[Freedombox-discuss] Own-mailbox

Leen Besselink freedombox at consolejunkie.net
Thu Oct 15 10:44:42 UTC 2015


Hi,

Maybe I missed it while looking at the kickstarter page, but I didn't
actually see anything about what I would consider are the hard problems
they would need to solve.

Which is:
- easy to use and secure backup and recovery of key material.
- public key/trust distribution

Because they are doing PGP mail, you'll have keys and they need to be
recoverable.

And you are keeping all your mail on a small device. What happens when
it breaks ?

Creating encrypted backup and sending it to some provider is easy,
restoring is a bit harder.
But not difficult: you'd just need to have it as an option when
someone starts up the device
the first time (install or restore from backup). That sounds fairly
easy.

But the question is what do you do with the keys ?:
Where does your mother or farther keep his/her key for decrypting that
backup ? Printed
on a piece of paper at the local bank in a safe-deposit box ?
On their smartphone ?
At the home of their son or daughter ?

Do they understand what to do when the device is broken, lost in a
fire, etc. ?

Do you buy 2 of these devices for when one breaks ? So you can keep
receiving mail for your home business ?

And the key distribution problem is easy to explain, but not solve:

How do you prove to someone your key is yours ?

Thus how do you bootstrap trust ?

Well, that was just my thoughts. :-)

On Thu, Oct 15, 2015 at 04:47:00AM +0000, Jonathan Wilkes wrote:
> Freedombox actually had a much more seductive premise-- that the tools to 
> "secure all the things" are just sitting out there in free software-land waiting to 
> be glued together.  All that was needed was for a small group of developers to 
> tap the spirit inherent in projects like Debian or GNU and harness it to tackle 
> the problem of usability.  Then, like legos, everything would eventually just click 
> together.  It happens to be a false premise, but it obviously got the project well 
> past its goal.
> If anyone thinks it's not a false premise, however, I have a challenge 
> for you.  Take the interface from Popcorn Time and make it work for some 
> selection of public domain movies, while providing anonymity to both the viewers and the providers of the content.  And you must do it while keeping 
> all the features of their interface:* zero configuration* user clicks a button to start streaming the content* user seeds the content they're streaming
> This challenge is way simpler than a Freedombox because the data being passed around is just commodity content; juggling personal data, private messaging or social networking is obviously much more complex.  Still, I'd 
> be quite surprised if anyone could pull this off using extant free software.
> 
> -Jonathan
>    
> 
>   On Wednesday, October 14, 2015 8:34 PM, Fred Schiff <eldersprig at gmail.com> wrote:
>    
> 
>  This kickstarter did not make it.  It was a much less ambitious project then the Freedombox and perhaps just not well advertised.
> 
> On Thu, Sep 10, 2015 at 12:28 AM, yannick <sevmek at free.fr> wrote:
> 
> Hi,
> I want to point this hardware/software project out:https://www.kickstarter.com/projects/1547898916/own-mailbox-the-first-100-confidential-mailbox
> "Own-mailbox protects your privacyDid you know that all traditional email providers (GMail, Outlook, Yahoo Mail, ...) can spy on you? As they have access to all emails that you write, they can be forced to disclose them to governments and intelligence service. In addition, many of these companies also access and analyze your emails for marketing purposes.Own-Mailbox is designed to make sure that no one can spy on you, not even us."
> Smaller scope but I bet quickly achievable.
> Regards



More information about the Freedombox-discuss mailing list