[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Help with getting a good automated sign up script for an email service on TOR



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nils,

I meant to include this with the really long email I sent you and the
list - I would like to register the domain name today so I can bring
it live - but I can't for the life of me think of an domain name that
fits.  Do you or anyone on this list have any ideas that may fit:

- -An email service that connects MTAs from the Internet to an email
anonymizing email service on tor.
- -An email service that supports the the freedom of expression.
- -An email service that will not turn over any data to any governmental
body for any reason whatsoever.

Thanks!

- --Rock


On 9/19/2013 12:08 PM, Rock wrote:
> Nils,
> 
> I'll gladly disclose the systems - I want to be be as transparent 
> as possible, as I feel that was one of the major faults of tormail 
> was the lack of transparency which led to it's downfall, as we saw 
> when we realized that it was brought down as it was all completely 
> hosted on one sole source, Freedom Hosting.
> 
> That will be the fail safe - this project isn't solely hosted. The
> plan is once the proof of concept, by that once I make sure that my
> code works and the team works and and users are pleased with the
> service and people are happy with the transparency, and we're
> providing a valuable service to ensure the ability for others to
> have freedom of expression, freely, especially from areas where 
> it's restricted, without fear of reprisal or fear of someone 
> providing their information to a governmental source, which 
> hopefully there will be enough volunteers to ensure that these 
> services are adequately provided.
> 
> At this point though the backup location isn't ready for for 
> complete configuration - I only have the certificates for the VPN 
> between the two sites configured and I'm still working on the the 
> failsafe code basically, honestly, it's not security through 
> obscurity, it's just the need to complete the actual code to
> ensure that physical site A is taken offline, then physical site B
> will come online with the same hash hostname.
> 
> So basically, the final design will be as follows, mtas will 
> deliver be configured to deliver to both all of the data servers 
> (we will start off with at least two sites), but only one data 
> server will be the primary data server at a time.  That primary 
> data server will mount the other ones remotely via a vpn
> connection and have the db constantly written to the secondaries.
> If the primary goes doe down, one of the secondaries will take
> over.  If for some reason, the hostname is considered "compromised"
> (such as a primary server being seized by a governmental
> organization and replaced), the hostname of the next secondary will
> start being used.  Such a change will be propagated via Social
> Media and other means.  But any way, the nice ascii graph.
> 
> Internet---------MTAs---------Primary Data Server---------tor users
> |                  | |                  | | | |                  |
> |                  | Secondaries--(OpenVPN) | | | | tor users
> 
> There's some already coded solutions that I'm looking into that I 
> just want to make sure work with tor hidden services.  There's
> also some solutions that people smarter than me on this list
> probably know about that hopefully may share with me.
> 
> The way the service is set up will be documented.  The other team 
> member and I will be actively documenting everything and ensuring 
> that we have everything documented and again, as transparent as 
> possible. For this little project I hope plenty of people 
> volunteer, plenty of people participate in a open provide feedback 
> and ideas because you know what, I might have ideas, I might have 
> solutions, but I'm sure someone might have something better.
> 
> Thanks for your feedback!
> 
> --Rock
> 
> On 9/19/2013 9:41 AM, Nils Kunze wrote:
>> Please correct me if I'm wrong, but you not wanting to disclose 
>> details about those "other fail safe systems" publicly sounds a 
>> lot like security through obscurity which certainly is not a good
>> idea.
> 
>> Nils
> 
> 
>> 2013/9/18 Rock <conrad@xxxxxxxxxxxxxx>
> 
>> Mick,
> 
>> I have researched the ownership and governmental cooperation of 
>> each company I have chosen and there's also a specific reason why
>> I've chosen some companies.  The MTAs are not as worrysome as the
>> data servers are, but the data servers will have drive level 
>> encryption, partition level encryption, and file level
>> encryption - so yes, the NSA can beat three levels of encryption,
>> but they can't beat an emergency track low level format (if we
>> have that much warning.)
> 
>> There's other fail safe systems that I would rather not disclose 
>> publicly that protect the data from the prying eyes of 
>> government, that I personally know will be effective in 
>> preventing any Intelligence Community organization from
>> obtaining anything from the data servers.  If you want to discuss
>> certain aspects of this please email me off the list.
> 
>> --Rock
> 
>> On 9/18/2013 8:19 AM, mick wrote:
>>>>> On Tue, 17 Sep 2013 20:34:36 -0400 Conrad Rockenhaus 
>>>>> <conrad@xxxxxxxxxxxxxx> allegedly wrote:
>>>>> 
>>>>>> 
>>>>>> The development servers are in separate jurisdictions 
>>>>>> throughout the world. For the initial proof of concept, I
>>>>>> have two MTAs and two Data Servers, with one spare 
>>>>>> server. Each one is in a separate jurisdiction to make
>>>>>> it more difficult to tap.
>>>>> 
>>>>> Forgive me if I am teaching grandmother, and I am sure that
>>>>> you have this covered, but the location of the servers is
>>>>> not the only, or necessarily most important, point to 
>>>>> consider. The crucial point is the legal juridisction 
>>>>> within which the server/DC/network owners reside.
>>>>> 
>>>>> For example I could pick servers in the Netherlands, 
>>>>> Germany and HongKong and find that all were provided by a 
>>>>> US company.
>>>>> 
>>>>> Mick
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>>
>>>>>
>>>>>
>
>>>>>
>>>>> 
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F
>>>>> E60B 5BAD D312 http://baldric.net
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>>
>>>
>>>>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSOy0AAAoJEOfLWO5paP3NA/sP/AzJm9S6+mlTPq+e7uQ7JclT
I66mNWZhLIXc3eIHAT2c0svSmmPVMpnZgjyVxQc3DoCbWrq4NNUVCLoNFIPKIDNy
luGXVUNe91psISdvgsm5s8+a44KRSta3lhm5VB/FW0npsWNEokdB1wXMgn1eKXxK
aQHnleAjLcfQOJb4WKRQS7ClIoTj0omiszDCZ+JeUuqByNiWAsUWUw+trkcwr8BW
Jvaldrfq24YA1Y2L81Lk4jKJNrb4D/olAWfiu8q1eX/rj4zk1dB1Zv9TJR8lJfs9
JTjTmnDlIhR079fynQHy0tocwXN+aIE3cj2iPuSlePNesQdLB5cdxYMz4vjPAie5
aNruzVHP5meVpagsw3C4X/xLCBznwmN6Y4EFGz2vEGHZ4wGPQtbceM3AqSfhS8IH
YSOg8LpDWac+buScM1tjO8MYQYAE1Ni+O4gdiq+a6kKFI6/Uzs9IxbZU1EaS9WMm
KFBni6W8cfJcVEV+5MOgPefuKPq9Eqai1EwWz4MohjBkNvTSMR5cIgI6L412uWf9
a08grytIXZbOPhEmhx0XjA5jsQGeTkSmtttguFoK96/RdQonbdRO9dV/M2ictvnB
h5cCqp7X4eEM7svE2wmnYw5IW5pYrNL4mMsh4rC+VIEVMMMhpSSV0GAMO0kjv4r9
XR9gCAyo4KbyeVlyz8B+
=gb1g
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk