[Jonathan Wilkes] > Hi Petter,You should look at something like Cables in Linux Liberte.
Are you talking about <URL: http://dee.su/liberte >? > But the only reason Cables theoretically* works is that everything > is delivered over Tor, and it typically runs on a machine where Tor > is being leveraged for everything. That at least gives the user > some protection if the email client happens to be doing something > screwy that the author of Cables didn't know about. > > With your proposal, you have to trust that both exim and whatever > email client not only don't have bugs. But more importantly, you > must know that your rules for when to sending/receiving over Tor are > perfect, _and_ that your documentation is effective enough to teach > your users not to mix, forward, leak, or otherwise undermine all the > work you are trying to do to hide their metadata. Oh, and keep in > mind that most clients do a fine job of hiding nearly all of the > ugly metadata from the user, so they're often not even aware it's > there in the first place. > > In short, if you let your users send unencrypted messages in the > same client/system as covert messages, your users won't be safe. > And if you force encryption for everything, you defeat the purpose > of using email and should instead choose a protocol/system designed > specifically to hide metadata. Thanks for the input. I'm not sure we are looking at the same threat model here. The information leak I try to get rid of is metadata being available to everyone listening on the network traffic between two people sending an email between each other. I do not quite see how bugs in exim and email clients can affect this. I suspect you talk about making sure no-one, even well funded and targeting attacers, can ever get access to information about the user and her email habits. That is a harder problem to address. Btw, I also came across <URL: http://johannes.sipsolutions.net/Projects/exim-tor-hidden-mail > when searching for people with similar ideas. The recipe there definitely look like something we could set up on the Freedombox. > * I've never used Cables, and it looks to be abandoned. But its > features and design are the most comprehensive I've seen for the kind of > messaging you're interested in doing. Is <URL: https://github.com/mkdesu/cables > the upstream project page? It seem to be modified just a few months ago. -- Happy hacking Petter Reinholdtsen _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
