[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
From: george torwell <bpmcontrol@xxxxxxxxx>
Date: Sun, 18 Nov 2012 16:19:58 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 18 Nov 2012 16:20:10 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=S85TWd6xkLP+vzX2phkK8J5H2kijC0OeIOXXxd7Co90=; b=DeA/mxriedYx0+AXp4BbkAkr2n/KuDCDyKbizNhoSkKUbUaCGjerdMMbUaFpQLnqlW 04U+Y9b5lU04aWNa0L06jKAgtzLu3WK0/vXHmhPZhR9ph/VTUUmKDnU5bZfpqpELCZ8u O/MiB4eRBAxzdspeEj5DWuj9Q46881om6oRorQRBI991pvo6KOszTtrquEO1E7w+oy4x 7fHOtuWDig7KLBi0a9joqjU6sZt0pLwBBeRVHyt88yefkCW9SOGzHldWmQOz6+Rz3mB0 EqdmjJutSvSLntpmTZL08qnev7HVha9Lcx37+v78G2hbTQf+Yz2ncSZtOOVuGbCtaOMH K3uQ==
In-reply-to: <20121118200736.63979f87@numenor>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAB0qP14eyJtfwD+jCCrj5WnQkjzh1C=oY-Ci1yTnTkBvUmzqjg@xxxxxxxxxxxxxx> <20121117174112.36bc1e00@numenor> <20121118085020.GB7460@loar> <20121118200736.63979f87@numenor>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

true, but looking at the massive amounts of government's requests from say,
google for inbox content.
i would say that storing your own mail will help a lot.
of course, i don't know the true magnitude of interceptions, and encryption
is a must to hide content.
but it seems to me that practically, to make it harder to intercept
metadata like who is mailing who,
(which, in case of political dissent really is all the government needs to
know.
since that if i talk to a known activist, i should probably be
interrogated.)
a personal mail server can help.

its not perfect, but so far the overhead of such a server doesnt seem too
high to be worth it.
plus, once its working well, i can expand it to say 200 people easily.

if every one of 200 citizens would do that, we would get such decentralized
mail
that it will probably require intercepting a lot more. rather than a single
'national security letter' from an agent.

lets poke big brother in the eye :)

On 18 November 2012 15:07, Julian Yon <julian@xxxxxxxxxx> wrote:

> On Sun, 18 Nov 2012 09:50:20 +0100
> Jérémy Bobbio <lunar@xxxxxxxxxx> wrote:
>
> > With Postfix and probably other mail servers, you can configure a
> > per server TLS policy. You can make sure that the communication with
> > SMTP servers used by your peers is properly encrypted (and not
> > MITM'ed). It makes interception a lot harder.
> >
> > And you can be sure that what you receive in your mailbox will not be
> > harvested for data collection. Unfortunately, you are never alone:
> > this also depends on the server used to send the email...
>
> i.e. you can't actually be sure of anything. Unless you control every
> link from sender to your server, you should assume your message can
> be (or even has been) intercepted. So your peers encrypt their
> traffic to you; doesn't mean that traffic to them was encrypted,
> nor does it mean that plaintext messages can't be plucked straight from
> their queues. While you gain the possibility to control your own
> storage, you don't control anything that any intermediaries (or
> those watching your intermediaries) store. This massively limits your
> advantage, while you have to deal with all the headaches that come with
> running a mail server.
>
> It worries me that this point isn't better understood. It's the same
> faulty reasoning that leads to people wanting 1-hop Tor routes.
> Control of your end and trusting the other end is not enough. Do you
> gain something? Technically yes. Is it enough to phase your
> adversaries? Almost certainly not. Having a fully anonymised mail
> service would be of benefit, but just running your own server doesn't
> even come close to providing adequate security, because SMTP *is
> insecure by design*.
>
>
> Julian
>
> --
> 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012@xxxxxx>
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
  - From: Julian Yon
- Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
  - From: Jérémy Bobbio
- Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
  - From: Julian Yon

Prev by Author: Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
Next by Author: Re: [tor-talk] DoS and TOR?
Previous by thread: Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
Next by thread: Re: [tor-talk] Private mail server (Was: i saw your response on the Tor talk list)
Index(es):
- Author
- Thread