[Freedombox-discuss] Email Encryption Basics
Jonathan Wilkes
jancsika at yahoo.com
Fri Nov 16 17:42:09 UTC 2012
----- Original Message -----
> From: Nick M. Daly <nick.m.daly at gmail.com>
> To: Michael Rogers <michael at briarproject.org>; Eugen Leitl <eugen at leitl.org>
> Cc: freedombox-discuss at lists.alioth.debian.org
> Sent: Friday, November 16, 2012 8:04 AM
> Subject: Re: [Freedombox-discuss] Email Encryption Basics
>
> Michael Rogers <michael at briarproject.org> writes:
>
>> On 16/11/12 07:35, Eugen Leitl wrote:
>>> Most attempted delivery from dynamic user space will bounce, and
>>> requiring smarthosts clashes both with the zero administration
>>> requirement and adds an additional point of attack.
>>
>> I think this is way too pessimistic. Yes, it's unrealistic to run an
>> incoming or outgoing mail server on a dynamic home IP address, but a
>> PageKite-style proxy would work.
>
> For no reason I can explain, my box can send outgoing mail without issue
> (I haven't purchased or defined an MX record or smarthost, IIRC). It
> can't receive anything at all, but mail goes out without problem, which
> allows service signups and the like. I'll try to figure out why I can
> send mail one of these days.
>
>> Alternatively, the FBX could act as a PGP proxy for an existing email
>> account: the FBX would encrypt email before sending it to the existing
>> account's SMTP server and decrypt it after collecting and deleting it
>> from the existing account's POP/IMAP server. No email would be stored
>> long-term on the provider's servers, which is a legally important
>> distinction in the US. The FBX would use Tor to store and retrieve PGP
>> public keys on multiple independently operated keyservers, making it
>> difficult for any keyserver to replace a user's key with a MITM key
>> without detection.
>
> Very interesting! As long as we tie ourselves to someone else's
> infrastructure, re-serving as a client becomes easy.
That might be the easiest way for a user to get up and running with
reliable service. Just keep in mind that the metadata is still very much
subject to collection and mining-- who you are sending to, when you are
sending, subject line?, and probably a lot else which is stored on the server
after being deleted for a fairly long period according to many TOS I've
seen.
In the case of Paula Broadwell, owning a FBX with such a setup would have
changed nothing at all: the recipient of some of her messages started
the investigation, metadata identified her as the sender, and the content of
her email/documents was revealed by physically removing her machine.
If she had used Tor, or a FBX that goes through Tor or some other anonymizing
overlay, identifying the sender by metadata would have been much more difficult.
-Jonathan
More information about the Freedombox-discuss
mailing list