violence recently in Bangkok.

You said:

Except the fact that the protocol itself is documented this is not materially different from skype which is also encrypted and has governments apparently scrambling to crack.
A truly revolutionary app would encrypt the phone's mobile call audio.

TFA says:

Whisper Systems' apps aren't the first to bring encrypted VoIP to smartphones. But apps like Skype and Vonage don't publish their source code, leaving the rigor of their security largely a matter of speculation. Marlinspike argues that because those apps interface with the traditional telephone network, they may also be subject to the Communications Assistance for Law Enforcement Act, (CALEA) which requires companies to build backdoors into their technologies for law enforcement wiretaps.

Plus we can look at the impact done by availability of Zfone/ZRTP (this new encrypted VoIP standard from Phil Zimmermann) for Symbian smartphones (half of all smartphones)

Oh, nobody was aware of its availability? Exactly...

For the same reason you don't see apps that record calls (google voice does somewhat, but is not doing so in the phone) you'll never see an app which encrypts the phone call. It's just not possible to route the audio through the processor of these phones. Therefore it truly _would_ revolutionary --since it's impossible by design.

More importantly gmail does not support S/MIME, which is the widely supported signing/encryption mechanism for email. (although basically nobody uses it).

Sorry, should have looked a bit more before posting:

http://www.nicetext.com/ [nicetext.com]

Far more relevant link. In particular, note the papers listed in the left column.

A product like that came out a long time ago.

http://www.pgpi.org/products/pgpfone/ [pgpi.org]

I don't think it's supported much anymore. It was a cool concept that just didn't seem to go anywhere.

ft