[Freedombox-discuss] Email Encryption Basics

Jonathan Wilkes jancsika at yahoo.com
Sat Nov 17 07:48:51 UTC 2012





----- Original Message -----
> From: Elena ``of Valhalla'' <elena.valhalla at gmail.com>
> To: freedombox-discuss at lists.alioth.debian.org
> Cc: 
> Sent: Friday, November 16, 2012 11:15 AM
> Subject: Re: [Freedombox-discuss] Email Encryption Basics
> 
> On 2012-11-16 at 14:22:07 +0000, Michael Rogers wrote:
>>  > Your IMAP server should be on your FBX.
>>  Yes, in an ideal world we'd all run our own mail servers. In the real
>>  world it's not possible to run a mail server on a home broadband
>>  connection, 
> 
> actually, you *can* run an *IMAP* server at home, it's the *SMTP* 
> part that is problematic. 
> 
> Actually, if your home connection has a public IP, you can 
> use some kind of dynamic DNS provider, and you have a friend with 
> a computer that can act as a backup MX, you should be also 
> able to run a receiving SMTP server, the real problem is that 
> mail *sent* from home connections isn't accepted by most SMTP 
> servers around the world, because of spam blacklists.
> 
> Even if you decide to use somebody else's service for email, 
> it is perfectly feasible to download it to an home server 
> via POP3/IMAP, delete it immediately from the 3rd party provider 
> and serve it via IMAP to the local network, or to a locally running 
> webmail.
> 
> Of course it is not a solution against illicit eavesdropping, but 
> it will mean that you won't have mail that is older than 180 days, 
> or younger, but read on a 3rd party service that can be easily
> subpoenad.
> Mostly, it will put the survival of your email archive in your hands, 
> rather than keeping it under the goodwill of some provider that 
> could decide to stop offering its services.

From this discussion it occurs to me that FBX has two functions:
the first can be characterized with the vault metaphor I outlined
previously-- basically files and data over which the user wants
a) complete control over data: tax documents, project data files,
private diary, etc.
b) shared control over data, delegated for backup (and possibly
other) purposes among a set of trusted friends such that m/n friends
can recreate the data for the user-- possibly the same as "a" above
c) shared control over data, shared with n trusted friends for whom
keeping the close relationship outweighs any benefit that would come
from leaking the data to others-- encrypted IM session, encrypted
email correspondence, encrypted social network group correspondence,
photo sharing, etc.

A is a safety deposit box, B is giving your spouse/lawyer/etc. each a
spare key to the safe (not quite as good, I know), and C is the secret
stash of "naughty" books in the club treehouse.

The second function is, "let's make sure I have my own personal copy
of that data about me that someone else owns."  This is actually a very
strange thing to be doing, and the only metaphor I can think of is that it's
like a freecreditscore.com in the "free software" sense of the word.  In
other words, some entity has my data and uses it to make inferences
about me-- which are beyond my control-- and sells that data to third
parties, so FBX basically gives me the convenience of storing my own
copy of that data (sans inferences) just in case that entity goes under
or tries to change the TOS on me.  Thus, like freecreditscore's _pitch_,
FBX offers the user peace of mind wrt their data.  Here I think of Diaspora's
connect-to-facebook feature, automating a feature to post microblogs
on a wordpress site on Twitter or Facebook, using Thunderbird with
Gmail, etc.

Personally I find the first set of functions the most important, but I do
understand the benefit of temporarily using the second function in order
to bootstrap and maintain existing connections with friends on infrastructure
we all understand to be broken currently.

After some reflection, though, I think it's a bad idea to mix these two functions.
While there's nothing wrong with taking data from the freecreditscore-type function
and putting it in the vault, or taking data out of the vault (if you are certain you
no longer want it to be private) and sending it to some other entity, I don't think
it's wise to try to build a vault inside of the freecreditscore-type infrastructure.

For example, if you
use FBX to send an encrypted message _through_ a gmail account and it doesn't
work, you've wasted time that could have been spent on a more secure solution.
If it actually ends up working reliably, you're encouraging wider adoption of
a strategy which will undoubtedly become a source of its own demise, as there
is little value in Google providing access for email they can't mine.  Either way,
the result is unsustainable.

Anyway, I think there's a sea change occurring on how people look at the trade-off
between convenience and privacy.  Tonight on Real Time with Bill Maher, Bill asked
the guests what the FBI is doing reading the emails of people involved in a sex
scandal.  That's the first time I've ever heard a comedian address online privacy like that;
the Guardian had a pretty detailed piece asking this question, too:
http://www.guardian.co.uk/commentisfree/2012/nov/13/petraeus-surveillance-state-fbi

-Jonathan




More information about the Freedombox-discuss mailing list