Delivery-Date: Thu, 28 May 2015 23:21:41 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C34911E141F;
	Thu, 28 May 2015 23:21:39 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8E1253538E;
	Fri, 29 May 2015 03:21:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0DBF3350A8
 for <tor-talk@lists.torproject.org>; Fri, 29 May 2015 03:21:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 3SCBjdMJwzcu for <tor-talk@lists.torproject.org>;
 Fri, 29 May 2015 03:21:30 +0000 (UTC)
Received: from mail.confidantmail.org (mail.confidantmail.org [54.213.166.118])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 65AB935082
 for <tor-talk@lists.torproject.org>; Fri, 29 May 2015 03:21:30 +0000 (UTC)
Received: from [192.168.4.102] (pool-71-109-96-52.lsanca.dsl-w.verizon.net
 [71.109.96.52]) (Authenticated sender: mike)
 by mail.confidantmail.org (Postfix) with ESMTPSA id 114C2A20D0
 for <tor-talk@lists.torproject.org>; Fri, 29 May 2015 03:21:24 +0000 (UTC)
Message-ID: <5567DB24.2090702@confidantmail.org>
Date: Thu, 28 May 2015 20:21:08 -0700
From: Mike Ingle <mike@confidantmail.org>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAD2Ti2-qdymrnM-nHqP2sVBYP=notY6sW54dQ1to-KTbkTEY4A@mail.gmail.com>
 <555E2BFC.6000709@rawbw.com> <20150526233633.GA1790@lo.psyced.org>
 <5565198C.2000701@yahoo.com> <55651A22.4020501@confidantmail.org>
 <5567D04D.6040908@yahoo.com>
In-Reply-To: <5567D04D.6040908@yahoo.com>
Subject: Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 5/28/2015 7:34 PM, Jonathan Wilkes wrote:
> On 05/26/2015 09:13 PM, Mike Ingle wrote:
>> I tried out Bitmessage and it did not seem to deliver without the 
>> sender and recipient online. It's supposed to, it just didn't. 
>> Waiting for key exchange.
>
> Any response from the devs/forum when you reported the bug?
I would have had to do a lot more troubleshooting before I went and 
complained about a bug. I was just testing it out between a couple of 
VMs to understand how it works and feels, because I am working with 
secure mail protocols and want to understand the existing ones. It 
worked fine with both of them up simultaneously.
>
>> It's also a bandwidth pig due to its broadcast nature.
>
> For those unfamiliar with Bitmessage, it is designed so that everyone 
> receives everything.
> Within a two-day buffer, at least according to the white paper.
>
> Why does it broadcast in this manner?  Imagine that you wish to read 
> blog entries
> of your 10 favorite bloggers, but you're afraid because 2 of the 
> bloggers may be
> considered dangerous by your favorite state-sponsored spy agency.
>
> Let's suppose you can choose one of the following methods to read 
> these blogs:
> a) read the blogs as web pages, accessing them through Tor
> b) read the blogs by subscribing to Bitmessage mailing lists
>
> If you choose Tor and the spy agency has a _full_ view of the network 
> traffic, then they
> can violate your reading privacy.  They could-- for example-- record 
> you as a reader
> of the 2 "dangerous" blogs, distinct from users who, say, only read 
> the 8 "harmless"
> blogs.
This is pretty similar to receiving a Usenet feed in the old days, and 
downloading all the messages so as to receive a few encrypted ones. That 
makes for the best recipient privacy, at the cost of bandwidth. From 
what I can tell, Bitmessage basically automates that process. If it 
moved beyond the Darknet Markets crowd, success would kill it or at 
least require compromising the broadcast-everything rule.

The project I'm working on is intended for large file distribution, and 
to look-and-feel like email without the limits. It uses TLS, GPG, and 
optionally Tor to provide strong privacy and pretty good anonymity. I 
just think we need to get away from SMTP for secure communication. 
Bitmessage is one extreme (broadcast everything), CM is on the other 
(server based with no size limits) and SMTP has none of the advantages 
of either. It is server based, has size limits, and exposes metadata.
>
> If you choose to read from Bitmessage mailing list posts and the spy 
> agency has
> a _full_ view of the network traffic, they cannot violate your reading 
> privacy wrt the
> 2 "dangerous" blogs. They can link you to "suspicious activity" due to 
> using
> Bitmessage.  But through traffic analysis alone they cannot separate 
> your reading habits
> from people who use Bitmessage to only read the 8 "harmless" blogs. To 
> them it
> just looks like everyone is downloading the same data.  And because 
> reading a Bitmessage
> mailing list doesn't require _any_ special request back to the 
> network, there's no way to tell
> from traffic analysis which lists someone happens to be reading.
>
> Bitmessage certainly has its share of issues, but I'm unaware of any 
> other extant piece of
> software that has a feature like that.
>
> -Jonathan
>
>>>
>>> What about Bitmessage?
>>>
>>> -Jonathan
>>>
>>>
>>
>

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

