[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata

Sun Oct 12 17:00:12 UTC 2014

Hi Petter,I'm not sure I understand what you mean.  Cables includes within it the subset of features you need for fbx <-> fbx communication resistant to meta-data snooping.  What does your proposed system do that Cables does not?

Also, I didn't know it was still under active development.  I should add that AFAICT it hasn't been peer-reviewed, which is unfortunate (but fixable, all you research folks out there...)

-Jonathan

On Sunday, October 12, 2014 2:33 AM, Petter Reinholdtsen <pere at hungry.com> wrote:

[Jonathan Wilkes]
> Hi Petter,You should look at something like Cables in Linux Liberte.

Are you talking about <URL: http://dee.su/liberte >?

> But the only reason Cables theoretically* works is that everything
> is delivered over Tor, and it typically runs on a machine where Tor
> is being leveraged for everything.  That at least gives the user
> some protection if the email client happens to be doing something
> screwy that the author of Cables didn't know about.
> 
> With your proposal, you have to trust that both exim and whatever
> email client not only don't have bugs.  But more importantly, you
> must know that your rules for when to sending/receiving over Tor are
> perfect, _and_ that your documentation is effective enough to teach
> your users not to mix, forward, leak, or otherwise undermine all the
> work you are trying to do to hide their metadata.  Oh, and keep in
> mind that most clients do a fine job of hiding nearly all of the
> ugly metadata from the user, so they're often not even aware it's
> there in the first place.
> 
> In short, if you let your users send unencrypted messages in the
> same client/system as covert messages, your users won't be safe.
> And if you force encryption for everything, you defeat the purpose
> of using email and should instead choose a protocol/system designed
> specifically to hide metadata.

Thanks for the input.  I'm not sure we are looking at the same threat
model here.  The information leak I try to get rid of is metadata
being available to everyone listening on the network traffic between
two people sending an email between each other.  I do not quite see
how bugs in exim and email clients can affect this.

I suspect you talk about making sure no-one, even well funded and
targeting attacers, can ever get access to information about the user
and her email habits.  That is a harder problem to address.

Btw, I also came across 
<URL: http://johannes.sipsolutions.net/Projects/exim-tor-hidden-mail >
when searching for people with similar ideas.  The recipe there
definitely look like something we could set up on the Freedombox.

> * I've never used Cables, and it looks to be abandoned.  But its 
> features and design are the most comprehensive I've seen for the kind of
>  messaging you're interested in doing.

Is <URL: https://github.com/mkdesu/cables > the upstream project page?
It seem to be modified  just a few months ago.

-- 
Happy hacking
Petter Reinholdtsen

_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141012/2da09aba/attachment.html>