[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata

Hi guys!

Just noticed this thread.  I wanted to just chime in and support this
idea. I think there is immense value to using normal e-mail over Tor and
the e-mail client I am working on (Mailpile) is looking to support this
sort of thing out of the box, including appropriate UI feedback so users
can understand when messages are sent (or received) securely and when
they are not (this is probably not a 1.0 feature, but it will be
included in a later release).

We have written straw-man description of some of our ideas here:
https://github.com/pagekite/Mailpile/wiki/SMTorP

Aside from that I wanted to respond to Jonathan's comment from before:

> In short, if you let your users send unencrypted messages in the same client/system
> as covert messages, your users won't be safe.  And if you force encryption for
> everything, you defeat the purpose of using email and should instead choose a
> protocol/system designed specifically to hide metadata.

In short, I disagree with this analysis. Although this may be true for
the high risk users with well funded adversaries, most people are
neither of those things.

If the goal is to simply improve the privacy of as many people as
possible, as much as possible, then an all-or-nothing attitude is
extremely counterproductive.

In Mailpile we are building an e-mail client that people can use today,
to communicate with the vast ecosystem of insecure e-mail addresses that
already exists.  We want to gradually, opportunistically improve
security whenever we can. If we exchange an insecure e-mail with
someone, and their headers (or attachments) imply that we could upgrade
to PGP, we should. If their mail also contains hints that we could
switch to SMTP over Tor, then we should do that too.  If this kind of
thing is done in a seamless, convenient fashion with a clear UI that
tells the user what is happening, then security can become a natural
part of people's e-mail experience and maybe we can break the
chicken-and-the-egg cycle of nobody using secure e-mail because nobody
users secure e-mail... and that will benefit the high-risk users as
well.

We won't get there in one step though, we'll have to live with imperfect
partial solutions for quite some time (probably forever). That's just
the way things are.

Cheers!
 - Bjarni

-- 
Sent using Mailpile, Free Software from www.mailpile.is
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Encryption key for Bjarni Runar Einarsson.asc
Type: application/pgp-keys
Size: 18318 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141018/3e47eb38/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141018/3e47eb38/attachment-0001.sig>
Reply to: