Not too many Silicon Valley software companies on that list

Money != Currency. Gold and Silver are Money. Bitcoin and USD are currencies. Huge difference.

Gold and silver are not money either, except in a tiny minority of countries. Wages are not being paid in gold or silver, debts cannot be settled with gold or silver, and neither gold nor silver is commonly traded for other goods. Nobody uses gold or silver as units of account. The only resemblance either metal has to money in this day and age is as a store of value, but if that is your only requirement to consider something to be money then you would need to include land, buildings, and various collectible items too.

Gold and silver are commodities, traded like any other metal, and the historically-motivated obsession people have with using gold as a store of value makes it more difficult to acquire gold for industrial uses (which would be a real, productive use of the metal).

What are you going to DO about it?

Indeed, browser also implement things like CSP - and we need browser to also support additional security measures that enhance the API

For the record this is only the First Public Working Draft. A lot can and will change. We are looking for commentary to understand if we are on the right track

This position is the bullshit.

This argument is made by those that are completely satisfied with their design. A little engineering knowledge on their part could never make the design even better. no, never!

I suggest you to read the About page over that article then. ;)

There is the Salmon protocol: http://www.salmon-protocol.org/ as well.

It is not impossible. It really needs to be done. Oh, and Twitter will be the next AOL once something like this working well

"Next AOL" sounds like a pretty excellent outcome. I'm not being snarky; I'm suggesting you reexamine the stakeholders priorities. Nerd cred ranks pretty far down the list in most real businesses.

I'll toot my own horn and say that I saw the writing on the wall 4 years ago and moved to Ubuntu. Best decision ever. I lack for nothing. Apple is the new Sony - no thanks.

The encryption should really take place in a scope that content JS cannot access. I also think a system like this should be built completely parallel to email systems. Email is crap and needs to be re-invented as a web app with pseudo-anonymity and Public Key Encryption on by default. Users should not even know they are using encryption.

Working on this exact problem myself: https://droplettr.com - the encryption uses Firefox Sync crypto module in an extension, so the crypto is done by the browser outside the scope of content JS. The rest of the app is pure JS and HTML, with a Python/Django REST-style server.

This looks cool. Is there a way to know that the client side code has not been tampered with? I'd like to see more people comment on this one.