[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]



On 5/28/2015 7:34 PM, Jonathan Wilkes wrote:
On 05/26/2015 09:13 PM, Mike Ingle wrote:
I tried out Bitmessage and it did not seem to deliver without the sender and recipient online. It's supposed to, it just didn't. Waiting for key exchange.

Any response from the devs/forum when you reported the bug?
I would have had to do a lot more troubleshooting before I went and complained about a bug. I was just testing it out between a couple of VMs to understand how it works and feels, because I am working with secure mail protocols and want to understand the existing ones. It worked fine with both of them up simultaneously.

It's also a bandwidth pig due to its broadcast nature.

For those unfamiliar with Bitmessage, it is designed so that everyone receives everything.
Within a two-day buffer, at least according to the white paper.

Why does it broadcast in this manner? Imagine that you wish to read blog entries of your 10 favorite bloggers, but you're afraid because 2 of the bloggers may be
considered dangerous by your favorite state-sponsored spy agency.

Let's suppose you can choose one of the following methods to read these blogs:
a) read the blogs as web pages, accessing them through Tor
b) read the blogs by subscribing to Bitmessage mailing lists

If you choose Tor and the spy agency has a _full_ view of the network traffic, then they can violate your reading privacy. They could-- for example-- record you as a reader of the 2 "dangerous" blogs, distinct from users who, say, only read the 8 "harmless"
blogs.
This is pretty similar to receiving a Usenet feed in the old days, and downloading all the messages so as to receive a few encrypted ones. That makes for the best recipient privacy, at the cost of bandwidth. From what I can tell, Bitmessage basically automates that process. If it moved beyond the Darknet Markets crowd, success would kill it or at least require compromising the broadcast-everything rule.

The project I'm working on is intended for large file distribution, and to look-and-feel like email without the limits. It uses TLS, GPG, and optionally Tor to provide strong privacy and pretty good anonymity. I just think we need to get away from SMTP for secure communication. Bitmessage is one extreme (broadcast everything), CM is on the other (server based with no size limits) and SMTP has none of the advantages of either. It is server based, has size limits, and exposes metadata.

If you choose to read from Bitmessage mailing list posts and the spy agency has a _full_ view of the network traffic, they cannot violate your reading privacy wrt the 2 "dangerous" blogs. They can link you to "suspicious activity" due to using Bitmessage. But through traffic analysis alone they cannot separate your reading habits from people who use Bitmessage to only read the 8 "harmless" blogs. To them it just looks like everyone is downloading the same data. And because reading a Bitmessage mailing list doesn't require _any_ special request back to the network, there's no way to tell
from traffic analysis which lists someone happens to be reading.

Bitmessage certainly has its share of issues, but I'm unaware of any other extant piece of
software that has a feature like that.

-Jonathan


What about Bitmessage?

-Jonathan





--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk