SmallMail, protect your from nosey Big Brothers Peter Roozemaal

The Plan (for today) LANG=en_NL Quick introduction Goals for SmallMail (Why hide communication) SmallMail implementation Demo Limitations in Smallmail's approach (quick) Conclusion and Q&A

Introduction Smallsister Group of concerned citizens (Dutch, others are welcome) Provide information on computer and online privacy Some politics Fill some of the holes in available privacy solutions The speaker A developer on an interesting project

The state of online privacy USA warrantless wiretaps The EU asks all ISPs and Telcos to collect and keep communication data Advertisement agencies like to track your browsing RIAA and MPAA want your ISP to track downloads Leaks of entire databases Criminal hacking (trojaning) of PCs

Where can we change the world? Choose achievable goals Pick something that fits your capabilities Don't reinvent wheels

Where can we change the world? Choose achievable goals Pick something that fits your capabilities Don't reinvent wheels Our target: EU Data Retention Directive Hide ( ) communication from third parties

Privacy in Communication There are legitimate reasons for people to communicate without being tracked: Whistleblowers Political dissidents And even Intelligence agencies

SmallMail Design Goals Weak Anonymity Parties in communication can (optionally) reveal true identities Strong Privacy Keep content of communication secret from third parties Hide the existence of communication as far as feasible KISS

Making private Client – Server model Drop SMTP Use Tor to hide communication origin from traffic analysis Encourage non-ISP servers Anonymous mailbox creation is possible Use encryption to hide message content

Unsolvable? An anonymous messaging system is a spammer's paradise

Introducing Tor

Tor as proxy

Tor hidden service (1)

Tor hidden service (2)

Tor hidden service (3)

Tor hidden service (4)

Tor hidden service (5)

The SmallMail Server Tor Hidden Service Use SSL/TLS for additional end-to-end encryption Will do TLS authentication in next protocol version Simple protocol Allow for anonymous mailbox creation No message forwarding: the Internet is connected No interpretation of messages

Please, Can you run a server for me?

The client Graphical client in wxPython Current version is Developed on Linux Looking for Windows and OSX porters Useful beta, expect monthly updates Goal: My/your mother can use it

DEMO

User visible Peculiarities Some common habits are bad (for privacy)

User visible Peculiarities Some common habits are bad (for privacy) Enforcing encryption Key management Presentation of message lists Message ”sent” time is unknown Open Issue: How to handle CC's

Client Implementation Use GnuPG for encryption and key management Messages are stored encrypted Contact information is not Connect via Tor (SOCKS4a or SOCKS5) Hidden servers are in the.onion domain

We tried to make it safe But did we succeed?

SmallMail attacks Tor attacks Traffic correlation attack

Tor hidden service

SmallMail attacks Tor attacks Traffic correlation attack

SmallMail attacks Tor attacks Traffic correlation attack Correlation attacks by server operator ➔ Advice: use mailboxes on different servers

SmallMail attacks Tor attacks Traffic correlation attack Correlation attacks by server operator ➔ Advice: use mailboxes on different servers Message insertion attacks

SmallMail attacks Tor attacks Traffic correlation attack Correlation attacks by server operator ➔ Advice: use mailboxes on different servers Message insertion attacks Significantly more work than ”Hand me the data” And less reliable results

Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase

Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase Mailbox name, message ID, size and date leak some information

Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase Mailbox name, message ID, size and date leak some information Fix: Encrypt addressbook But what about the GnuPG keyring?

Client attacks Messages are encrypted Fix: decryption keys are not protected by a passphrase Mailbox name, message ID, size and date leak some information Fix: Encrypt addressbook But what about the GnuPG keyring? Little defence against runtime and memory attacks

Conclusions We can evade government surveillance It's so easy I expect terrorists already have the tools Private requires unlearning of some habits Tracking SmallMail communication may be possible, but is much harder than SMTP

Closing words Thanks to NLnet foundation Try our software (GPLv3 or later) Improve it and its documentation Help to keep the world a safe and sane place Help to protect your and our privacy

Closing words Thanks to NLnet foundation Try our software (GPLv3 or later) Improve it and its documentation Help to keep the world a safe and sane place Help to protect your and our privacy Your questions

URLs Website: Download: Old releases: Git repository: Bugzilla: Peter: