[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata
Jonathan Wilkes
jancsika at yahoo.com
Sun Oct 12 17:00:12 UTC 2014
Hi Petter,I'm not sure I understand what you mean. Cables includes within it the subset of features you need for fbx <-> fbx communication resistant to meta-data snooping. What does your proposed system do that Cables does not?
Also, I didn't know it was still under active development. I should add that AFAICT it hasn't been peer-reviewed, which is unfortunate (but fixable, all you research folks out there...)
-Jonathan
On Sunday, October 12, 2014 2:33 AM, Petter Reinholdtsen <pere at hungry.com> wrote:
[Jonathan Wilkes]
> Hi Petter,You should look at something like Cables in Linux Liberte.
Are you talking about <URL: http://dee.su/liberte >?
> But the only reason Cables theoretically* works is that everything
> is delivered over Tor, and it typically runs on a machine where Tor
> is being leveraged for everything. That at least gives the user
> some protection if the email client happens to be doing something
> screwy that the author of Cables didn't know about.
>
> With your proposal, you have to trust that both exim and whatever
> email client not only don't have bugs. But more importantly, you
> must know that your rules for when to sending/receiving over Tor are
> perfect, _and_ that your documentation is effective enough to teach
> your users not to mix, forward, leak, or otherwise undermine all the
> work you are trying to do to hide their metadata. Oh, and keep in
> mind that most clients do a fine job of hiding nearly all of the
> ugly metadata from the user, so they're often not even aware it's
> there in the first place.
>
> In short, if you let your users send unencrypted messages in the
> same client/system as covert messages, your users won't be safe.
> And if you force encryption for everything, you defeat the purpose
> of using email and should instead choose a protocol/system designed
> specifically to hide metadata.
Thanks for the input. I'm not sure we are looking at the same threat
model here. The information leak I try to get rid of is metadata
being available to everyone listening on the network traffic between
two people sending an email between each other. I do not quite see
how bugs in exim and email clients can affect this.
I suspect you talk about making sure no-one, even well funded and
targeting attacers, can ever get access to information about the user
and her email habits. That is a harder problem to address.
Btw, I also came across
<URL: http://johannes.sipsolutions.net/Projects/exim-tor-hidden-mail >
when searching for people with similar ideas. The recipe there
definitely look like something we could set up on the Freedombox.
> * I've never used Cables, and it looks to be abandoned. But its
> features and design are the most comprehensive I've seen for the kind of
> messaging you're interested in doing.
Is <URL: https://github.com/mkdesu/cables > the upstream project page?
It seem to be modified just a few months ago.
--
Happy hacking
Petter Reinholdtsen
_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141012/2da09aba/attachment.html>
More information about the Freedombox-discuss
mailing list