
LookingGlass – A distributed, forward-secure platform with pseudonymous email - occult
https://lookingglass.email/
======
Canada
It's email transported and authenticated using combination of Tor, Axolotl,
and socialist millionaire. Unfortunately:

> LookingGlass is meant to be run on a local, headless (without monitor),
> always-on computer. Installation consists of copying a disk image to an SD
> card, inserting that into a Raspberry Pi, and plugging it into your local
> network (preferably behind a router).

Appliance designs such as this have 0 chance of gaining significant use.

The author should consider rolling this solution into software packages that
run on operating systems people actually have.

~~~
stabilo
"Unfortunately..."

Can you be more specific? Irrespective of this project and its goals, I agree
with the installation approach.

What is the impassable step?

Purchasing a RPi?

Using a program to copy an image to an SD Card? What if SD Cards with the
image pre-installed were also available?

The RPi stays on unless someone unplugs it, so I trust that no one is going to
claim "always on" is an issue. It does not even have a reset button like most
consumer routers.

Setting up consumer routers involves plugging into a local network so I cannot
imagine that is an issue either.

So what is it?

This image is a whopping 1GB and there is no link to source code. Without
source code this is all but worthless. However I agree 100% with the
distribution and installation method.

All computers, including routers, should boot from removable media. And users
should get to choose what OS they run. Control. Who has it? Users have very
little and what they have is continually being eroded.

If users want more control over what internet companies are allowed to do,
then this is the way forward.

What do others think?

~~~
Canada
The author of this project notes, "Freenet is stillborn."

I agree. And it's pretty obvious the reason why is that Freenet presents
itself as a web server. Any privacy project packaged as a web app is doomed.
The local web app is a shitty interface. If Freenet had an interface more like
Bittorrent, its fate may have been different.

There is a market for appliances sporting web interfaces, but that's only
because it's the cheapest way to have a graphical interface that's cross
platform. Only technical people use such things, and even they have to want
the benefits of the appliance pretty badly to put up with the hassle of
deployment. The average consumer will never touch that crap, and I don't blame
them.

You mention consumer routers. Yes, those are appliances with web interfaces.
But the benefit of deploying one is ACCESS TO THE INTERNET! That's a pretty
compelling reason. Even if LookingGlass was sold pre-configured like a router,
it's not even close to compelling enough to gain traction.

Besides how inconvenient the web appliance is to use, it's also pretty weak
from a security perspective. You want to have all the encryption happening as
close to the endpoints as possible. To reduce attack surface it's also best
that the architecture is as simple as possible, with minimal dependencies. The
LookingGlass approach follows neither of those best practices. The project
even recommends deployment behind a firewall.

I don't want to shit on LookingGlass here. I haven't looked too hard at it and
I support any experimentation with new protocol ideas in this space.

It's just that to be successful it needs to be natively written for every
platform, especially the mobile ones. Making the core implementation portable
by using C or C++ is acceptable. Just getting it going on Linux and asking
users to run a server - especially a physical server - is totally not.

~~~
occult
These are good points. I feel the same way as another poster who commented
that the maintainer is going after the raspberry pi crowd so during this
nascent phase only the techie "masses" are going to use such a thing. Frankly,
I see a lot of issues with this project but if the fundamentals were solid I
could imagine overlooking them to bring it closer to the broader community
space. I suppose if I were a Chinese dissident I might have a compelling
reason to go for a turn-key solution but previous commenters nailed it that
this thing requires too much trust to be more than an experiment. If I were to
run it on a pi I'd be prepared to ditch the pi and attach it only to some open
wi-fi network.

------
huhtenberg
That's an unfortunate name selection, because of this -
[https://en.wikipedia.org/wiki/Looking_Glass_server](https://en.wikipedia.org/wiki/Looking_Glass_server)
\- an integral part of the Internet routing infrastructure.

E.g. [http://lg.he.net](http://lg.he.net)

~~~
jwcrux
Or the cyber security company LookingGlass[1]

[1] [https://lgscout.com/](https://lgscout.com/)

~~~
imglorp
As well as the airborne apocalypse command post:
[https://en.wikipedia.org/wiki/Looking_Glass_(airplane)](https://en.wikipedia.org/wiki/Looking_Glass_\(airplane\))

------
dsr_
I don't understand how burn-on-view is supposed to work. In my world, if you
can see something, you can copy it. (Analog hole, clipboard, screenshot...)

~~~
oceanofsolaris
I think the idea is that it does not promise that the email will necessarily
be deleted, but that it can be securely deleted (by forgetting the key for it)
such that it can not be recovered later by compromising the users computer. So
if I understand this correctly, it is synonymous with forward secrecy.

~~~
e12e
That's my interpretation as well. It might be a bit of a stretch to label it
as a "forward-secure platform", as you can't know anything about what the
receiver will do with the mail/(session)keys.

As a _general system_ , I don't really see the attraction of forward secrecy
for asynchronous, "email-like", communication -- I'm sure I'm not the only one
that likes having a record of things I've said, or things others have said to
me (good ideas, tips about everything from food to trips, not to mention the
general "letter"-type things -- the stuff that can partially make up for not
keeping a diary etc). The danger of being convicted for plotting to kill the
president based on the contents of digital letters must be balanced against
the historic value of having such records available for further students of
history, so to speak.

But it just occurred to me that a system like looking glass could easily
accommodate both: have the system automatically archive a copy of incoming and
outgoing email, both encrypted to the (gpg-)key belong to the system owner.
Such a system might retain "cryptological" plausible deny-ability (the owner,
having the key, could fabricate a fake archive) -- but it would probably loose
any "legal" equivalent. (eg: anyone can fake their browser history log files,
but they're still used as evidence etc).

It would be easy to automate what should be archived, and it would also remain
possible to shred certain things from the archive, if wanted. It might even be
possible to store an archive in a git-like fashion, so that it will be easy to
see if something had been deleted -- while hard to prove that a certain
deleted plain-text was _what_ was deleted.

[ed: to add: To misquote a common Internet meme: "I don't _always_ plan a
revolution, but when I do, I use a forward-secure platform". But I mostly
don't plan revolutions.]

------
occult
For anyone interested the source code is here:

[https://github.com/last-box/LookingGlass](https://github.com/last-
box/LookingGlass)

Also, there's a subreddit here.

[https://github.com/last-box/LookingGlass](https://github.com/last-
box/LookingGlass)

There's a TOR-based IRC and Forum system too.

------
betimsl
I tried to download the RPi image, but; how can I trust 10+ GB worth of
software not to have some kind of flaw?

~~~
occult
Good point. I had exactly the same thought. There's no way I'm downloading and
installing anything off random darkweb site. I might build it myself and see
how that goes but there's certainly still risk for sure. A more vibrant
community built around software like this would provide a greater level of
comfort, not to mention an independent security audit. Certainly anyone
seeking to help this project might start with solving this important problem.
I'll be putting some thought into it.

------
zokier
Sounds a lot like agl's Pond, but of course that is not a bad place to draw
inspiration from. Anyone able to outline the main differences?

~~~
occult
Looks like the maintainer posted a comparison to Pond a while back on reddit
here:

[https://www.reddit.com/r/DarkNetMarkets/comments/2zp1c9/opse...](https://www.reddit.com/r/DarkNetMarkets/comments/2zp1c9/opseccomputer_lookingglass_privacy_appliance/)

