If you'd like to help me that would be cool.. My take on this is this: (these are are not all my ideas, can't take full credit)
We want to get to a state where an e-mail server is easy to set up. And runs with *non governmental* issued ssl certificates. Where it provides web-mail (think gmail), iPhone and android. The meta data problem goes away if the point of failure is spread thin enough. Basically, you rely that the NSA will not take the chance of sending a "secret" order to 1000 people with consciences. If everyone is using non government issued ssl certificates, the XKeyscore problem goes away. (only a guess though of course) The mail client will have pgp mime end-to-end. The mail server, run by you, or run by a friend of yours, or some business, will provide a secure means to login for web-mail. .. What I'm doing is: 1. finishing off getting all of the source on github 2. this weekend work on deploying easily to an ec2 instance. If you'd like to help, you could get it from github https://github.com/timprepscius/mailiverse and try to build things, see what breaks, although I'm sure I'll find out on my own pretty soon. If you have any expertise in PGP mime, I could use it. Setting up PGP mime looks like it will be trivial. I just have to figure out what to do. Which takes longer than writing the code unfortunately. -tim On 8/9/13, Hans of Guardian <h...@guardianproject.info> wrote: > > I think there would be some value to a system like that. It would address a > lot of real world threats but it will not address large scale government > monitoring systems, which many governments have (US, China, UK, Iran, etc). > > Sounds like you should team up with Tim Prepscius with his system that he's > been posting about here. > > .hc > > On Aug 9, 2013, at 2:07 PM, Griffin Boyce wrote: > >> This probably sounds very strange, but *what if* someone ran an email >> service that required that all mails be GPG encrypted? >> >> So here's my idea: Barring the honor system, it would require a filter >> to look at message content to check for PGP headers. And if said >> headers didn't exist, the message doesn't get sent.[1] There's no "Sent >> Mail" folder on the server, so if you want a copy, you'd need to have >> Thunderbird (etc) set up to store them locally. >> >> It wouldn't protect from metadata collection, but it would at least >> (to some extent) protect people from their own poor security decisions >> while emphasizing that options exist to protect themselves. >> >> Considerations: >> * This assumes that an order would arrive to disable PGP filter and >> enable a sent folder (eg, this idea assumes metadata is unprotected) >> >> * Those playing at home may recognize this as a naive Bayes >> classifier, given that the presence of PGP headers don't necessarily >> mean the actual message is encrypted. There are other (heavier) steps >> that could be taken, like checking for encryption on outbound with SJCL, >> but I think that probability is on our side here. >> >> * In the face of an NSL, the service would realistically either fall >> back to policy (removing tech-based enforcement by order) or shut down >> entirely. >> >> What does everyone think? Is this totally nuts or what? >> >> best, >> Griffin >> >> -- >> "Cypherpunks write code not flame wars." --Jurre van Bergen >> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de >> <mailto:sa...@jabber.ccc.de> >> >> My posts, while frequently amusing, are not representative of the >> thoughts of my employer. >> _______________________________________________ >> Guardian-dev mailing list >> >> Post: guardian-...@lists.mayfirst.org >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> >> To Unsubscribe >> Send email to: guardian-dev-unsubscr...@lists.mayfirst.org >> Or visit: >> https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info >> >> You are subscribed as: h...@guardianproject.info > > _______________________________________________ > Guardian-dev mailing list > > Post: guardian-...@lists.mayfirst.org > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: guardian-dev-unsubscr...@lists.mayfirst.org > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/timprepscius%40gmail.com > > You are subscribed as: timprepsc...@gmail.com > -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
