[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata

Petter Reinholdtsen pere at hungry.com
Sun Oct 12 06:33:36 UTC 2014


[Jonathan Wilkes]
> Hi Petter,You should look at something like Cables in Linux Liberte.

Are you talking about <URL: http://dee.su/liberte >?

> But the only reason Cables theoretically* works is that everything
> is delivered over Tor, and it typically runs on a machine where Tor
> is being leveraged for everything.  That at least gives the user
> some protection if the email client happens to be doing something
> screwy that the author of Cables didn't know about.
> 
> With your proposal, you have to trust that both exim and whatever
> email client not only don't have bugs.  But more importantly, you
> must know that your rules for when to sending/receiving over Tor are
> perfect, _and_ that your documentation is effective enough to teach
> your users not to mix, forward, leak, or otherwise undermine all the
> work you are trying to do to hide their metadata.  Oh, and keep in
> mind that most clients do a fine job of hiding nearly all of the
> ugly metadata from the user, so they're often not even aware it's
> there in the first place.
> 
> In short, if you let your users send unencrypted messages in the
> same client/system as covert messages, your users won't be safe.
> And if you force encryption for everything, you defeat the purpose
> of using email and should instead choose a protocol/system designed
> specifically to hide metadata.

Thanks for the input.  I'm not sure we are looking at the same threat
model here.  The information leak I try to get rid of is metadata
being available to everyone listening on the network traffic between
two people sending an email between each other.  I do not quite see
how bugs in exim and email clients can affect this.

I suspect you talk about making sure no-one, even well funded and
targeting attacers, can ever get access to information about the user
and her email habits.  That is a harder problem to address.

Btw, I also came across 
<URL: http://johannes.sipsolutions.net/Projects/exim-tor-hidden-mail >
when searching for people with similar ideas.  The recipe there
definitely look like something we could set up on the Freedombox.

> * I've never used Cables, and it looks to be abandoned.  But its 
> features and design are the most comprehensive I've seen for the kind of
>  messaging you're interested in doing.

Is <URL: https://github.com/mkdesu/cables > the upstream project page?
It seem to be modified  just a few months ago.

-- 
Happy hacking
Petter Reinholdtsen



More information about the Freedombox-discuss mailing list