
Open Sourcers Pitch Secure Email in Dark Age of PRISM - rajbala
http://www.wired.com/wiredenterprise/2013/08/mailpile/
======
StavrosK
We don't need encrypted email so much, we need decentralized email servers
with TLS enabled. I have half a mind to launch a service that will take a root
password of a newly-created cloud server you own, set up a properly-configured
IMAP and SMTP server and hand you the keys.

I am of the opinion that that will do more about email privacy than GPG (as
long as you trust your hosting provider, at least).

------
dkersten
I was thinking about a system that combined these three properties:

    
    
        + Anonymous
        + Distributed
        + Encrypted
    

For anonymous, I was thinking that the service would be accessible only
through Tor or i2p, so that neither the sender nor the receiver can be found
out by tracing the message.

For distributed, I was thinking that the mail system would essentially be a
freesites-style distributed hash table where the mail address (or a hash
thereof) would act as the key. The mail or parts of the mail would be stored
multiple times across many clients to eliminate single points of failure.
Perhaps a TTL system would prevent old mails from filling up everyone's space.

Finally, the encrypted would be achieved by having the mail address act as the
public key (or at least, the mail address is a key to a distributed KV store
that contains the public key). This way, before anonymously sending the
message to the various distributed hash table buckets, it gets encrypted so
only the desired recipient can read it.

It seems like it should be possible to build this from already existing
technologies without _thaaaat_ much trouble, though I haven't actually done
anything about it.

Of course, getting people to use this would be another story ;-) and I guess
people would want contacts lists, archives and so on.

~~~
dhotson
I'd also add that you want to encrypt the metadata of the message. As we've
seen, the from/to address metadata is often as revealing as the content.

How can you build a messaging system where the delivery service doesn't know
where to deliver something?

~~~
dkersten
I had some ideas about how to address this:

The return address is contained inside the encrypted portion of the message so
only the recipient can see which address sent the message. The message should
also be cryptographically signed with the senders private key so that the
sender can be verified.

Next, the DHT key would likely be a hash of the recipients address so it would
be difficult or impossible to determine who the messages in a specific bucket
belongs to. Also since the service would only be accessed through tor or i2p,
the actual sender and receiver would be hidden. Obviously the recipient
address (or rather DHT key) must be known so that the message can go to the
right place.

Also obviously anyone can technically retrieve anyone else's messages but
since they are encrypted this shouldn't matter.

------
pjungwir
It will be hard to make Mailpile user-friendly when you have to install it
yourself on your own cloud server. But particularly with the end of free
Google Apps accounts, I wonder if there is an opportunity here, either as
something end-users can install themselves _or_ as something mom-and-pop
shared hosting companies can offer instead of their current always-awful
webmail. Maybe you could even build a business around an encrypted webmail
tool you license to shared hosting providers.

If Mailpile or someone else is going to be self-installed, I'd love to see it
built as PHP. (Looks like Python right now.) As much as I refuse to develop in
PHP, that seems like the only way to make installation as easy and ubiquitous
as Wordpress, which should be the goal.

(I realize that either Mailpile or my own suggestion---or anything hosted on
someone else's hardware---is vulnerable to someone reading the data right out
of RAM, but it seems like their goal is to evade snooping not by building a
100% secure system, but by making it easy and affordable for everyone to have
their own email server, so that government surveillance has too many targets
to be practical.)

~~~
HerraBRE
Our goal is to create something you install on your desktop or laptop. Think
Thunderbird, not Squirrelmail. We do happen to be using web tech for the UI,
but that doesn't mean it has to live in the cloud.

~~~
pjungwir
Well that's even better. :-)

I'd love to see you guys pull this off. Best of luck to you.

------
prezjordan
"Public Understanding of Science" has been a big issue for several decades
(maybe even longer?), but I think we'll see progress towards "Public
Understand of Cryptography," or at least I hope so :)

It goes deeper than just using some PGP client. You need to understand how it
works, to be sure that the bits coming out of your network are encrypted, and
only you and Alice know how to decrypt them.

~~~
schoen
I've been working a little bit on cryptography education issues and so have a
number of people I know, but now I'm reminded of Lancelot Hogben's books
"Mathematics for the Million" and "Science for the Citizen". Maybe someone
will create their equivalents for cryptography!

"Cryptography for the 2⁶⁴"?

------
lwhalen
Open Sourcers - is verbing a thing now? Why not 'Open Sourcerers', or 'Open
Sourcists'?

~~~
mpyne
Are you seriously confused as to whether verbing is a thing? It's _been_ a
thing for a long time now. ;)

~~~
lwhalen
Haha, not at all. I was just looking for an excuse to post 'Open Sourcerers'.
Regardless, to quote Calvin (of '& Hobbes' fame), "Verbing weirds language".

------
7mediaws
I for one am looking forward to seeing how this project progresses. Maybe it
can become another alternative within web hosting panels?

------
zokier
Mailpile seems to get a lot of press if nothing else. I hope their engineers
are as good as their marketing department.

~~~
AnthonBerg
I can tell you that there is no marketing department. They are engineers first
and foremost. Check out Bjarni Einarsson's online OSS projects (which are not
all he's done).

~~~
HerraBRE
I can confirm we have no marketing department, it's just three geeks with a
Twitter account. We are getting press because people think it's an interesting
project and because privacy on-line is a hot topic right now.

------
oldmanjoe
Added my 2 cents..

