Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well your point F nullifies your point about A-D does it not?

As for a second point F, the identity can be derived from the unencrypted headers in PGP.

Before PGP:

    From: bob@alqaeda.org
    To: bill@gmail.com
    Subject:  The snow this year is better at Innsbrook.
    But not at St. Moritz.
After PGP:

    From: bob@alqaeda.org
    To: bill@gmail.com
    Mime-shit....
    DEFKJiwfou3hoqwdnhoqiwfhoqifowqihwqoidhqwod==
PGP is an encapsulation and the MTA still needs the recipient and sender to work properly.

Hmm.




No, it does not. Take this message:

    From: anonymous_acct_101@mailpile.is
    To: anonymous_acct_77@mailpile.is
    Mime-shit....
    DEFKJiwfou3hoqwdnhoqiwfhoqifowqihwqoidhqwod==
This is quite a secure message and it would be as easy to send as any other email with mailpile or similar services. My point is that security is not a black&white concept. There is a continuous of security, and part of the job of mailpile could be to give a "security score" to your message before you hit the send button, similarly to what we do when we calculate entropy on password and give a "security score" on the password. A password with a good score does not guarantee the security of your login but at least it will help you understand more about the entire process.


No. That really looks like another anon.penet.fi. If that is the case, then if 101 (let's call 101 Alice) or 77 (let's call 77 Bob) are using providers that are in bed with the NSA, the NSA can easily still grab the metadata from this.

If Mailpile is the MTA, and the NSA is following the connections to Mailpile's servers they can use time correlation to find out the metadata.

Metadata is hard to hide^.

Anyway, as the other posted mentioned, the correct solution is definitely full security across the board, with full encryption MTA->MTA. That needs to happen so it can't be sniffed on the wire. But of course full security between Alice's MTA and Bob's MTA is ultimately pointless when Bob's MTA (e.g. Gmail) is sleeping with Evan (the NSA).

The actual message contents need to be decrypted with keys that only the recipient has access to, and GPG is as good a solution as any for that. You can only trust what only you have. Don't trust Google. Don't trust Mailpile, either.

^ anon.penet.fi was an OK solution, but still was subject to possible timing attacks (and legal attacks since a table exists SOMEWHERE in the universe that correlates your name to your nym).

A nym.alias.net solution is better when you're chaining remailers and using random timing delays.

Deadrops are better, post your message anonymously to a newsgroup/forum/etc via a Tor or other anonymous connection, and your recipient does the same to retrieve the message anonymous. There's no metadata there to capture.


So, Alice encrypts message with Bob's public key, that's EM1. Then Alice encrypts EM1 with the server's public key, outputing EM2. And sends that to Bob thru the MTA.

The server decrypts EM2 revealing EM1 and some plaintext metatdata arbitrarily specified by Alice. The MTA random-delays to keep them all out of order, and sends it on to Bob with encrypted body, whatever Alice felt like putting in the plaintext metadata supposedly representing the prior travels, and no attempt to disguise the MTA's IP, etc..

NSA now can see Alice's post to the MTA, but none of the mails coming out of the MTA match the text of Alice's email. The best the wiretapper can do is decide "someone in set A sent to someone in set B", and maybe apply statistical analysis. It is easy for the wiretapper if there are only a few people using this and hard if there are a lot.

The objection will be, but NSA/FBI etc. will trojan the code, coerce the secret keys, make the server deceive users. So the server owner would like to put in something that makes it all unavoidably, and conspicuously break if the code is compromised. Securing the latter behavior remains a problem when the adversary has, one must assume, physical control of the server.


You just described more or less the behavior of how a nym.alias.net address worked back in the day, which had the added benefit of not even knowing who you were, because you chained as many remailers together as you wanted.


Metadata is most hideable (but still exists) in a crowd. At scale (i.e. millions of users) an improved version of shared shared mailboxes like alt.anonymous.messages can be effective. I reckon that it can be effective at a lesser scale if initial participants all generate enough random noise to protect anonymity of the first users to adopt the system. Once it has scaled in users, they can scale back the random noise generated.


    > atob("DEFKJiwfou3hoqwdnhoqiwfhoqifowqihwqoidhqwod==")
    "AJ&,¢í᢬ž*‹ᢨŸ£
    ¢‡
    ¨‰Øj‡"
:(. Here's me hoping you hid a joke in that base64.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: