Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy

Peer-To-Peer Encrypted E-mail 152

Posted by timothy from the the-more-corrupt-the-state dept.
Markv writes: "CNET has an article about a peer-to-peer e-mail system called SafeMessage(TM) from AbsoluteFuture.com that could confound law enforcement. Not only is it peer-to-peer, the message is encrypted before it leaves the sender's computer, and the decoder key is destroyed. According to the article, AbsoluteFuture's SafeMessage system would potentially allow people to operate below the radar screen of the FBI's Carnivore program." So Carnivore may be good for something after all! Actually, though, how is this different (or less complicated) than, say, using PGP and an IRC client (with DCC) to effect the same sort of transfer?
This discussion has been archived. No new comments can be posted.

Peer-To-Peer Encrypted Email More

Peer-To-Peer Encrypted Email

Comments Filter:

  • Re:Why PGP sucks. (Score:1)

    by Anonymous Coward
    They already have integrated it into Outlook to a large extent. Prior to converting to Linux I used Windows and Outlook. NAI's commercial PGP package placed a little icon on the Outlook toolbar that, when clicked did the encryption/decryption.

  • Re:Why we need Carnivore (Score:1)

    by Anonymous Coward
    Not going to go into the obvious flamewar here, but napster didnt START "warez". Havent you heard of the Homebrew Computer Club? unintentionally becoming the first source of pirated software, a stolen reel of Altair Basic. And this was 20 years ago. So lets not go blaming napster for warez. Now, as for your opinions concerning the innocence of having the government monitor your email to prevent anarchic collapse and corruption or whatever, I can find a few faults. For one thing, government servicemen are people too. People lie, cheat, steal, bribe, extort, and blackmail. More importantly, the Internet has survived as underground anarchist terrorism. since the beginning. and BTW, FUCK YOU NAZI BASTARD. Hollywood isnt completely run by jews anymore than work ethic being an entirely protestant idea. so can the antisemitism and whatnot. --underground anarchist terrorism. http://www.kaotix.net visit, blow up government building, repeat.

  • Carnivore and Man-In-The-Middle attack (Score:1)

    by Anonymous Coward

    Note that if the FBI can install enough Carnivore units in enough locations, it might credibly launch massive man-in-the-middle attacks against public key cryptosystems. MitM (qv _Applied Cryptography_, Schneier, p48) can be used to break RSA, ElGamal, or any other public key exchange based cryptosystem, regardless of key length, with very little computational effort (ie, it is not a "brute force" type attack) as long as the attacker can guarantee the ability to intercept and replace all communication between the subjects of the attack. It is not clear whether or not Carnivore can perform such interception (some accounts make it out to be a passive sniffer, others suggest it is an in-line network hop), but in this game paranoia is a job requirement. Until we can establish that Carnivore does not have this capability, we must assume that it does.

    -- Guges --
  • /* Try writing 'GNU' without using an acronym. Go ahead. Try it. I dare ya. */
    GNU's Not UNIX.

    GNU is the proper name of the project, not just an acronym. So you can argue that it's still an acronym in its expanded form, but nobody ever expands it further, which would be redundant anyway, so in a sense, "GNU's Not UNIX" doesn't contain an acronym.

    ObOnTopic: It would be nice to see some cross-polination between open source ICQ clients. It's far more convenient for me to run Zicq (text mode ICQ client) under Screen than to restart a graphical ICQ client like Licq any place I get on the Net. The RSA features of Licq sound pretty cool, tho'.
    - -
    One good geek deserves another.

  • PGP/GPG use a symetric key algorithm such as 3DES to encrypt the contents of the email. With each and every email a new symetric key is randomly generated. This is called the session key. To have a stronger system the symetric session key must be randomly generated each and every time. The public/private key pairs are used to encrypt the symetric session key. Read the docs, it is all there.

    Like other posters I don't see the big deal. I don't see how this could be any stronger then pgp/gpg.

  • Part of the problem with encryption is that it has to be used carefully and properly to be of any use. Towards that goal it actually helps to have the crypto in the user's face. I am waiting for someone to code something that proves me wrong. I have seen too many systems where the user is never sure if the file/email was encrypted or not or the system imports any untrusted key by default.

  • If you expect your users to be braindead, then the security measures won't add any security. The OpenPGP standard with the "web of trust" was made so that doing PGP would be as simple as the conceptual model (i.e. - you don't have to do anything "special" just because the coders were too lazy to do it for you), but it didn't make anything insecure. If users have a simple "secure my email" flag set, then they will have a false sense of security by setting it.

    The web of trust security model makes key exchanges fairly simple and transparent - all you have to know is one or two known good keys, and everything else is all set. In addition, you can verify keys without copying the whole thing, just ask for a "fingerprint", which is a shortened version that is useful for identification.

    Security requires both knowledge and time. If you or your users are not willing to put up with that, then just accept doing things in an insecure fashion. There's nothing wrong with that. But there is something wrong with giving a user a false sense of security. Let the user choose - take the time and effort to be secure, or save time and effort, and be willing to take responsibility when your emails are intercepted.
  • Bandwidth isn't free, but it's cheap enough. Mail - even with lots of dummy messages flying about - uses a fraction of the bandwidth of Web browsing with images, downloading software, or any of the more whizzy things you might do. So cost isn't a big issue, unless you need to buy a new mail server.
  • One solution to this would be for systems to establish a 'permanent' (ie be connected all the time you are online) connection to a remailer. Then continuously exchange a steady strea, of fixed packet length encrypted data. That way a snopper cannot perform traffic analyis nor even determine when you are sending or receiving email/messages. You would, of course, have to 'trust' the remailer.

  • "...throw your message through a compression algorithm, like zip or gzip then hit it with PGP."

    Read the PGP source code. Compression-before-encryption is already in place, standard. Unless things have changed, the InfoZIP (a la PhilKatzZIP) method is still used, just as it was in the early versions of PGP. (I haven't actually tracked PGP source changes since I started tracking GnuPG [gnupg.org] source, preferring a free(-as-in-freedom) alternative to the .COMmercial [pgp.com] code.)

    IIRC, somewhere in the docs I believe you will find an explanation as to why compression-before-encryption is utilized / good practice. You DID read the docs before using any crypto software, right? (cf. {insert link here about why RTFM is even more important with crypto than with other software} This link is left as an exercise for "Reply" karma-gleaning, heh.)

    Since it's in the docs, not just the source, I'm surprised you don't know this. LOL.

    (I'm not surprised others don't read crypto source before trusting it, but I *am* surprised if they don't at least RTFM. Would they also run untrusted binaries they receive via attachments to unsolicited email?)

  • It's useless to lynx users (or anyone unable or unwilling to usejava) AFAICT. :-(

  • Explain to me how a text file (which is what email is, right? plain text, per RFC 822, right?) can be *cough* "auto-shredding" please.

  • "Is there any voice encryption avaiable."


    There most certainly is. The first cross-platform app that comes to mind is Speak Freely [fourmilab.ch] and the documentation at that URL says, among other things:

    Speak Freely is a [sic] application for a variety of Unix workstations that allows you to talk (actually send voice, not typed characters) over a network. If your network connection isn't fast enough to support real-time voice data, various forms of compression may allow you, assuming your computer is fast enough, to converse nonetheless. To enable secure communications, encryption with DES, Blowfish, IDEA, and/or a key file is available. If PGP is installed on the user's machine, it can be invoked automatically to exchange IDEA session keys for a given conversation. Speak Freely for Unix is compatible with Speak Freely for Windows, and users of the two programs can intercommunicate.


    That sounds to be exactly what you are looking for, and then some. If you are a Debian user, you can even "apt-get install speak-freely" and poof! :-)

  • If the US is a mere thinking-man's experiment, and idea of government that can't possibly work in it's original format, I'd rather see that than to have them modify it on the fly into a paranoid socialist society, the way it is moving now.

    I hope that:
    A) This was a clever joke.
    B) If not, your opinions are not widespread. Besides, carnivore does NOT address the problem. Anyone serious about blowing up a big building is going to encode their messages. By any media. THat's just common sense. And, as far as we know, we have ciphers that can't be broken reasonably right now (although the NSA might actually be laughing at us for such mediocre crypto).

    What this means, then, is that Carnivore is most likely a blantant, pointless infringement upon the privacy of people who don't realize they need to encrypt their mail. They can, in theory, watch for anything they want and who knows what they will watch for, really.

    I abhor blantant, pointless intrusions into the general populace's privacy.
    - Paradox
    Man of the C!!!
  • I have about 8 billion under various soda cans in my places of residence if you want some. They may have moisture stains on them though. Cold soda cans drip!
    - Paradox
    Man of the C!!!
  • peer ro peer I would have thought that IPSEC would have been better

    and if it's email it might be better to use jabber
    over IPSEC

    just a thought
  • Actually, the key is "eineew a si nnamremmiZ pilihP". Shhh, don't tell anyone!
  • Would you be content an ISP employee viewing this perfectly well encrypted message as it passes through their servers?

    Yup. Any ISP employee who's able to read the headers is probably also quite capable of proving that gaspowereddildoes.com is a nonexistent domain... and probably REALISES that you're just trying to wind up the carnivore box ;-)

  • Is there any voice encryption avaiable. Or does the FBI have a lock down on that. You would think that you could buy a phone that supports encryption but I don't see any.

    I know PGP has something like it but is that the only thing.

    atto
  • Way too inpractical, especially for a large number of recipients. I think we should stick with PGP and S/MIME (if they'd only be more widely supported...) and strong encryption.

    Of course you will still be subject to traffic analysis et al., as others already pointed out.

  • does username@ipnumber not work as an address?

    Nope. In any case, several ISPs block all outgoing and incoming SMTP traffic at their routers in order to reduce spam.
  • Presumably it doesn't protect itself from me taking a photograph of the screen, though. What would be more useful would be if there was no way to directly tie it back to the sender, so the "It wasn't me - that's a forgery" argument could be used.

    Of course, that means that I can't guarantee that the mail really comes from the apparant sender. I can't really see how you could have it both ways, though.
  • Things like this just plain out don't work. Here's why: To be useful, the recipient must be able to read the message that you sent. Therefore, there is a copy on the recipient's computer. There is no way to force someone to delete information. I can copy and paste text, print out a copy, take a screen capture, or copy the message by hand.

    That's right, and locks on the doors don't stop people stealing from your house. After all, it might be your wife who steals everything and she has a key. Oh... but maybe locks can help to keep out those people you haven't actually chosen to trust?

    If you are sending messages that you would not want diseminated to people and the people you are sending them to are people who you do not trust then encryption software will not help you. If you are sending mesages that you only want certain people to read, presumably people who you trust, then it can help to prevent others from intercepting the messages.
  • Does this new program mean that all the terrorists have to do is load the damn thing up and speak freely without worry of repercussion?

    So if I understand you correctly, you're implying that at the moment terrorists for some reason don't use the excellent encryption that's already freely available to them? Could you explain the reasoning behind that?
  • the sender's computer, and the decoder key is destroyed.

    Ok, I'm all for privacy, but that's really taking things a bit far...

    (yes, I know)

  • You have a problem with that? Just press "send" and run like hell.
  • Every effective troll needs that certain attention to detail. I appreciate that. But troll or not, stunt-casting Richard Jewell here may not be your best move. I recall that his lawyers ripped the Atlanta Journal-Constitution Several New Ones a few years ago. You may want to review that case. Hope this helps.

  • So Carnivore may be good for something after all!

    What you're saying is: Carnivore costs millions (billions?) of tax dollars, and is easily circumventable. How is that good for anything?

    -Chris
    elion@caltech.edu

  • Actually, though, how is this different (or less complicated) than, say, using PGP and an IRC client (with DCC) to effect the same sort of transfer?

    For one thing it sounds a HUGE amount easier. I don't know about anyone else, but I think I'd rather take my chances on the Feds sniffing my mail than go through the kind of crap described here. This system basically does what GUIs do for OSes: make them available to and usuable by the masses.

  • Because anything bigger than (I think) 3072 is stronger than the hashing...

    Oh wait, that's the signature and passphrase.

    I'll shut up now.
    --------
    "I already have all the latest software."
  • Now I remember. PGP uses that really long public key to encrypt a symmetric key, and that symmetric key is only (I think) 128 bits. So I think a public key > 3072 bits is stronger than the 128-bit symmetric key.
    --------
    "I already have all the latest software."
  • I thought it was SSL.
    --------
    "I already have all the latest software."
  • I believe @[ipnumber] works though; you just have to surround it with square-brackets.
  • This sort of depends on how one handles the key exchange. The idea behind a public key system is that you verify that the key belongs who you think it belongs to either yourself or through a chain of people you trust to make that determination. SSL and S/MIME works on this system in fact, but is just pre-programmed to trust Verisign, Thawte, etc. So, as long as the 'web of trust' keeps its integrity, Carnivore will fail to execute a viable MiTM attack. If people blindly trust all public keys as belonging to the person the key says it belongs too; well, then they don't understand the tools that they are using.

  • The Internet, E-Mail, FTP, and such are all vital components of the World Wide Web...

    Uh, last time I looked, E-Mail, FTP and World Wide Web were components of the Internet. Internet is not a WWW protocol.

    Bzzzzzzt! Oh well! But hey, we have some wonderful consolation prizes for you, and thanks for appearing on "Morons Who Explain Internet Security"! Lets bring out our next contestant Mary! [as we fade, we hear the voice of Don Pardo] Mary is a full time community service worker from the Porkwood Estates Mobile Home Park...

    "I will gladly pay you today, sir, and eat up

  • Why was it illegal to dress as Indians?
  • There is a plugin in which you leave the graphical licq running on your computer and you can telnet into the program and do stuff like send messages remotely. It's pretty cool.
  • Well, i believe pgp will integrate itself into outlook and eudora. I've used it with outlook before...just click a button saying you want to encrypt it. The only difference is when you hit send, you must pick the key of the person you're sending to. Thats probably what average users still wouldn't understand. We need to educate them on this. Just as we don't use postcards for all our affairs inthe mail system, nor should we be using unencrypted email in the electronic system.
  • The need of the Government (take your pick on which one) to monitor the actions of some of it's citizen's actions is an important responsiblity.

    However, it has been clearly documented in our history that people who engage in what is illegal today become our celebrated heros in years to come. Consider the Boston tea party.. our forefathers dressed up as indians and though tea into the Boston harbor. Hardly legal, but an action of civial disobendace.

    Consider as well that under the United States Constution, the groups that you describe not only have the right to exist, but deserve protection. I may not agree with thier views, but I'll defend to my death their right to have them, just as I expect them to do the same regarding my views.
    In regard to your idea to permit a "law-abiding government serviceman" peak at my messages, you totally give up your rights under the Consitution (Illegal search and sesure and implicitly the right to be 'left alone'). Do you also let the officer search your car because he wants to? If so, you've already failed the people who died to protect your freedoms.
    Sleep tight - We'll be taking over the government soon.. you can still be a sheep :)

  • Re:Let me try to correct.. (Score:2)

    by Anonymous Coward
    You need to put the IP number in square brackets []. Then it becomes an 'IP literal' as per RFC 822.
  • Things like this just plain out don't work. Here's why: To be useful, the recipient must be able to read the message that you sent. Therefore, there is a copy on the recipient's computer. There is no way to force someone to delete information. I can copy and paste text, print out a copy, take a screen capture, or copy the message by hand.

    Ifyou think this scheme will work, I have an island in the bahama's I'd like to sell to you *cheap*.

    -B
  • Of course, the best way to assure your protection is to run a public remailer yourself--that way you can be sure that at least one remailer in your chain will forward no previous headers and keep no logs. Then, you have absolute deniability even if traffic analysis hints at your involvement with the message in question
    That wouldn't quite work, would it? Part of the security of remailers is wide use, since it's possible to detect that a particular computer communicated from the remailer, and it's not really possible to hide the remailer itself from the recipient. So, if you had your own remailer and few others used it (as would probably be the case unless you invested a lot of effort into advertising it), it would be a good guess that anything coming from the remailer is essentially coming from you.

    While delays and other chaft could be used to partially obscure the activities of the remailer, it wouldn't be much more secure than normal mail, in terms of being trackable.
    --

  • What the heck are you talking about? The longest "word" is 65 characters. What are you using, a cellphone?
  • Start at Yahoo's privacy directory [yahoo.com] I guess.

    Zero Knowledge [zeroknowledge.com] has a commercial product called Freedom [freedom.net] that provides several different anonymized internet services.

  • Notice the spaces in the middle of that text you so carefully captured? It's your lameass Mac+Microsoft browser that's butchering the content. Look at the source of the page. There are carriage returns after every 65 chars in that block. Browsers should break on all whitespace to fit content to the page.

    Here's a nickle. Go buy yourself a real OS and browser.

  • There is a really really cool algorithm called Diffie-Hellman that allows one to create a temporary key between two people one of thin air which both can encrypt and decrypt a message with and then throw away.

    Each person agrees on a large prime number, p, and a base number g less than p-1. This could be hard coded into the software or generated when the user installs their software.

    Lets use p=7 and g=3

    Now lets say person A and person B wish to send a secret message using a temporary key. Both use p=7, g=3. First both generate a random number that's less than p-1 called r.

    Person A uses r=2
    Person B uses r=6

    The users then compute y = g^r mod p.

    Person A computes y = 3^2 mod 7 = 2
    Person B computes y = 3^6 mod 7 = 1

    Then each user transmits y to the other person. Next each person computes x = y^r mod p and uses x as their secret key.

    Person A computes x = 1^2 mod 7 = 1
    Person B computes x = 2^6 mod 7 = 1

    See, both x's are equal to each other and the only thing the outside world saw was 2 and 1 exchanged between each user. As long as the outsider doesn't aquire each user's random number r (which the user throws away once a key is generated.) they cannot find that agreed key, x, without brute force trying every r. Of course p needs to be huge for this to work. BTW, look up modulo arithmetic to compute a^b mod c without calculating the huge a^b.

    That's how a peer-to-peer network can send encryptions between two users without the middle person knowing or storing any public keys between the users. The only hitch is preventing man-in-the-middle attacks but that's another story.
  • You should be able to send 'dummy' encrypted messages to people. In other words the string 'DUMMY' followed by some random-length amount of random data, encrypted with the recipient's public key. Of course the recipient's MUA would be configured to silently discard all such messages. And somebody looking at the encrypted message en route could not tell whether it was a dummy or not.

    If you set up your mailreader to harvest addresses and public keys off the net and send a few dummy messages each day, it would be harder to find out which people you are sending real messages to. You could even send a dummy message several times a day to one particular address, like the police. Then if you really needed to contact the police, you could do so without eavesdroppers becoming suspicious.

    This isn't spam because it doesn't waste any of the recipient's time - only a small amount of bandwidth. If anything it increases the recipient's security because anyone trying to brute-force their mail or monitor who they are getting messages from will have to wade through all the dummies.
  • It would be better if the Java source were downloaded to your browser and then compiled locally. Your browser could check that the source really is unchanged from the 'source code' posted on Hushmail's site (which you keep locally). (In fact, when Java first came out I assumed that applets would be human-readable, like HTML and pretty much everything else on the Web.)

    Or you could check the binary class files - 'only run this applet if the class file matches file X' - but who is going to decompile the Java bytecode and check it does what it claims to do?
  • Try reading the article again. The message is only sent to the mail server if the recipient is not on-line. If the recipient is on-line, the message is delivered directly to the recipient.
  • Has there ever been any credible evidence that real life man-in-the-middle attacks have been used?

    If they were being used on a wide-spread basis, the PGP community would find out very quickly, considering how many of them exchange keys in person at conferences and such.

    Once such an attack is shown to be taking place, people will just come up with better key-distribution mechanisms.
  • Technical nipicks:

    Actually, PGP and GPG use a different symmetric key for each message as well. But they use the same private key every time to encrypt the symmetric key. There's two different systems being used...

    So if the bad guys crack BlowFish / 3DES / TwoFish, (the symmetric algorithm) they only have the one message. But if they crack RSA / ElGamel, (the public/private algorithm) then they have your private key and can read all messages sent to you.

    You are right about the self-destruct feature though. There's no way that can be made to work in a totally secure way - the message recipient can always do whatever insecure thing they want with it - like printing it and sticking it in a filing cabinet.

    Torrey Hoffman (Azog)
  • Ok as many have pointed out, this is not anything terribly unique or new, just a new twist on old ideas. PGP + IRC&DCC etc, etc works just as well... but one thing to think about...

    At least with this software/service coming out and getting some press on a more mainstream site (which might also get picked up by print) it helps illustrate some of the problems with the entire carnivore deal to a wider population. Now even more people will realize that services exist to bypass carnivore, so what REAL use is it for the FBI to bother with it's deployment anyway. Ok so they wont fully understand that there have been good, usable ways of bypassing prying eyes (whoever's) for a long time. For that I am glad CNET and this company did the article.
  • 20b9 71cf 257b d629 e8fc 4714 2784 b534 116d bf82 fe0f 3527 4430 8b07 c88a 9fc9 9e44 01fa fadc d18c ee99 b60c 6d8f c7f3 6dcf 8796 2195 9101 7d28 7d21 e19b d76e b965 2cf6 caa6

    Look, Ma, I threw away the key!

    Of course, everyone in England who has this message in their browser cache when they're searched is required to provide the decryption key.

  • Hushmail can only send encrypted email to other Hushmail users (and NO Hushmail users are on Macs, because it doesn't WORK on a Mac). I'd much rather use Lokmail [lokmail.net] which does PGP over SSL. They're two different approaches, and I prefer the interoperability with PGP users ..

    Of course, PGP (GnuPG) is the best, but if you can't use it for some reason, I think Lokmail is the next best thing.

    Bruce Schneier gave a pretty lukewarm review of Hushmail, by the way... there's no telling where that applet came from.
  • One problem is that since most people don't already use encryption, they won't be able to read encrypted emails and actually going out of your way to swap keys will carry the "paranoid nerd" label.

    If people could just select "secure emails" when installing and never really see the process after that then they'd use it, but it would have to transparently send non-encrypted emails to people without encryption.

    One approach would be to have some flag set in the header of each email to show that you had a security capable emailer, so that after the first email received from you the two email programs could silently exchange public keys and from then on any email sent between you would be automatically encrypted.

    In principle the keys would be susceptible to interception and replacement but it could get encryption into normal use. Also, any widespread effort to intercept and replace keys like this, or for that matter small scale use against catious/paranoid individuals would be bound to get noticed sooner or later so it should at lesat be more secure than what we have now.
  • What I meant is that the attention that Carnivore has focused on online privacy and surveillance are important, that's all -- so more people will think about and use encryption, and object to "trust us, we're from the government" type arguments.

    That's all. I'm not saying it was good to waste taxpayer money on such a boondoggle, and the "good for something" is a little bit like saying WWI was good because we got Aspirin out of it.

    timothy
  • well with the way my CPU fan keeps packing up it's getting like that anyway...

    Any excuse to get a new system :)

  • ...As technology advances and we use e-mail as our primary means of communication, the easiest way to defeat Carni-whore will be to use the telephone :)

    5 years after that the new recruits at the FBI will think Morse Code is some alien communications protocol...
  • That's what nymservers are for.

    Hmmm... I wanted to include a link to some nymserver information, but I can't find any more recent than 1998. Don't nymservers still exist?
  • Yes, they *could* implement a man-in-the-middle attack for any specific key exchange system, but people will notice man-in-the middle attacks when they move outside the system. Now, out side the system dose not mean physically transporting a floppy. It means using a data transfer procedure which carnivore would not know t intercept.

    This means a MitM attack aginst many people would be notice very quickly, but a MitM attack against only a few people would be hard to detect. If you are one of the few people who really should worry about MitM attacks then you should use a variety of ways to transport your keys and diff the results! We need the people they actually are watching to check for MitM attacks.
  • Since you're sending mail to the recipient, and you need it encrypted, you must trust them somewhat. At least their intentions. But perhaps not their technical skill; they don't understand swap files, that sort of thing.

    So you send them email in a format that makes it maliciously hard to let compromising information leak into the insecure enviroment (after all, the person could just blab, but you presumably trust them enough not to do that). So this doesn't decryt to file, it decrypts to screen. Likewise, the timeout features can be circumvented, but only be a malicious recipient. I actually can't think of a scenario where that would be necessary. Perhaps the person you are corresponding with will be exchanged with a new person, and you don't want them reading your past exchanges?

    Anyways, if what you are concerned with is deniablity, you need to not sign any messages. That is the only protection availible in the ever-forgable digital world. Perhaps that is what the company means by auto-shredding. Their server will no longer verify the sender of a message after it has timed out. That could be useful.

    Johan
  • Your example is perfectly correct. The format when using IP addresses is not @10.20.30.40 but @[10.20.30.40].
    Note the square brackets. This bypasses the DNS lookup, according to some RFC. I can't recall the number right now, but this has been reported to work on LIH ( http://lists.linux-india.org ). you could ckeck out the archives, if they have been restored by now.
  • Pegasus mail [usa.com] does this too, or at least something very, very similiar.

    From their page on encryption:

    Encryptor and security-related plugins for Pegasus Mail.

    This page lists locations for add-ons you can use to add encryption capabilities to, or enhance the security of Pegasus Mail for Windows.

    QDPGP Developed by Gerard Thomas, this is the premier 32-bit encryption plugin for Pegasus Mail, and the only one currently officially certified by the developer of Pegasus Mail itself. With support for all major versions of PGP and for a variety of other encryption and security concepts, QDPGP offers the most complete and well-integrated encryption component available for Pegasus Mail. Requires any 32-bit version of Pegasus Mail v3.0 or later.

    PGP-JN Developed by John Navas, this module provides support for PGP v2.6 for the 16-bit version of Pegasus Mail.

    PMPGP Created by Michael in der Wiesche, PMPGP provides an alternative to QDPGP for 32-bit versions of Pegasus Mail, with excellent support for the full gamut of PGP functions, and an optional interface and documentation in German.
  • i accept the correction. I just checked it, and you're right, it wont do @ipnumber. However, the rest of my arguement that running pgp should make others seeing the message largely irrelevant. that's the point of it.
  • but cant anyone just run an smtp server? does username@ipnumber not work as an address? I figured that it does, as it would only look at mx records if its user@hostname.

    That sounds pretty peer to peer to me. Besides, as long as it's done using pgp, or gpg, or 3des (altho then you'd lose the public key advantage of signing), or whatever, it's unlikely that anyone is going to be able to decode it without the key. I wouldnt be too worried about sending an encoded message via normal smtp channels. If it's routed thru the internet, something listenin to packets in the right place will see it. Sending it thru ftp or some proprietary system just sounds like obscurity.
  • This is not meant as flame bait.

    This system can't work. It protects the contents of your message, but it doesn't hide the fact that a communication between you and another party took place.

    In other words, it doesn't protect privacy.

    Most of the time, the important thing to know is that a communication took place, even if you don't know the contents. If you suspect someone of illegal activity (or simply want access to someone's confidential information) and that person sends a mail with SafeMessage, you can know where that message was sent (the protocol is probably easily identifiable) thanks to the peer to peer connection. So the next thing to do is to either break in the recepient's computer or use much more sophisticated equipement so spy on the recipient (you know where he lives, so you're all set if you're a governement agency).

    The government is probably going to laugh at that one.

    I'm really not impressed.

    Plus why are they insisting on the peer to peer thing? All traffic will still go through an ISP.
  • The FBI would still know who you were communicating with, if not once. Bouncing your mail through an an anonymous remailer chain (Still encrypted to the recipient's key with PGP, too) would prevent even that.
  • Yah, as I've said, you need to use anonymous remailers to obscure WHO the mail was sent to for a truly private message.

    And ideally your guy on the remote end won't save your message -- just decrypt it in memory, read, it and flush it.

  • The average citizen is starting to realize that using encryption for mail is a good idea. I'd rather like my bank to be able to correspond with me via PGP encrypted mail, too, but that's not going to happen anytime soon.

    Of course, between PGP and anonymous remailers, you've had the ability to obscure your mail transactions for years now. If you don't want them to even know who you're sending mail to, blast a message through a chain of remailers, and always encrypt your mail to the recipient's key as well. Not that Joe Average Citizen would go to the effort to do this, even if his mailer incorporated support for all that.

    I've been using the VM mailer with mailcrypt lately, and it does incorporate support for all that. I hope that Evolution does, too.

  • If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on,"...

    That problem can easily be solved. Just start each message with a certain keyprase, or, even better, a pseudorandom number. Both people would share the seed, and, after that, the message would start with something like <distance from seed><number> (Distance from seed is how many numbers must be generated before this one.) Any message where the distance from the seed is the same as from a previous message from that sender will be rejected.

    This makes it so that if one message is cracked, the person in the middle still couldn't pretend to be one of the people cummunicating. It would also be impossible to brute-force without first seeing a few million emails. Also, the seed would be easy for someone to remember.


    -----
  • I don't need to read anything again. There is a chance their server will have to store the message.

    Further, and as everyone knows, the message will STILL have to go through a dozen routers between peer 1 and peer 2, so their whole damn plan falls to the ground.

    I stand by my statement. This scheme is stupid.

    Rich...

  • Ummm, the email is still going through THEIR server, so what is to keep the FBI from getting a court-order to put Carnivore on this company's (AbsoluteFuture.com) server?

    Someone please explain to me how this is any different or any better than the Public-Key systems they I'm using right now?

    Does it matter how many servers the encrypted message goes through when you're using military grade encryption like GPG employs? I think not.

    Do we even KNOW what ciphers this company is going to use? And since they'll probably close the source code can we be sure it's secure? No, probably not.

    This silly idea sounds like they're going after people who don't actually use encryption now and will be impressed with the SOUND of this idea. When in reality they'd be better off running GPG or PGP.

    Rich...

  • I think X said it best in #50 [slashdot.org] -- this is secure, direct instant messaging but the information still goes through many routers on its way to its destination, so comeone could still capture it.

    If you really want true secure communication methods, you can:

    1. Distribute bits of your communication through IM, e-mail, FTP, HTTP, snail mail, sky-writing, etc.
    2. Use quantum entanglement
    3. Work for the FBI
    4. Make up your own language
    5. Use telepathy with those you wish to contact
    6. Refuse to communicate, thus, nothing will be intercepted
    7. Communicate only with the voices in your head
    8. #8 was an example of secure communications
    9. See CueCat Encryption [slashdot.org]
  • The problem (according to them) isn't with the content not being secure, but with the server logs showing that an email took place. Apparently that in itself is reason enough for people to use proprietary software.
  • I'm sure you understand the irony of your statement. How the software reportedly works is that you need the software to decrypt the message, and the sender (read: not you) has the power to destroy the message after a certain time. So I'm sure the program has also disabled cut & paste. Does anyone else see the similarity with this and the Content Scrambling System used on DVDs? It's about making sure people use proprietary software so that the software can then control the content.
  • But they'll setup this server instead. Would it really be that hard to setup a competing program that's just a mail server?
  • Because this is proprietary software. Anything that is controlled by proprietary software is "obviously" secure.
  • While nice, this is not revolutionary. The other machine which you communicate needs to be on and you need to know the IP address. Traditional email uses a store-and-forward technique where the receiver machine doesn't need to be on and connected. Netcat with encryption (see CryptCat which is currently linked by /. from the SecurityFocus sidebar) will do the same thing. As will any number of other techniques. This is elementary and isn't even a blip on the screen unless you're clueless. Not that there aren't a lot of people who are in that category and see this as a new "threat".
  • "but cant anyone just run an smtp server? does username@ipnumber not work as an address? I figured that it does, as it would only look at mx records if its user@hostname. "

    Lets try the first one:
    Yes, anyone can run an SMTP server. Many ISPs do block the outgoing traffic though. If you are fortunate enough to have one that does not, then your SMTP host will send mail, but not receive it. You can convince your SMTP server to pretend to be whatever host you want it to be. You too can send mail and pretend to be CmdrTaco@slashdot.org! You will not be able to receive mail though.

    The format username@hostname.domain.tld is the only form that works. When you send mail, the SMTP server is going to use DNS to resolve the name. A request will be send to hostname.domain.tld asking for the mail server's IP address. Then, the mail will be sent on its way to that IP, the mail server. If you put in an IP address such as 10.20.30.40, then your mail server is going to try and look for the tld 40, domain 30, subdomain 20, host 10.

    Do I have this correct? Did I leave anything out? Someone correct me if I am wrong!

  • Oops, I just realized that while "dot-coms" are intended to make money, they do not. Thus this is probably really stupid and completely worthless. Go back to IRC.
    ---
  • Woah.. AOL 7 is out? Where's my CD?!
    ---
  • Good point. It's very rare to see a government like that of Switzerland that actually encourages its people to use encryption, especially businesses. If only our (USA) government cared about its citizens as much...
  • Sadly, Carnivore is but the one way the FBI and government can fight the horrors of underground radicalism and rebellion that circulate vastly through the World Wide Web. Any large country intent on maintaining order and safety for its citizens will have to rely on surveilance means in order to have accurate information for protection. In order that American safety is not compromised by vast underground efforts such as those advocated by the radicalist handbook known as the Anarchist's Cookbook and others, Internet sites, and the World Wide Web as a whole, must be monitored.

    The correspondance between peers, while always valued, has never been 100% private. Aside from the eyes of God, carrier services such as the Postal Service and the Pony Express have always engaged in careful monitoring of their mail in order to spot potential threats to the nations security. As a rational, intelligent, law abiding citizen, I see no reason why I should find myself at risk. For those of you here who would like to refer to yourself as anarchists, I do not really think you understand what is going on. If you choose to portray yourself in an image designed to attract attention and nothing more, you must come to terms with the negative ramifications of doing so. Authorities need information to enforce the laws properly, and if you choose to stand in their way for the sake of image, I fail to sympathize with your plight.

    And if you say that there is no need for survelience, take a look around yourself. The whole piracy and "warez" movement started by Napster is fast becoming a dangerous counterculture that violates the American dream of capitalism and the important Protestant Work Ethic ideal noted by Charles Beard. Militant anarchist groups promoting terrorism are spreading like wildfire through the many data centers of the World Wide Web. How do you think people like Timothy McVeigh and Richard Jewell and Eric Rudolph gathered information and conspired the plans for their attacks? Violent hatred groups such as the Black Panthers are promoting their immoral bigot messages through online propaganda. Even the very economic and social sanctity of our country is being threatened by the powerful new Jew conspiracy that has extended its control of the media to our digital network world. Do you really think these groups are harmless and deserve to be protected?

    Sadly, Slashdot is gravely mistaken on its stance on online monitoring. The Internet, E-Mail, FTP, and such are all vital components of the World Wide Web that are in danger of succumbing to underground anarchist terrorism. And personally, I'd rather have one law-abiding government serviceman peek upon my E-Mails than be let loose in an uncharted sea of dangerous collusion and corruption in order that a few devoted computer users may talk privately about their emotionally devoid lives.

  • Just don't get caught with a link to SafeMessage on your web page, or the FBI will sue you for circumventing their copyright protection.
  • As most of us already know, countries at war tend to engage in a weapon-countermeasure-countercountermeasure-etc. exchange. One builds a tank, the other builds anti-tank guns, hence the anti-missile tank, and then the anti-armor missile.

    What's interesting is that we now have an example of such a stand-off inside our own country, between its citizens and the government! Government monitors e-mail, citizens encrypt e-mail, etc... Not a good sign for the continuing solidity of our nation, I do believe.
    ---
  • If you look at the company's site for the SafeMessage product, www.safemessage.com [safemessage.com] , you will see that messages are designed to be auto-shredding and deleting with a sender-set expiration time. In addition, the messages can be protected from copying and printing as required. It appears to be designed to make useful interception of messages difficult at each stage in the process, including protection of the message contents after delivery. This makes it more than just a form of encrypted e-mail.
  • I go to a College where "freedom of speech" and "freedom of association" have very limited meanings. We are marked by the administration as being either "good" or "bad" and, based on this judgement, we are either supported in life after college or we're screwed (by them). I know quite well that trust in higher ups with virtually unlimited power can be misplaced but I also understand that sometimes there are dangers associated with technologies developed without keeping that kind of thing in mind (e.g., nuclear weapons). This, however, is not an argument against technology... it is an argument for the proper use of technology by those who use it.

    If the FBI is going to do its job, they need to be able to use wire taps and collect evidence. Encrypting email with techniques they can't crack prevents them from doing their job... which is fine. However we can be more certain that the people we have put in power are more likely to use their power for good than we can be certain of the people who take control by force. The good thing here is that now, if they want to continue invading our privacy, they will have to innovate and invest in the development of new technology to do so.

    Innovation is a good thing. Privacy is a good thing. But we need leaders we can trust to use our innovations properly and respect our privacy.

    If you think that's redundant then I give up.
    -Duke

  • Re:PGP over email isn't secure? (Score:3)

    by CaseyB ( 1105 ) on Friday September 22, 2000 @08:12PM (#760188)
    To: sales@gaspowereddildoes.com

    From: djtalon@subxxdimension.c

    -----BEGIN PGP MESSAGE-----
    Version: 2.6.2

    hIkDPRWysueuweUBA+YhW2K6n2PPnFOcZulHzNNdeJ8OxHX5Aq 3mbRKBlnogMjkD dr8wzb6yNk0QWxKyUSQUaoluaUKex/oEdXxXBCWLIXuKUebk/0 DEL4oMYwPsjekD edm/u8qrJ3CzWDePC4D5EOZ9COkog/02/l6abgt7XNPpJvmyAX +bnwzqVKYAAAC9 IlZteUKkvLyB+PaSu7HbN5VUvJ2VBMPwg7xePKtaKIHjtZyMG6 YNg/8qA7LbO4CE D9TwYiWdMTLovGVY2WleWBupeBMiAxtIqQT8IdwGSzzM8w8XWD nRfCVC2S3g9FRP cXm6WHriqbzq5NOHL8Q2dSWNFBp0ZHs1M/AAwtgnABMgMQXlTd do23q3Z+wg5xes N/rFoHp3g4EGbS9mz42cTOeQXGljMG2E1NAdDp3mUqRZLmfkko F2lMKbBFGW =2NpQ
    -----END PGP MESSAGE-----

    Would you be content an ISP employee viewing this perfectly well encrypted message as it passes through their servers?

  • PGP Webmail (Score:3)

    by Billy Donahue ( 29642 ) on Friday September 22, 2000 @06:22PM (#760189)
    Lokmail.net [lokmail.net] has a free webmail service which is PGP enabled. I don't know about y'all, but I like interoperability in my Carnivore busting..

    Anyway, since when is Carnivore busting such a big deal? I would suggest to anyone who can't use PGP directly for whatever reason to get a Lokmail account.

  • Re:Peer-to-Peer? (Score:3)

    by BMIComp ( 87596 ) on Friday September 22, 2000 @06:22PM (#760190)
    No, not necessarily.

    What they mean is, usually e-mail is sent through a client-server relationship. First, your e-mail client connects to your ISP's mail server which then sends the mail to the reciever's ISP mail server, which the recepient then reads with his/her e-mail client.

    In a server-client situation, the client always initiates the server to the connection. With a peer-to-peer relationship, either one can initiate the connection.

    Using a peer-to-peer setup would make e-mail more secure since Carnivore intercepts mail on the ISPs mail server, and this eliminates that middleman.

  • licq (Score:3)

    by Lord Ender ( 156273 ) on Friday September 22, 2000 @07:50PM (#760191) Homepage
    Licq has done RSA encryption when talking to other Licq clients for a while now. Which is one reason why it is WAY better than AOL's ICQ client. Licq has had this long before this new company, since ICQ communication is peer-to-peer (unless you send offline messages).

  • Power to the people (Score:3)

    by AlephNot ( 177467 ) on Friday September 22, 2000 @06:16PM (#760192)
    If nothing else, this will give Joe Ordinary a way to use a tool that's becoming incresingly necessary in a world incresingly dominated by groups like the MPAA. I've used PGP, and the learning curve is a bit too steep for many of the people who truly need it. To have an important tool is one thing; to make it readily usable by the masses is quite another, and I believe encrytion tools have suffered from this for far too long. After long last, widespread encryption is becoming more of a reality.

  • Hushmail had this a long time ago. (Score:4)

    by Azog ( 20907 ) on Friday September 22, 2000 @06:20PM (#760193) Homepage
    Hushmail [hushmail.com] has had secure, encrypted email for a long time now. It uses a Java applet to do the encryption in your browser, without having to download and install any application. The Java source is available for everyone to check for security holes. Hushmail never actually sees your private key. It looks pretty secure, overall - it's been around for a couple of years and I haven't heard of any holes in it.

    Bruce Schnier has even reviewed it. [counterpane.com] He has some problems with it, but there's no glaring security holes. Still, you're probably better off with GPG, storing your private key yourself.

    So SafeMessage is nothing new. Of course, the more the merrier. Everyone should use encryption all the time, and competition is a good thing.


    Torrey Hoffman (Azog)
  • Power in the hands of ordinary citizens which balances the power held by the government, this is the cornerstone of democracy.

    I can forsee a time when encryption becomes every bit as important as free speech or the right to bear arms are to holding the government in check.

    With things like the DMCA, Carnivore and other moves being made by the powers that be to undermine the power of the people, it is easy to get angry and discouraged. But then I see something like this and it reminds me that there are people out there willing to fight back. That not everyone has forgotten that the government derives its power from the consent of the governed and not the other way around.

    Lee

  • Why this is different from PGP/GPG (Score:4)

    by Gurlia ( 110988 ) on Friday September 22, 2000 @06:29PM (#760195)
    Apparently some people here are confusing this system as a similar one to PGP/GPG, so here goes...

    With PGP/GPG, you publish your public key and others use your public key to encrypt messages to you. The same key is used over and over again.

    With this scheme, apparently they are using a one-time encryption method: I would presume a random key is created during message sending time, and after the timeout, the message and the key is destroyed. Now suppose a 3DES key is produced for *each* message. That's going to be *very* hard for people to listen in, 'cos after cracking the key for the first message, they've gotten nowhere with the other messages.

    Of course, it's debatable whether this will actually increase the strength of the encryption in practice.

    And, as somebody else has said, there's nothing to stop the recipient from making copies of the decoding key and the message indefinitely. I presume the timeout is implemented in whatever client program they're selling -- but as we all know, any rules enforced by software (including timeout rules) are easily bypassed.

    So I'd say, the timeout factor isn't going to make too much of a difference, though the idea of using a different key for every message *might* make the encryption system stronger.
    ---

  • My two cents (Score:4)

    by fluxrad ( 125130 ) on Friday September 22, 2000 @06:24PM (#760196)
    I'd just like to say. I'm an international terrorists and i am VERY dissappointed in the US government for this whole carnivore deal.

    First off, i feel that my right to send plain-text email to my friends (such as mkhadafi@libya.com or carlos_the_jackal@internationalterrorism.co.uk) have been infringed by this "carnivore" program. Being that we have absolutely no other means of secure communications, like a phone session or even speaking face to face, my particular terrorist cell has been using email for quite some time now.

    Another problem that arizes with this email snooping stuff is our new-found inability to transfer bomb making instructions to one another. Obviously there is no other way to find out about how to make bombs, or even a nuclear weapon....it must be done by email.

    I guess i am angry, but i must congratulate the US...with carnivore it is obvious that the FBI has successfully eliminated any possibility of my compatriates and I actively engaging in anti-US terrorism.

    damn.


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network

  • PGP over email isn't secure? (Score:4)

    by talonyx ( 125221 ) on Friday September 22, 2000 @06:11PM (#760197)
    Since when is PGP via email less secure then over DCC or ICQ or FTP or any other 3 letter protocol?

    Carnivore doesn't brute-force PGP, does it? That would take a lot of work for the random chance of finding a keyword like "blow up the pentagon" or "al gore is an erectilly dysfunctional motherfucker".

    Seriously, folks, PGP is secure enough for now. Pretty Good Privacy. And lots of people use it. Good nuff for me and maybe later I'll use something else, but it will probably just be public/private key like with longer keys.

  • This isn't secure e-mail (Score:5)

    by X ( 1235 ) <x@xman.org> on Friday September 22, 2000 @06:46PM (#760198) Homepage Journal
    It's secure instant messaging, whether they realize it or not. It has all the draw backs and benefits of instant messaging as well (inefficient use of resources, instant delivery notification, doesn't work when they're off-line, etc.)

    The stupid thing though is the implication that just because this isn't going through an intermediary server it's more secure than PGP. What a crock! It's still going through a ton of routers, any of which could be copying the contents for analysis. Indeed, the way Carnivore, from what I know, doesn't so much scan the mail store as scan mail traffic. Heck, there are going to be roughly 10 copies of the message made before it gets read!

  • This is just useless.. (Score:5)

    by Sir_Winston ( 107378 ) on Friday September 22, 2000 @08:28PM (#760199)
    Not only is PGP or GPG good enough, but this new service really doesn't offer anything useful. Here are a few points to consider:

    First of all, peer-to-peer over the Internet isn't really peer-to-peer at all. It's very vulnerable to man-in-the-middle exploits, since by definition any packets going out over the Internet aren't headed straight for the recipient, they have to travel over an untrusted network first. At any point along this network, a third party could insinuate himself between you and the recipient--particularly if that third party is a law enforcement or intelligence agency, since companies which own the Internet infrastructure are legally required to help such organizations. Since the data is encrypted, this may or may not be a threat depending on the strength of the implementation and upon the ability of the sender and recipient not to be socially engineered into giving out compromising information. If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on," then either you'll be communicating with the third party in readable fashion from now on, or you'll have to stop communicating anything confidential at all. Since a passphrase has to be suitably complex to be useful, the same attack is useful against shared-key crypto. I don't see how this new system could overcome this flaw at all.

    Secondly, the biggest security flaw in communicating via the Net is usually whether you should trust the person at the other end or not. Many of the people we correspond or transact with over the Net are people we've never met IRL, and therein lies the problem. We have no way of knowing if the person we just started communicating with is really a fellow subversive who'll come and help with the demonstrations against the IMF we're planning, or whether he's LEA. Peer-to-peer messaging is therefore useless in real-life applications.

    In fact, peer-to-peer messaging is perhaps actively dangerous. It provides a direct record that a given IP address communicated with this other given IP address at a particular time. Therefore, if your recipient is really an enemy, he now has a record of your IP communicating with him. Even though the message under this system is supposedly encrypted all the time and destroyed after a set period, this means nothing: your recipient's eyes have to see it at some point, so he can just as easily do a screen grab or if that's not possible take photographs of the text. Yes, IPs can be spoofed of course, but it's harder to do in peer-to-peer communications, and you'll still probably leave a trail of logs.

    Contrast this with anonymizing forms of communication. Properly anonymized through use of remailers or remailers in combination with m2n gateways, or through services such as ZKS Freedom (if it can be trusted--who knows?), it doesn't matter if there's a man-in-the-middle, nor does it matter if your recipient is trusted or untrusted. If you leave no trail, you're safe, untraceable therefore untouchable. Peer-to-peer is the opposite of this, and very useless in the real world. PGP your message and send it via Freedom or a remailer chain, and you're golden. Of course, the best way to assure your protection is to run a public remailer yourself--that way you can be sure that at least one remailer in your chain will forward no previous headers and keep no logs. Then, you have absolute deniability even if traffic analysis hints at your involvement with the message in question--aside from which, remailers often pad messages, send out bogus messages, and use delays between receipt and sending of messages to thwart traffic analysis.

    The ultimate way to communicate privately is to use the above suggestions and also divorce recipient e-mail messages from the game entirely once communications have been established. Use a m2n gateway at the end of your remailer chain, to post the PGP'd message to USENET. Either use alt.anonymous.messages with a predetermined heading, or use an empty or spam group. By using a nym with the reply block pointed to a given news group, you can allow people to communicate with you just as if they were e-mailing a real e-mail address, which eases first contacts with people not used to security.

    In other words, peer-to-peer isn't a step forward, it's a step back. It's inherently insecure. The only secure communication is insulated communication, with several layers between sender and recipient. Personally, I'd love to see a company or group of hackers put together easy-to-use software to allow for this sort of anonymous communication, rather than the false security of direct peer-to-peer. Imagine if everyone with a cable or DSL connection (it takes some bandwidth and uptime to be a remailer) who wanted secure communications could just download a simple piece of software which sends anonymous messages for them and also acts as a remailer itself. Imagine a Gnutella-like network for remailing anonymous PGP'd messages and possibly posting them through news gateways to a group like alt.PGPtella.messages. If you made it easy to use, we could have truly private and secure communications in the hands of the people, and Carnivore and other spyware would be useless. For my ideas on how to make a network such as this work, read my musings about what Gnutella should have done and how to replace Napster here. [slashdot.org] The concept in that post which I think is applicable here is the idea about "regional servers," only in a remailer-type system instead of a file sharing system the "regional servers" would be mostly for finding IPs of connected machines to route through and for establishing initial connections to the network, although you could make this user0definable in case you know a trusted party on the network. All messages in such a system would be PGPd from each hop to the next, with "regional servers" promoted by the software itself based on uptime and other factors, and unlike with the current remailer system you needn't manually choose each hop along the route--the software could be let to do that, and if the next hop along the route that has been chosen has gone offline, the remailer stuck with the message would forward it to a random hop which is online. Currently, the remailer system is sometimes unreliable, but a new system like this could solve reliability issues. And, as I said, since every user of the system would be a remailer as well as a potential sender, there's absolute deniability: "Sorry, Secret Service guy, you may have traced the message back this far but I'm afraid my machine doesn't keep logs after a day. No, the logs aren't recoverable because they're securely overwritten after the specified period, with no possibility for recovery. I didn't send it and I don't know who did; feel free to look at the computer running the software." All your personal info can be encrypted with something like Scramdisk or the Encrypted File System, just in case the men-in-black do decide to take a look at your box(es).

    Anyway, I think I've adequately described my distaste for direct peer-to-peer communications like this product.

  • Re:This is just useless.. (Score:5)

    by Sir_Winston ( 107378 ) on Saturday September 23, 2000 @12:48AM (#760200)
    This is why I said "run a public remailer" instead of just "run a remailer." Anyone can download and configure the standard remailer software, but naturally that doesn't make you a real remailer. However, it doesn't take a lot of effort to advertise a remailer--almost all serious users of remailers read a few basic forums, such as alt.privacy.anon-server. If you make "the big announcement" in such places, and prove yourself to have consistent uptime and reliability, you'll probably start getting hundreds or even thousands of messages a week within about a month or two--if you're reliable. If however you're offline and unavailable too much, or if your stats are flaky, no one will use you.

    In deciding what remailers to use, people go on two things--reputation of the operator, and reliability statistics. Operate a reliable service and post in the right places, maybe join the remops mailing list, and you'll have absolutely no problem getting people to use your service and hence have complete deniability.

    But in any event I suggested something even more important later in my post--that if someone would write an easy-to-use application for sending and relaying anonymous, encrypted e-mail, something simple enough for everyone to use, along the principles I outlined, then the public would beat a path to your door. Imagine if running a remailer and sending anonymous email through it were as simple as installing a Napster or Gnutella client--with thousands of nodes sending encrypted communications to each other, through randomized paths chosen by algorithms in the software, traffic analysis of any kind would be useless and anonymity would be guaranteed.

    The problem is, no one has even tried such a thing. If half the effort put into Gnutella and Freenet were put into such a project, it would happen and quite quickly. It'd be one of the top downloads on Download.com and Tucows. But, among the several reasons this hasn't happened are the fear of having widespread easy-enough-for-anyone anonymous email, since it could be used by criminals and even worse abused by spammers. There's a reason that remailers are notoriously difficult to use: the people who code the software to run them and interface with them are the same kinds of people who are remops themselves, and they fear being used for spam or kiddy porn since that could get them visits from the fuzz. What they fail to realize is that a properly redesigned system of remailers with a clean and easy software interface which requires all clients to be servers as well, all traffic to be encrypted from node to node with a different key and padded to a different size, and other basic precautions, would get so many users as to make any visits from the men in suits useless. The same sorts of people who install Napster to get music and Gnutella for file sharing would install this program for private e-mail. There would be too many nodes and too much traffic to trace anything, and if they did trace parts of a path back to a particular node they'd contact the user and in all likelihood get some guy who has no idea what they're talking about because he's just an average user who wanted to send private mail. If all the data is never stored unencrypted, then the men in suits wouldn't even have any excuse to examine that Joe User's computer. It all comes down to designing the system well, and if it's designed well, it would become ubiquitous and impossible to stop or trace.

    The only bad side effect of this would be increased possibilities for spamming, but since almost all spam is commercially motivated the senders are known. It would perhaps even be a good thing if a system like this were implemented and spamming skyrocketed, because it would spur on anti-spamming legislation which, without a big crisis, simply isn't going to happen thanks to Congress' own "commercial interests." The ultimate effect of such legislation, which as I said will probably only happen if spamming does skyrocket, would be to make spamming far smaller than it is now since the risks of severe criminal and civil penalties would outweigh the potential benefits.

    But, I digress...

Slashdot Top Deals

"Little else matters than to write good code." -- Karl Lehenbauer

Close