-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nils,
I meant to include this with the really long email I sent you and the list - I would like to register the domain name today so I can bring it live - but I can't for the life of me think of an domain name that fits. Do you or anyone on this list have any ideas that may fit: - -An email service that connects MTAs from the Internet to an email anonymizing email service on tor. - -An email service that supports the the freedom of expression. - -An email service that will not turn over any data to any governmental body for any reason whatsoever. Thanks! - --Rock On 9/19/2013 12:08 PM, Rock wrote: > Nils, > > I'll gladly disclose the systems - I want to be be as transparent > as possible, as I feel that was one of the major faults of tormail > was the lack of transparency which led to it's downfall, as we saw > when we realized that it was brought down as it was all completely > hosted on one sole source, Freedom Hosting. > > That will be the fail safe - this project isn't solely hosted. The > plan is once the proof of concept, by that once I make sure that my > code works and the team works and and users are pleased with the > service and people are happy with the transparency, and we're > providing a valuable service to ensure the ability for others to > have freedom of expression, freely, especially from areas where > it's restricted, without fear of reprisal or fear of someone > providing their information to a governmental source, which > hopefully there will be enough volunteers to ensure that these > services are adequately provided. > > At this point though the backup location isn't ready for for > complete configuration - I only have the certificates for the VPN > between the two sites configured and I'm still working on the the > failsafe code basically, honestly, it's not security through > obscurity, it's just the need to complete the actual code to > ensure that physical site A is taken offline, then physical site B > will come online with the same hash hostname. > > So basically, the final design will be as follows, mtas will > deliver be configured to deliver to both all of the data servers > (we will start off with at least two sites), but only one data > server will be the primary data server at a time. That primary > data server will mount the other ones remotely via a vpn > connection and have the db constantly written to the secondaries. > If the primary goes doe down, one of the secondaries will take > over. If for some reason, the hostname is considered "compromised" > (such as a primary server being seized by a governmental > organization and replaced), the hostname of the next secondary will > start being used. Such a change will be propagated via Social > Media and other means. But any way, the nice ascii graph. > > Internet---------MTAs---------Primary Data Server---------tor users > | | | | | | | | > | | Secondaries--(OpenVPN) | | | | tor users > > There's some already coded solutions that I'm looking into that I > just want to make sure work with tor hidden services. There's > also some solutions that people smarter than me on this list > probably know about that hopefully may share with me. > > The way the service is set up will be documented. The other team > member and I will be actively documenting everything and ensuring > that we have everything documented and again, as transparent as > possible. For this little project I hope plenty of people > volunteer, plenty of people participate in a open provide feedback > and ideas because you know what, I might have ideas, I might have > solutions, but I'm sure someone might have something better. > > Thanks for your feedback! > > --Rock > > On 9/19/2013 9:41 AM, Nils Kunze wrote: >> Please correct me if I'm wrong, but you not wanting to disclose >> details about those "other fail safe systems" publicly sounds a >> lot like security through obscurity which certainly is not a good >> idea. > >> Nils > > >> 2013/9/18 Rock <[email protected]> > >> Mick, > >> I have researched the ownership and governmental cooperation of >> each company I have chosen and there's also a specific reason why >> I've chosen some companies. The MTAs are not as worrysome as the >> data servers are, but the data servers will have drive level >> encryption, partition level encryption, and file level >> encryption - so yes, the NSA can beat three levels of encryption, >> but they can't beat an emergency track low level format (if we >> have that much warning.) > >> There's other fail safe systems that I would rather not disclose >> publicly that protect the data from the prying eyes of >> government, that I personally know will be effective in >> preventing any Intelligence Community organization from >> obtaining anything from the data servers. If you want to discuss >> certain aspects of this please email me off the list. > >> --Rock > >> On 9/18/2013 8:19 AM, mick wrote: >>>>> On Tue, 17 Sep 2013 20:34:36 -0400 Conrad Rockenhaus >>>>> <[email protected]> allegedly wrote: >>>>> >>>>>> >>>>>> The development servers are in separate jurisdictions >>>>>> throughout the world. For the initial proof of concept, I >>>>>> have two MTAs and two Data Servers, with one spare >>>>>> server. Each one is in a separate jurisdiction to make >>>>>> it more difficult to tap. >>>>> >>>>> Forgive me if I am teaching grandmother, and I am sure that >>>>> you have this covered, but the location of the servers is >>>>> not the only, or necessarily most important, point to >>>>> consider. The crucial point is the legal juridisction >>>>> within which the server/DC/network owners reside. >>>>> >>>>> For example I could pick servers in the Netherlands, >>>>> Germany and HongKong and find that all were provided by a >>>>> US company. >>>>> >>>>> Mick >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> >>>>> > >>>>> >>>>> Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F >>>>> E60B 5BAD D312 http://baldric.net >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>> >>>>> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSOy0AAAoJEOfLWO5paP3NA/sP/AzJm9S6+mlTPq+e7uQ7JclT I66mNWZhLIXc3eIHAT2c0svSmmPVMpnZgjyVxQc3DoCbWrq4NNUVCLoNFIPKIDNy luGXVUNe91psISdvgsm5s8+a44KRSta3lhm5VB/FW0npsWNEokdB1wXMgn1eKXxK aQHnleAjLcfQOJb4WKRQS7ClIoTj0omiszDCZ+JeUuqByNiWAsUWUw+trkcwr8BW Jvaldrfq24YA1Y2L81Lk4jKJNrb4D/olAWfiu8q1eX/rj4zk1dB1Zv9TJR8lJfs9 JTjTmnDlIhR079fynQHy0tocwXN+aIE3cj2iPuSlePNesQdLB5cdxYMz4vjPAie5 aNruzVHP5meVpagsw3C4X/xLCBznwmN6Y4EFGz2vEGHZ4wGPQtbceM3AqSfhS8IH YSOg8LpDWac+buScM1tjO8MYQYAE1Ni+O4gdiq+a6kKFI6/Uzs9IxbZU1EaS9WMm KFBni6W8cfJcVEV+5MOgPefuKPq9Eqai1EwWz4MohjBkNvTSMR5cIgI6L412uWf9 a08grytIXZbOPhEmhx0XjA5jsQGeTkSmtttguFoK96/RdQonbdRO9dV/M2ictvnB h5cCqp7X4eEM7svE2wmnYw5IW5pYrNL4mMsh4rC+VIEVMMMhpSSV0GAMO0kjv4r9 XR9gCAyo4KbyeVlyz8B+ =gb1g -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
