Presentation is loading. Please wait.

Presentation is loading. Please wait.

SmallMail, protect your from nosey Big Brothers Peter Roozemaal

Published byTracy Atkinson Modified over 7 years ago

Similar presentations

Presentation on theme: "SmallMail, protect your from nosey Big Brothers Peter Roozemaal"— Presentation transcript:

1 SmallMail, protect your email from nosey Big Brothers Peter Roozemaal http://www.smallsister.org/

2 The Plan (for today) LANG=en_NL Quick introduction Goals for SmallMail (Why hide communication) SmallMail implementation Demo Limitations in Smallmail's approach (quick) Conclusion and Q&A

3 Introduction Smallsister Group of concerned citizens (Dutch, others are welcome) Provide information on computer and online privacy Some politics Fill some of the holes in available privacy solutions The speaker A developer on an interesting project

4 The state of online privacy USA warrantless wiretaps The EU asks all ISPs and Telcos to collect and keep communication data Advertisement agencies like to track your browsing RIAA and MPAA want your ISP to track downloads Leaks of entire databases Criminal hacking (trojaning) of PCs

5 Where can we change the world? Choose achievable goals Pick something that fits your capabilities Don't reinvent wheels

6 Where can we change the world? Choose achievable goals Pick something that fits your capabilities Don't reinvent wheels Our target: EU Data Retention Directive Hide (email) communication from third parties

7 Privacy in Communication There are legitimate reasons for people to communicate without being tracked: Whistleblowers Political dissidents And even Intelligence agencies

8 SmallMail Design Goals Weak Anonymity Parties in communication can (optionally) reveal true identities Strong Privacy Keep content of communication secret from third parties Hide the existence of communication as far as feasible KISS

9 Making email private Client – Server model Drop SMTP Use Tor to hide communication origin from traffic analysis Encourage non-ISP servers Anonymous mailbox creation is possible Use encryption to hide message content

10 Unsolvable? An anonymous messaging system is a spammer's paradise

11 Introducing Tor

12 Tor as proxy

13 Tor hidden service (1)

14 Tor hidden service (2)

15 Tor hidden service (3)

16 Tor hidden service (4)

17 Tor hidden service (5)

18 The SmallMail Server Tor Hidden Service Use SSL/TLS for additional end-to-end encryption Will do TLS authentication in next protocol version Simple protocol Allow for anonymous mailbox creation No message forwarding: the Internet is connected No interpretation of messages

19 Please, Can you run a server for me?

20 The client Graphical client in wxPython Current version is 0.2.1 Developed on Linux Looking for Windows and OSX porters Useful beta, expect monthly updates Goal: My/your mother can use it http://smallsister.org/downloads/

21 DEMO

22 User visible Peculiarities Some common email habits are bad (for privacy)

23 User visible Peculiarities Some common email habits are bad (for privacy) Enforcing encryption Key management Presentation of message lists Message ”sent” time is unknown Open Issue: How to handle CC's

24 Client Implementation Use GnuPG for encryption and key management Messages are stored encrypted Contact information is not Connect via Tor (SOCKS4a or SOCKS5) Hidden servers are in the.onion domain

25 We tried to make it safe But did we succeed?

26 SmallMail attacks Tor attacks Traffic correlation attack

27 Tor hidden service

28 SmallMail attacks Tor attacks Traffic correlation attack

29 SmallMail attacks Tor attacks Traffic correlation attack Correlation attacks by server operator ➔ Advice: use mailboxes on different servers

30 SmallMail attacks Tor attacks Traffic correlation attack Correlation attacks by server operator ➔ Advice: use mailboxes on different servers Message insertion attacks

31 SmallMail attacks Tor attacks Traffic correlation attack Correlation attacks by server operator ➔ Advice: use mailboxes on different servers Message insertion attacks Significantly more work than ”Hand me the data” And less reliable results

32 Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase

33 Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase Mailbox name, message ID, size and date leak some information

34 Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase Mailbox name, message ID, size and date leak some information Fix: Encrypt addressbook But what about the GnuPG keyring?

35 Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase Mailbox name, message ID, size and date leak some information Fix: Encrypt addressbook But what about the GnuPG keyring? Little defence against runtime and memory attacks

36 Conclusions We can evade government email surveillance It's so easy I expect terrorists already have the tools Private email requires unlearning of some habits Tracking SmallMail communication may be possible, but is much harder than SMTP

37 Closing words Thanks to NLnet foundation Try our software (GPLv3 or later) Improve it and its documentation Help to keep the world a safe and sane place Help to protect your and our privacy

38 Closing words Thanks to NLnet foundation Try our software (GPLv3 or later) Improve it and its documentation Help to keep the world a safe and sane place Help to protect your and our privacy Your questions

39 URLs Website: http://smallsister.org/ Download: http://smallsister.org/download/ Old releases: http://smallsister.org/files/ Git repository: http://old.smallsister.org/git/SmallMail.git Bugzilla: https://dewinter.com/cgi-bin/bugzilla/ Email Peter: smallmail@xs4all.nl B056A00376113324@cemwana5zuid4oq5.onion

Download ppt "SmallMail, protect your from nosey Big Brothers Peter Roozemaal"

Similar presentations

The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598.

Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Data Security.

Data Security.
Security+ All-In-One Edition Chapter 14 – Email and Instant Messaging Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: 102088 March 10, 2001.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Protecting Students on the School Computer Network Enfield High School.

Protecting Students on the School Computer Network Enfield High School.
Topic 5: Basic Security.

Topic 5: Basic Security.
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
https://www.khanacademy.org/computing/computer- science/internet-intro

science/internet-intro
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
2/19/2016clicktechsolution.com Email Security. 2/19/2016clicktechsolution.com Threats Threats to the security of e-mail itself –Loss of confidentiality.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor

Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.

ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.
Email – Protocols 21 Email – Protocols 21. Email – Protocols 21 Now we’ll move on to more technical aspects of email This means email protocols Remember.

– Protocols 21 – Protocols 21. – Protocols 21 Now we’ll move on to more technical aspects of This means protocols Remember.

Similar presentations

Ads by Google