Peer-To-Peer Encrypted E-mail

Markv writes: "CNET has an article about a peer-to-peer e-mail system called SafeMessage(TM) from AbsoluteFuture.com that could confound law enforcement. Not only is it peer-to-peer, the message is encrypted before it leaves the sender's computer, and the decoder key is destroyed. According to the article, AbsoluteFuture's SafeMessage system would potentially allow people to operate below the radar screen of the FBI's Carnivore program." So Carnivore may be good for something after all! Actually, though, how is this different (or less complicated) than, say, using PGP and an IRC client (with DCC) to effect the same sort of transfer?

Re:Why PGP sucks.

They already have integrated it into Outlook to a large extent. Prior to converting to Linux I used Windows and Outlook. NAI's commercial PGP package placed a little icon on the Outlook toolbar that, when clicked did the encryption/decryption.

Re:Why we need Carnivore

Not going to go into the obvious flamewar here, but napster didnt START "warez". Havent you heard of the Homebrew Computer Club? unintentionally becoming the first source of pirated software, a stolen reel of Altair Basic. And this was 20 years ago. So lets not go blaming napster for warez. Now, as for your opinions concerning the innocence of having the government monitor your email to prevent anarchic collapse and corruption or whatever, I can find a few faults. For one thing, government servicemen are people too. People lie, cheat, steal, bribe, extort, and blackmail. More importantly, the Internet has survived as underground anarchist terrorism. since the beginning. and BTW, FUCK YOU NAZI BASTARD. Hollywood isnt completely run by jews anymore than work ethic being an entirely protestant idea. so can the antisemitism and whatnot. --underground anarchist terrorism. http://www.kaotix.net visit, blow up government building, repeat.

Carnivore and Man-In-The-Middle attack

Note that if the FBI can install enough Carnivore units in enough locations, it might credibly launch massive man-in-the-middle attacks against public key cryptosystems. MitM (qv _Applied Cryptography_, Schneier, p48) can be used to break RSA, ElGamal, or any other public key exchange based cryptosystem, regardless of key length, with very little computational effort (ie, it is not a "brute force" type attack) as long as the attacker can guarantee the ability to intercept and replace all communication between the subjects of the attack. It is not clear whether or not Carnivore can perform such interception (some accounts make it out to be a passive sniffer, others suggest it is an in-line network hop), but in this game paranoia is a job requirement. Until we can establish that Carnivore does not have this capability, we must assume that it does.

-- Guges --

Re:Carnivore and Man-In-The-Middle attack

[Asgard]

This sort of depends on how one handles the key exchange. The idea behind a public key system is that you verify that the key belongs who you think it belongs to either yourself or through a chain of people you trust to make that determination. SSL and S/MIME works on this system in fact, but is just pre-programmed to trust Verisign, Thawte, etc. So, as long as the 'web of trust' keeps its integrity, Carnivore will fail to execute a viable MiTM attack. If people blindly trust all public keys as belonging to the person the key says it belongs too; well, then they don't understand the tools that they are using.

Re:Carnivore and Man-In-The-Middle attack

[mnbeldin]

Man-In-The-Middle attacks are only a threat if the initial key exchange can be intercepted, and if the key is unsigned. Exchanging the MD5 digests of your keys by another medium can guarantee the integrity of the keys.

Among other things, O'Reilly's excellent book on PGP has a few novel suggestions on MD5 digest exchange and other methods of ensuring your key's integrity.

Here are some good ways to make your public key trustworthy to others:

• Have your key signed by a number of other people, so that people using your key can check its integrity against other keys they use and trust.
• Send out your key's MD5 digest often, and over a wide variety of channels. You should distribute your key's MD5 digest atmost as widely as you distribute the key itself--remember, anybody can get your public key, but the best way they have to know that the key hasn't been subverted is to compare the key with its MD5 digest, or some other checksum of the key.
• Encourage people who use your public key to check it against your MD5 digest on a regular basis. If your key ring is subverted, all your keys can be replaced by Man-In-the-Middle variants. Manually checking the MD5 digests of the keys you use every once in a while is a good guard against this. In fact, there are a few nice tools out there which will do this for you.

It's good to keep in mind that a Man-In-the-Middle attack is just trickery--convincing somebody to encrypt their message with your public key instead of the intended recipient's key, and then re-encrypting the message and sending it to the recipient on the sender's behalf. Public-key systems are the most vulnerable to this during initial key exchange; afterward, it's not just enough to compromise a node in the store-and-forward chain, you also have to subvert both sides' key-rings. That is, if you want to hear both sides of the conversation.

Re:Carnivore and Man-In-The-Middle attack

[crow]

Has there ever been any credible evidence that real life man-in-the-middle attacks have been used?

If they were being used on a wide-spread basis, the PGP community would find out very quickly, considering how many of them exchange keys in person at conferences and such.

Once such an attack is shown to be taking place, people will just come up with better key-distribution mechanisms.

Re:Carnivore and Man-In-The-Middle attack

[Weezul]

Yes, they *could* implement a man-in-the-middle attack for any specific key exchange system, but people will notice man-in-the middle attacks when they move outside the system. Now, out side the system dose not mean physically transporting a floppy. It means using a data transfer procedure which carnivore would not know t intercept.

This means a MitM attack aginst many people would be notice very quickly, but a MitM attack against only a few people would be hard to detect. If you are one of the few people who really should worry about MitM attacks then you should use a variety of ways to transport your keys and diff the results! We need the people they actually are watching to check for MitM attacks.

GNU (was Re:licq)

[Eck]

/* Try writing 'GNU' without using an acronym. Go ahead. Try it. I dare ya. */

GNU's Not UNIX.

GNU is the proper name of the project, not just an acronym. So you can argue that it's still an acronym in its expanded form, but nobody ever expands it further, which would be redundant anyway, so in a sense, "GNU's Not UNIX" doesn't contain an acronym.

ObOnTopic: It would be nice to see some cross-polination between open source ICQ clients. It's far more convenient for me to run Zicq (text mode ICQ client) under Screen than to restart a graphical ICQ client like Licq any place I get on the Net. The RSA features of Licq sound pretty cool, tho'.
- -
One good geek deserves another.

Re:GNU (was Re:licq)

[thopkins]

There is a plugin in which you leave the graphical licq running on your computer and you can telnet into the program and do stuff like send messages remotely. It's pretty cool.

Re:Why this is NOT different from PGP/GPG

[Bishop]

PGP/GPG use a symetric key algorithm such as 3DES to encrypt the contents of the email. With each and every email a new symetric key is randomly generated. This is called the session key. To have a stronger system the symetric session key must be randomly generated each and every time. The public/private key pairs are used to encrypt the symetric session key. Read the docs, it is all there.

Like other posters I don't see the big deal. I don't see how this could be any stronger then pgp/gpg.

Re:Power to the people

[Bishop]

Part of the problem with encryption is that it has to be used carefully and properly to be of any use. Towards that goal it actually helps to have the crypto in the user's face. I am waiting for someone to code something that proves me wrong. I have seen too many systems where the user is never sure if the file/email was encrypted or not or the system imports any untrusted key by default.

Re:Why PGP sucks.

[johnnyb]

If you expect your users to be braindead, then the security measures won't add any security. The OpenPGP standard with the "web of trust" was made so that doing PGP would be as simple as the conceptual model (i.e. - you don't have to do anything "special" just because the coders were too lazy to do it for you), but it didn't make anything insecure. If users have a simple "secure my email" flag set, then they will have a false sense of security by setting it.

The web of trust security model makes key exchanges fairly simple and transparent - all you have to know is one or two known good keys, and everything else is all set. In addition, you can verify keys without copying the whole thing, just ask for a "fingerprint", which is a shortened version that is useful for identification.

Security requires both knowledge and time. If you or your users are not willing to put up with that, then just accept doing things in an insecure fashion. There's nothing wrong with that. But there is something wrong with giving a user a false sense of security. Let the user choose - take the time and effort to be secure, or save time and effort, and be willing to take responsibility when your emails are intercepted.

Re:Bandwidth != free

[Ed+Avis]

Bandwidth isn't free, but it's cheap enough. Mail - even with lots of dummy messages flying about - uses a fraction of the bandwidth of Web browsing with images, downloading software, or any of the more whizzy things you might do. So cost isn't a big issue, unless you need to buy a new mail server.

Re:This is just useless..

[grahammm]

One solution to this would be for systems to establish a 'permanent' (ie be connected all the time you are online) connection to a remailer. Then continuously exchange a steady strea, of fixed packet length encrypted data. That way a snopper cannot perform traffic analyis nor even determine when you are sending or receiving email/messages. You would, of course, have to 'trust' the remailer.

Read the PGP source

[lazarusL]

"...throw your message through a compression algorithm, like zip or gzip then hit it with PGP."

Read the PGP source code. Compression-before-encryption is already in place, standard. Unless things have changed, the InfoZIP (a la PhilKatzZIP) method is still used, just as it was in the early versions of PGP. (I haven't actually tracked PGP source changes since I started tracking GnuPG source, preferring a free(-as-in-freedom) alternative to the .COMmercial code.)

IIRC, somewhere in the docs I believe you will find an explanation as to why compression-before-encryption is utilized / good practice. You DID read the docs before using any crypto software, right? (cf. {insert link here about why RTFM is even more important with crypto than with other software} This link is left as an exercise for "Reply" karma-gleaning, heh.)

Since it's in the docs, not just the source, I'm surprised you don't know this. LOL.

(I'm not surprised others don't read crypto source before trusting it, but I *am* surprised if they don't at least RTFM. Would they also run untrusted binaries they receive via attachments to unsolicited email?)

Re:PGP Webmail

[lazarusL]

It's useless to lynx users (or anyone unable or unwilling to usejava) AFAICT. :-(

Re:Snake-oil alert

[lazarusL]

Explain to me how a text file (which is what email is, right? plain text, per RFC 822, right?) can be *cough* "auto-shredding" please.

Voice encryption available? (yes, URL below.)

[lazarusL]

"Is there any voice encryption avaiable."

There most certainly is. The first cross-platform app that comes to mind is Speak Freely and the documentation at that URL says, among other things:

Speak Freely is a [sic] application for a variety of Unix workstations that allows you to talk (actually send voice, not typed characters) over a network. If your network connection isn't fast enough to support real-time voice data, various forms of compression may allow you, assuming your computer is fast enough, to converse nonetheless. To enable secure communications, encryption with DES, Blowfish, IDEA, and/or a key file is available. If PGP is installed on the user's machine, it can be invoked automatically to exchange IDEA session keys for a given conversation. Speak Freely for Unix is compatible with Speak Freely for Windows, and users of the two programs can intercommunicate.

That sounds to be exactly what you are looking for, and then some. If you are a Debian user, you can even "apt-get install speak-freely" and poof! :-)

Please tell me this is a joke.

[Paradox]

If the US is a mere thinking-man's experiment, and idea of government that can't possibly work in it's original format, I'd rather see that than to have them modify it on the fly into a paranoid socialist society, the way it is moving now.

I hope that:
A) This was a clever joke.
B) If not, your opinions are not widespread. Besides, carnivore does NOT address the problem. Anyone serious about blowing up a big building is going to encode their messages. By any media. THat's just common sense. And, as far as we know, we have ciphers that can't be broken reasonably right now (although the NSA might actually be laughing at us for such mediocre crypto).

What this means, then, is that Carnivore is most likely a blantant, pointless infringement upon the privacy of people who don't realize they need to encrypt their mail. They can, in theory, watch for anything they want and who knows what they will watch for, really.

I abhor blantant, pointless intrusions into the general populace's privacy.
- Paradox
Man of the C!!!

I have some under my beverage right now.

[Paradox]

I have about 8 billion under various soda cans in my places of residence if you want some. They may have moisture stains on them though. Cold soda cans drip!
- Paradox
Man of the C!!!

What about IPSEC

[mab]

peer ro peer I would have thought that IPSEC would have been better

and if it's email it might be better to use jabber
over IPSEC

just a thought

Re:Perhaps I'm being dim, but...

[Eimi+Metamorphoumai]

Actually, the key is "eineew a si nnamremmiZ pilihP". Shhh, don't tell anyone!

Re:PGP over email isn't secure?

[NoseyNick]

Would you be content an ISP employee viewing this perfectly well encrypted message as it passes through their servers?

Yup. Any ISP employee who's able to read the headers is probably also quite capable of proving that gaspowereddildoes.com is a nonexistent domain... and probably REALISES that you're just trying to wind up the carnivore box ;-)

Encryption??

[attobyte]

Is there any voice encryption avaiable. Or does the FBI have a lock down on that. You would think that you could buy a phone that supports encryption but I don't see any.

I know PGP has something like it but is that the only thing.

atto

Re:What about ssh

[vs]

Way too inpractical, especially for a large number of recipients. I think we should stick with PGP and S/MIME (if they'd only be more widely supported...) and strong encryption.

Of course you will still be subject to traffic analysis et al., as others already pointed out.

Re:correct me if I'm wrong...

[Fluffy+the+Cat]

does username@ipnumber not work as an address?

Nope. In any case, several ISPs block all outgoing and incoming SMTP traffic at their routers in order to reduce spam.

Re:Snake-oil alert

[Fluffy+the+Cat]

Presumably it doesn't protect itself from me taking a photograph of the screen, though. What would be more useful would be if there was no way to directly tie it back to the sender, so the "It wasn't me - that's a forgery" argument could be used.

Of course, that means that I can't guarantee that the mail really comes from the apparant sender. I can't really see how you could have it both ways, though.

Re:Snake-oil alert

[rking]

Things like this just plain out don't work. Here's why: To be useful, the recipient must be able to read the message that you sent. Therefore, there is a copy on the recipient's computer. There is no way to force someone to delete information. I can copy and paste text, print out a copy, take a screen capture, or copy the message by hand.

That's right, and locks on the doors don't stop people stealing from your house. After all, it might be your wife who steals everything and she has a key. Oh... but maybe locks can help to keep out those people you haven't actually chosen to trust?

If you are sending messages that you would not want diseminated to people and the people you are sending them to are people who you do not trust then encryption software will not help you. If you are sending mesages that you only want certain people to read, presumably people who you trust, then it can help to prevent others from intercepting the messages.

Re:Maybe unencrypted mail was a good thing

[rking]

Does this new program mean that all the terrorists have to do is load the damn thing up and speak freely without worry of repercussion?

So if I understand you correctly, you're implying that at the moment terrorists for some reason don't use the excellent encryption that's already freely available to them? Could you explain the reasoning behind that?

ummm...

[titus-g]

the sender's computer, and the decoder key is destroyed.

Ok, I'm all for privacy, but that's really taking things a bit far...

(yes, I know)

Re:ummm...

[Unclaimed+Mysteries]

You have a problem with that? Just press "send" and run like hell.

Re:ummm...

[titus-g]

well with the way my CPU fan keeps packing up it's getting like that anyway...

Any excuse to get a new system :)

Re:Why we need Carnivore

[Unclaimed+Mysteries]

Every effective troll needs that certain attention to detail. I appreciate that. But troll or not, stunt-casting Richard Jewell here may not be your best move. I recall that his lawyers ripped the Atlanta Journal-Constitution Several New Ones a few years ago. You may want to review that case. Hope this helps.

Good for something?

[ElJefe]

So Carnivore may be good for something after all!

What you're saying is: Carnivore costs millions (billions?) of tax dollars, and is easily circumventable. How is that good for anything?

-Chris
elion@caltech.edu

Where's the difference?

[Twon]

Actually, though, how is this different (or less complicated) than, say, using PGP and an IRC client (with DCC) to effect the same sort of transfer?

For one thing it sounds a HUGE amount easier. I don't know about anyone else, but I think I'd rather take my chances on the Feds sniffing my mail than go through the kind of crap described here. This system basically does what GUIs do for OSes: make them available to and usuable by the masses.

Re:PGP was h4xx0r3d, so gov't *wants* us to use it

[Dwonis]

Because anything bigger than (I think) 3072 is stronger than the hashing...

Oh wait, that's the signature and passphrase.

I'll shut up now.
--------
"I already have all the latest software."

Re:PGP was h4xx0r3d, so gov't *wants* us to use it

[Dwonis]

Now I remember. PGP uses that really long public key to encrypt a symmetric key, and that symmetric key is only (I think) 128 bits. So I think a public key > 3072 bits is stronger than the 128-bit symmetric key.
--------
"I already have all the latest software."

Re:licq

[Dwonis]

I thought it was SSL.
--------
"I already have all the latest software."

Re:correct me if I'm wrong...

[Asgard]

I believe @[ipnumber] works though; you just have to surround it with square-brackets.

Re:Why we need Carnivore

[quonsar]

The Internet, E-Mail, FTP, and such are all vital components of the World Wide Web...

Uh, last time I looked, E-Mail, FTP and World Wide Web were components of the Internet. Internet is not a WWW protocol.

Bzzzzzzt! Oh well! But hey, we have some wonderful consolation prizes for you, and thanks for appearing on "Morons Who Explain Internet Security"! Lets bring out our next contestant Mary! [as we fade, we hear the voice of Don Pardo] Mary is a full time community service worker from the Porkwood Estates Mobile Home Park...

"I will gladly pay you today, sir, and eat up

Re:Why we need Carnivore

[Tom+Davies]

Why was it illegal to dress as Indians?

Re:Why PGP sucks.

[plague3106]

Well, i believe pgp will integrate itself into outlook and eudora. I've used it with outlook before...just click a button saying you want to encrypt it. The only difference is when you hit send, you must pick the key of the person you're sending to. Thats probably what average users still wouldn't understand. We need to educate them on this. Just as we don't use postcards for all our affairs inthe mail system, nor should we be using unencrypted email in the electronic system.

Re:Why we need Carnivore

[Gertz]

The need of the Government (take your pick on which one) to monitor the actions of some of it's citizen's actions is an important responsiblity.

However, it has been clearly documented in our history that people who engage in what is illegal today become our celebrated heros in years to come. Consider the Boston tea party.. our forefathers dressed up as indians and though tea into the Boston harbor. Hardly legal, but an action of civial disobendace.

Consider as well that under the United States Constution, the groups that you describe not only have the right to exist, but deserve protection. I may not agree with thier views, but I'll defend to my death their right to have them, just as I expect them to do the same regarding my views.
In regard to your idea to permit a "law-abiding government serviceman" peak at my messages, you totally give up your rights under the Consitution (Illegal search and sesure and implicitly the right to be 'left alone'). Do you also let the officer search your car because he wants to? If so, you've already failed the people who died to protect your freedoms.
Sleep tight - We'll be taking over the government soon.. you can still be a sheep :)

Snake Oil...?

[moibus]

My snake oil warning meter is fairly high on this one. Typically companies which claim "the most secure communication system there is" are full of hot air. Their site doesn't give any description of their cryptosystem that I can find, and there is this disturbing quote:

The bottom line is that there is no straightforward and concise answer to your question. We at AFTI have analyzed a number of encryption systems, and we believe SafeMessage to be more secure than any of the competition. But we can't provide a simple bit-count, for example, because our system encrypts the same data with several different ciphers and keys, some symmetric, some asymmetric from large fields, complicating the math of arriving at said bitcount.

This doesn't sound promising. The previous paragraphs leading up to this quote discuss the various bit strengths of well-known algorithms, so they appear to be trying to set themselves apart from well-known good crypto. Which usually means bad crypto.

The Snake Oil FAQ (http://www.interhack.ne t/people/cmcurtin/snake-oil-faq.html) has alot to say about this sort of thing.

The annoying thing is that the press pick these press releases up and write an article without any serious investigation of the claims made by the company.

A real browser

[Potatoswatter]

Quit dissing the MacOS... the only thing at fault here is IE. I'm using iCab and the word is broken up fine. I'd like to see how IE on Windows breaks this up... but unfortunately there are no good screenshot capture utilities for Windows. (OK, I'm talkin' out my ass, but nothing as good as Snapz, and nothing included with the OS.)

Fsck this hard drive! Although it probably won't work...
foo = bar/*myPtr;

Re:A real browser

[GigsVT]

I know this article is ancient, but I just want to point out that ever since at least Win 3.1, maybe earlier, you can just hit printscreen to copy a screen shot to the clipboard, in windows and in dos boxes.
-

Nice Sensationalism

[BMIComp]

Contarary to what law enforcement agencies would like you to believe, online terrorist activity is not all that big. Even if that trend does grow, carnivore will not prevent such activities since it is mostly used to provide evidence for cases, rather than spot possible criminal activity. Rather, the so-called Echelon is resposible for intercepting terrorist activity.

Also, your main argument is that "I don't have anything to hide, so why not let them read my mail". Even though you may not value your privacy, many other people do. People commonly send very confidential e-mails, via plain-text, and assume it is safe from interception.

Also, I believe most people wouldn't have so much of a problem if they were more open about Carnivore and its details. For example, if they open-sourced Carnivore and let people inspect it, people wouldn't have as much with a problem with it.

Yes, I agree with you. I'm also going to be installing a telescreen next week.

What about ssh

[PrimeEnd]

Can't I do something like

ssh -L 25:remote_host:25 remote_host

This forwards the local mail port to the mail port on the remote_host. There are several permissions issues of course. Probably the first 25 above should be a non-privileged port and your local mail agent would use that. I haven't actually tried this. I believe ssh destroys its session keys and generates new ones every hour or so. new on

Re:PGP over email isn't secure?

[MWright]

Good point. However, there's always steganography. They probably wouldn't mind seeing "I've attached some pictures of my vacation..." when in reality the lower 2 bits of the images contain the encrypted message (or any other steganography method... although I don't think they'd be thrilled with something like "I've decided to include 3 MB of text that resembles Shakespeare..."!)


-----

Re:My two cents

[David+Ham]

carlos the jackal. nice "true lies" reference... hehe. don't forget "the sand spider"...

--
you must amputate to email me

Pegasus isn't open source but.

[Redundant()]

It does allow you to code your own extensions. Try searching for wpmforms.zip, it contains all the programmers tools necessary to create windows extensions for Pegasus. Many of your correspondents are likely to have windows based machines. I have noticed that non technical people tend to value the convenience of only having to click a couple buttons to encrypt. Port your girl friends a copy of your favorite encryptor.

Law 'Enforcement' forces change!

[chargen]

Well, will wonders never bloody well cease. Of course it does make sense that we would only come up with such a system after we find out our privacy has been completely obliterated. Come on open-source alternative!!! -Pete www.petey.org

Re:PGP was h4xx0r3d, so gov't *wants* us to use it

[lunatik17]

So use GPG instead, it isn't susceptible to the PGP hack. And create a 4096-bit key if you're really paranoid.

Re:correct me if I'm wrong...

[lunatik17]

Because Joe Windows-user isn't going to be able to set up an MTA on his home box, even if there is one available for Windows... I dunno. Let them pay money for a program to do this. Ignorance is expensive.

Re:This is just useless..

[infinite8s]

Sounds goods. Maybe we can make it part of the Freenet Project.

The only thing is, to be truly secure against, say the Secret Service or the FBI, who can subpoena your harddrive and comb it with an electron microscope (if they are so inclined), wouldn't you have to remove the header information before it is ever written to your hd, such as straight off the wire. I don't much about the ip protocol and if its feasible, but maybe someone could make a secure ethernet driver that strips off the packet header before it is even sent to the remailer server and the packet data is saved to disk, even in cache.

PGP Learning Curve? (was Re:Power to the people)

[alizard]

The real problem with PGP for "ordinary" users as I see it is that the vendor seems to expect people to read all the documentation before using it.

As a result, I've had to walk just about everybody I've persuaded to use PGP through it, even the reasonably competent users.

The solution is my PGP Quick Start Guide. It's based on the v6.5.8 (ADK-fix) release, I'm in no particular hurry to do anything about getting V7. It's a step-by-step guide for the new user for using PGP, from telling them NOT to install the PGP-net VPN to creating key pairs, and especially use of the PGPtray icon.

It's only a few pages long, it presents a bare minimum (how but not why) of information required to communicate securely with PGP. Users can find out why from the manual later.

Re:Weapon War

[alizard]

Wrong. This is exactly the kind of standoff our Founding Fathers had in mind. To use an analogy, citizens have guns. The government has guns. Government gets sufficiently annoying and won't allow elections to replace it? It gets replaced anyway. Read the historical debates / discussion of the 2nd Amendment sometime. We of the US are NOT supposed to trust our government. We are supposed to watch it.

Government always tries to expand it's law enforcement powers into invasion of privacy. It'll reach out until the citizens stop them.

More Snake Oil Signs

[gfecyk]

SafeMessage FAQ

What level of encryption is used in SafeMessage?

Unfortunately, there is no straightforward answer to this question, because level doesn't mean anything in the encryption world.

Yeah, I'm going to trust this. We at AFTI have analyzed a number of encryption systems. [snip] The last SafeMessage mechanism, which is still more secure than even email encrypted with PGP, is the Stewarding mode. Anything that claims better security without letting us see the source code or telling us what encryption technologies they use is selling snake oil.

Freenet can help with this!

[Fuller212]

Howdy all!

This is where Freenet can help!
Already it has Newsgroups, private subspaces/etc.
It will also include Browser plugins soon.!

People are working on Mail integration!

Thnx

How is this different?

[kristau]

"Actually, though, how is this different (or less complicated) than, say, using PGP and an IRC client (with DCC) to effect the same sort of transfer?"

In the same way Gnutella and Napster are different than ftp and USENET. The knowledgeable have always been able to trade files, but these new smart-clients have lowered the common denomiator making file trading a lot easier for the neophyte.

later,
kristau

Re:[OT] open source self destructing data systems

[TheLaser]

Why not release source for the client to the public, but sign each binary with a public key such that all encrypted data will only be decrypted by the signed binaries?

Ummm... excuse me if I'm missing something, but what is to prevent someone from simply modifing the client so it dosen't bother to check it's own signature before it decrypts the message?

Re:Those who are clueless of history...

[fluxrad]

you'll have to pardon me. Being that i'm an international terrorist, i have many terrorist friends. It's hard to get them all straight sometimes.

now that you're done flaming me for some trivial and disasociated fact. shut the fuck up.


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

Re:My two cents

[fluxrad]

actually....carlos the jackal is^H^H was a real terrorist. as i remember, he was killed in turkey or italy...somewhere therabouts.


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

If you think this is a good idea...

[Chagrin]

...you'd code a spec and update a Jabber client that follows the spec for encrypted, instant messaging. Jabber is fully designed for this type of activity; peer-to-peer or through the server (we don't need anyone creating specs for commercial reasons for protocols that should be open, anyway. Thank goodness for OpenNap.).

Re:Snake-oil alert

[PingXao]

Auto shredding sounds bogus. It can be turned defeated at will. Print Screen key. Protected from printing, yeah, right.

Re:Perhaps I'm being dim, but...

[PingXao]

Everything is encoded with the key: "metalica"

Re:Why PGP sucks.

[PingXao]

This is a really good question. NAI should deliver a complete email/newsreader client for Winbloze machines. Stand-alone like Eudora or similar package. But with PGP built-in. Let the keys settings be under the "Settings" or "Options" menu. The stand-alone PGPKeys or whatever thay have now is NOT intuitive to a lot of people. I have wanted to correspond with several people and use PGP to do it but they just couldn't hack it on their end even after I set it up for them and demonstrated it wasn't that hard. Now that RSA patent has expired you would think we would see a bunch of this type of applications. But PGP has offered non-RSA encryption for years now and nothing has appeared so the RSA patent wouldn't seem to be the stumbling block here.

Re:the word

[davincile0]

is in fact effect.

To affect the transfer would be to influence it, whereas the author correctly uses "effect the transfer" to mean "actualize," or "cause to occur."

How safe is PGP?

[Cofactor]

Most of he comments I have read critisize this new program as if it will be replacing PGP.

I have noticed that the program details are not addressed. From what I have read, SafeMessage is not as safe as PGP.

Security has many factors. The online transit rout is only a small component. An adequatly encrypted message will protect the contents from the risks of traditional transit as long as the authenticity of the Public Keys have been verrified. The second and probably more important component is that related to the security of the sending and of the receiving clients. These are mentioned in the PGP and RSA manuals. Not only the adequate passphrase is important, but also the physical security of the computer; furthermore, keyloggers and spying software are an emerging problem. Another thing related to the client is the PGP program itself especially with the recently discovered bug!
PGPnet can be used to have a secure connection to an other IP address.

SafeMessage is not as safe as PGP if it is safe at all, but PGP also has its weakness points.

Until the details of the program are well known SafeMessage may be easier to use for some people.

Re: Banking by Email

[Hairy1]

My current Open Source project is working on a few Interesting things. I intend to provide a EMail Client which handles business documents such as invoices, orders and so on.

DevCentre.Org

It will handle normal email as well, but the primary importance of the client will be that it automatically handles key exchange through key servers. Just send a message to someone and the client will look up the key servers to check if they have a public key. This means a no mess way of secure comms.

The point is that I'm not going to push encryption for encryptions sake. The idea is to push a client that can send and receive standard business documents. The client will have the ability to plug in accounting system drivers to import and export to your favorite accounting system.

The idea is to get people using the software because of the ability to send and receive business documents, not because the client encrypts/decrypts.

Re:Perhaps I'm being dim, but...

[\\x/hite+\\/ampire]

Wow... it's nice to read a post from someone who actually knows what they're talking about. If I had some moderator points I'd bump you up.

Unfortunately there's a large flaw in that reasoning - a key does in fact need to be exchanged. &nbsp Each user's "r". Hence the name "Diffie Hellman Key Exchange Algorithm."

Time to hit those cryptography books again. ;-)

Re:Perhaps I'm being dim, but...

[\\x/hite+\\/ampire]

Each user's "r".

Whoops... meant "y" there. Time to get a new spell-checker. %-)

Re:PGP over email isn't secure?

[\\x/hite+\\/ampire]

Even better, throw your message through a compression algorithm, like zip or gzip then hit it with PGP. It makes confirming whether or not a message has been "decoded" all that much harder.

Re:Maybe unencrypted mail was a good thing

[dstone]

... especially if those messages contain information about terrorist or other criminal activities (which, I imagine, is what the FBI would be looking for with Carnivore).

That's a vivid imagination you've got there.

Peer-to-Peer?

[schwap]

You mean FTP, right?

Re:Peer-to-Peer?

[Dr.+Awktagon]

I guess it's more like when my Sendmail connects to your Sendmail and exchanges a PGP-encrypted message. Except that process doesn't have a fresh and hip trademark next to it. How about SendSecureMailPGP(tm). Or maybe SekretSenderPro2000(tm). Maybe KANT-C-IT(tm). Or maybe FuqDaManPlus(tm). Hmm. Better call the VCs. And the patent office.

Re:Peer-to-Peer?

[Dr.+Awktagon]

Using a peer-to-peer setup would make e-mail more secure since Carnivore intercepts mail on the ISPs mail server, and this eliminates that middleman.

Well, except all the traffic goes through your ISP anyway.. the P2P setup is just buzzword compliance. It's the encryption that's important.

Re:Peer-to-Peer?

[BMIComp]

No, not necessarily.

What they mean is, usually e-mail is sent through a client-server relationship. First, your e-mail client connects to your ISP's mail server which then sends the mail to the reciever's ISP mail server, which the recepient then reads with his/her e-mail client.

In a server-client situation, the client always initiates the server to the connection. With a peer-to-peer relationship, either one can initiate the connection.

Using a peer-to-peer setup would make e-mail more secure since Carnivore intercepts mail on the ISPs mail server, and this eliminates that middleman.

Re:Why this is different from PGP/GPG

[bartjsmit]

The big difference with PGP and any other system that relies on SMTP is the possibility of mail relays between the sender and the recipient.

In the UK when a law enforcement agency has acquired an encrypted message they can force the key to be handed over.

If the message is deleted after having been sent and the recipient deletes it after reading it, then there is no risk that there are copies for the authorities to find.

Remember Col. Oliver North USMC?

Re:PGP over email isn't secure?

[BalkanBoy]

Good enuff until they start making 32 bit quantum computers ;-).. then all the PGP's in the world are gone down in flames. OK, that was just wishful thinking .. for now :).

--

Re:Maybe unencrypted mail was a good thing

[carbon3C]

If you buy into the hype and rhetoric that the government only has the best interests of its citizens in mind, then I can see why you feel that way. Read your history. And if you think humans are more enlightened-evolved-modern-whatever in the year 2000 than in the past, what evidence do you have to support such delusions?

broad appeal

[Megahurts]

>Actually, though, how is this >different (or less complicated) than, >say, using PGP and an IRC client (with >DCC) to effect the same sort of transfer?

The same could be said for Napster, ICQ, or many other similar widespread information sharing systems, and I've often found myself wondering the exact same thing.

My best guess is that a lot of people simply don't understand the usage of IRC and never applied that paradigm to uses other than the most obvious. All they see and understand is chatting, if the depth of their knowledge extends even that deep. So with a program bluntly aimed at one possible aspect of another system, a wider audience can make use of the technology (and whoever writes the app can stand to make a pretty profit)

---

Re:PGP over email isn't secure?

[plastik55]

Thanks for breaking my browser with your arbitrarily-long unbroken word. Now I have to set my theshold to 4 to get the page to fit on my 21" monitor again. Jerk.

Re:PGP over email isn't secure?

[plastik55]

Screenshot.

So shut up.

Why PGP sucks.

[cosmosis]

I have only one question regarding PGP, Why oh why haven't they integrated this into a common easy to use email client - like Eudora, Netscape Communicator, or Mozilla? Whyt not an integrated encryprion scheme put into every email client sold on the shelves? A product so easy to use that everyone including computer illeterate grandma can start using 4096 bit encrpytion? A program so easy that the average joe simply uses it as he has always done, without necessarily understanding how or why it works the way it does?

Why oh why must PGP remain in the shadows for only the nerdiest of the nerd or the most paranoid of the paranoid? Why oh why can't someone finally integrate strong encrpytion into everyday products?

Re:Why PGP sucks.

[rking]

One problem is that since most people don't already use encryption, they won't be able to read encrypted emails and actually going out of your way to swap keys will carry the "paranoid nerd" label.

If people could just select "secure emails" when installing and never really see the process after that then they'd use it, but it would have to transparently send non-encrypted emails to people without encryption.

One approach would be to have some flag set in the header of each email to show that you had a security capable emailer, so that after the first email received from you the two email programs could silently exchange public keys and from then on any email sent between you would be automatically encrypted.

In principle the keys would be susceptible to interception and replacement but it could get encryption into normal use. Also, any widespread effort to intercept and replace keys like this, or for that matter small scale use against catious/paranoid individuals would be bound to get noticed sooner or later so it should at lesat be more secure than what we have now.

Why We Need Idiots -- Do We?

[resistant]

And personally, I'd rather have one law-abiding government serviceman peek upon my E-Mails than be let loose in an uncharted sea of dangerous collusion and corruption in order that a few devoted computer users may talk privately about their emotionally devoid lives.

Speaking of emotionally devoid lives, you sound almost anxious for someone, anyone, to read your "E-Mails". If they're anything like the disingenuous tripe you've been posting, then I can see these "government servicemen" laughing their asses off, and tricking newbies at the office into volunteering to "peek upon your E-Mails" before they realise they've been had.

How much are you being paid for these ridiculous trolls? Does your old English teacher from the sixth grade know what you're doing with her beloved language? Have you even left the sixth grade?

Nuts, I think I'm picking on an otherwise bright sixth-grader. I'd feel like a mean-spirited bully, were it not for the bigoted content of this kid's other postings on Slashdot. I normally detest political correctness and anything closely associated with it, but this kid really is a prime candidate for remedial cross-cultural education.

Re:PGP over email isn't secure?

[ThymePuns]

3 letter protocol? Like... FBI?

Re:Perhaps I'm being dim, but...

[Kierthos]

Exactly what I was wondering. If the receiver just "happens" to have the decoder key, that's all well and good... but how does he or she get it? If you send it on the same PTP connection, then it theoretically (or not just theory, depending on who you ask) intercept it and decode these secure transmissions. If you send it by e-mail, snail mail, etc. it can also be intercepted.

So what is the receiver supposed to do... guess?

Storing all of your friends (or clients, branches or whatever for corporations) could get complicated and/or take up too much space, depending on how big your circle of friends is, and what kind of encryption we're talking about.

Anyone have any answers? (Germane answers preferred.)

Kierthos

Re:Snake-oil alert

[Kierthos]

You forgot that they also have to defeat cut-and-paste, saving the information to disk, spoofing a clock, etc.

Kierthos

Perhaps I'm being dim, but...

[msnomer]

How does the recipient decrypt the message without the decoder key?

--meredith

Re:Perhaps I'm being dim, but...

[PiterPan]

I'd say they use public/private key pair, just like PGP does. You encode a message with public key and decode it with private key. So the server should populate one's public key to whomever wants to send a message to that guy. It can even be built around PGP....

But it's just my guess....



--

Re:Perhaps I'm being dim, but...

[Steve+Mitchell]

There is a really really cool algorithm called Diffie-Hellman that allows one to create a temporary key between two people one of thin air which both can encrypt and decrypt a message with and then throw away.

Each person agrees on a large prime number, p, and a base number g less than p-1. This could be hard coded into the software or generated when the user installs their software.

Lets use p=7 and g=3

Now lets say person A and person B wish to send a secret message using a temporary key. Both use p=7, g=3. First both generate a random number that's less than p-1 called r.

Person A uses r=2
Person B uses r=6

The users then compute y = g^r mod p.

Person A computes y = 3^2 mod 7 = 2
Person B computes y = 3^6 mod 7 = 1

Then each user transmits y to the other person. Next each person computes x = y^r mod p and uses x as their secret key.

Person A computes x = 1^2 mod 7 = 1
Person B computes x = 2^6 mod 7 = 1

See, both x's are equal to each other and the only thing the outside world saw was 2 and 1 exchanged between each user. As long as the outsider doesn't aquire each user's random number r (which the user throws away once a key is generated.) they cannot find that agreed key, x, without brute force trying every r. Of course p needs to be huge for this to work. BTW, look up modulo arithmetic to compute a^b mod c without calculating the huge a^b.

That's how a peer-to-peer network can send encryptions between two users without the middle person knowing or storing any public keys between the users. The only hitch is preventing man-in-the-middle attacks but that's another story.

Re:Perhaps I'm being dim, but...

[icqqm]

Because this is proprietary software. Anything that is controlled by proprietary software is "obviously" secure.

Re:the word

[Gay+Mr.+T]

That's right, foo! Learn yo' English! Stay in School!
---

Re:This sounds incredibly dumb.

[Gay+Mr.+T]

Fool! You sound incredibly dumb! Stay in school!
---

Re:Maybe unencrypted mail was a good thing

[Bystander]

I hope you are very secure in your belief that government will only be acting in the best interests of the people when practicing their surveillance of everyone's online communication. Or that every individual employed by the government will be above reproach in the performance of his or her duties. History has unfortunately shown that such absolute trust in higher authorities invariably leads to abuses of that trust.

When you weaken the rights of one select group, you can unintentionally open the door for weakening the rights of everyone. The "criminals and terrorists" of tomorrow might include more people than you've bargained for. Anyone demonstrating against government policies or practicing civil disobedience to right an injustice could be seen as engaging in activities detrimental to maintaining an orderly society. Freedom is not free, and it cannot be preserved without accepting some of its risks.

2 questions and one answer

[vla1den]

If the recipient is not online, the sender must send the message to AbsoluteFuture's server
Is it what they call peer to peer connection?

I did not find anything about open source of encryption algorithm. Why this supposed to be better than PGP?

FBI's Carnivore program, which is installed at ISPs and scans massive amounts of email to track messages sent by people under investigation. AbsoluteFuture's SafeMessage system would potentially allow people to operate below this radar screen.

Potentially... If Carnivore would not read it, then OK. If they would read it then we would call it unrealized potentials...

Re:Let me try to correct..

You need to put the IP number in square brackets []. Then it becomes an 'IP literal' as per RFC 822.

Snake-oil alert

[bjk4]

Things like this just plain out don't work. Here's why: To be useful, the recipient must be able to read the message that you sent. Therefore, there is a copy on the recipient's computer. There is no way to force someone to delete information. I can copy and paste text, print out a copy, take a screen capture, or copy the message by hand.

Ifyou think this scheme will work, I have an island in the bahama's I'd like to sell to you *cheap*.

-B

Re:Snake-oil alert

[jovlinger]

Since you're sending mail to the recipient, and you need it encrypted, you must trust them somewhat. At least their intentions. But perhaps not their technical skill; they don't understand swap files, that sort of thing.

So you send them email in a format that makes it maliciously hard to let compromising information leak into the insecure enviroment (after all, the person could just blab, but you presumably trust them enough not to do that). So this doesn't decryt to file, it decrypts to screen. Likewise, the timeout features can be circumvented, but only be a malicious recipient. I actually can't think of a scenario where that would be necessary. Perhaps the person you are corresponding with will be exchanged with a new person, and you don't want them reading your past exchanges?

Anyways, if what you are concerned with is deniablity, you need to not sign any messages. That is the only protection availible in the ever-forgable digital world. Perhaps that is what the company means by auto-shredding. Their server will no longer verify the sender of a message after it has timed out. That could be useful.

Johan

Re:Snake-oil alert

[Bystander]

If you look at the company's site for the SafeMessage product, www.safemessage.com , you will see that messages are designed to be auto-shredding and deleting with a sender-set expiration time. In addition, the messages can be protected from copying and printing as required. It appears to be designed to make useful interception of messages difficult at each stage in the process, including protection of the message contents after delivery. This makes it more than just a form of encrypted e-mail.

Re:This is just useless..

[Ian+Bicking]

Of course, the best way to assure your protection is to run a public remailer yourself--that way you can be sure that at least one remailer in your chain will forward no previous headers and keep no logs. Then, you have absolute deniability even if traffic analysis hints at your involvement with the message in question

That wouldn't quite work, would it? Part of the security of remailers is wide use, since it's possible to detect that a particular computer communicated from the remailer, and it's not really possible to hide the remailer itself from the recipient. So, if you had your own remailer and few others used it (as would probably be the case unless you invested a lot of effort into advertising it), it would be a good guess that anything coming from the remailer is essentially coming from you.

While delays and other chaft could be used to partially obscure the activities of the remailer, it wouldn't be much more secure than normal mail, in terms of being trackable.
--

Re:PGP over email isn't secure?

[CaseyB]

What the heck are you talking about? The longest "word" is 65 characters. What are you using, a cellphone?

Re:PGP over email isn't secure?

[CaseyB]

Start at Yahoo's privacy directory I guess.

Zero Knowledge has a commercial product called Freedom that provides several different anonymized internet services.

Re:PGP over email isn't secure?

[CaseyB]

Notice the spaces in the middle of that text you so carefully captured? It's your lameass Mac+Microsoft browser that's butchering the content. Look at the source of the page. There are carriage returns after every 65 chars in that block. Browsers should break on all whitespace to fit content to the page.

Here's a nickle. Go buy yourself a real OS and browser.

Re:PGP over email isn't secure?

[Ed+Avis]

You should be able to send 'dummy' encrypted messages to people. In other words the string 'DUMMY' followed by some random-length amount of random data, encrypted with the recipient's public key. Of course the recipient's MUA would be configured to silently discard all such messages. And somebody looking at the encrypted message en route could not tell whether it was a dummy or not.

If you set up your mailreader to harvest addresses and public keys off the net and send a few dummy messages each day, it would be harder to find out which people you are sending real messages to. You could even send a dummy message several times a day to one particular address, like the police. Then if you really needed to contact the police, you could do so without eavesdroppers becoming suspicious.

This isn't spam because it doesn't waste any of the recipient's time - only a small amount of bandwidth. If anything it increases the recipient's security because anyone trying to brute-force their mail or monitor who they are getting messages from will have to wade through all the dummies.

Re:Hushmail had this a long time ago.

[Ed+Avis]

It would be better if the Java source were downloaded to your browser and then compiled locally. Your browser could check that the source really is unchanged from the 'source code' posted on Hushmail's site (which you keep locally). (In fact, when Java first came out I assumed that applets would be human-readable, like HTML and pretty much everything else on the Web.)

Or you could check the binary class files - 'only run this applet if the class file matches file X' - but who is going to decompile the Java bytecode and check it does what it claims to do?

Re:This sounds incredibly dumb.

[Detritus]

Try reading the article again. The message is only sent to the mail server if the recipient is not on-line. If the recipient is on-line, the message is delivered directly to the recipient.

Re:Why this is different from PGP/GPG

[Azog]

Technical nipicks:

Actually, PGP and GPG use a different symmetric key for each message as well. But they use the same private key every time to encrypt the symmetric key. There's two different systems being used...

So if the bad guys crack BlowFish / 3DES / TwoFish, (the symmetric algorithm) they only have the one message. But if they crack RSA / ElGamel, (the public/private algorithm) then they have your private key and can read all messages sent to you.

You are right about the self-destruct feature though. There's no way that can be made to work in a totally secure way - the message recipient can always do whatever insecure thing they want with it - like printing it and sticking it in a filing cabinet.

Torrey Hoffman (Azog)

Not new, but at least highlights carnivore probs.

[Cire+LePueh]

Ok as many have pointed out, this is not anything terribly unique or new, just a new twist on old ideas. PGP + IRC&DCC etc, etc works just as well... but one thing to think about...

At least with this software/service coming out and getting some press on a more mainstream site (which might also get picked up by print) it helps illustrate some of the problems with the entire carnivore deal to a wider population. Now even more people will realize that services exist to bypass carnivore, so what REAL use is it for the FBI to bother with it's deployment anyway. Ok so they wont fully understand that there have been good, usable ways of bypassing prying eyes (whoever's) for a long time. For that I am glad CNET and this company did the article.

Re:snake oil?

[SEWilco]

20b9 71cf 257b d629 e8fc 4714 2784 b534 116d bf82 fe0f 3527 4430 8b07 c88a 9fc9 9e44 01fa fadc d18c ee99 b60c 6d8f c7f3 6dcf 8796 2195 9101 7d28 7d21 e19b d76e b965 2cf6 caa6

Look, Ma, I threw away the key!

Of course, everyone in England who has this message in their browser cache when they're searched is required to provide the decryption key.

Re:Hushmail had this a long time ago.

[Billy+Donahue]

Hushmail can only send encrypted email to other Hushmail users (and NO Hushmail users are on Macs, because it doesn't WORK on a Mac). I'd much rather use Lokmail which does PGP over SSL. They're two different approaches, and I prefer the interoperability with PGP users ..

Of course, PGP (GnuPG) is the best, but if you can't use it for some reason, I think Lokmail is the next best thing.

Bruce Schneier gave a pretty lukewarm review of Hushmail, by the way... there's no telling where that applet came from.

yes, good for circumventing! :)

[timothy]

What I meant is that the attention that Carnivore has focused on online privacy and surveillance are important, that's all -- so more people will think about and use encryption, and object to "trust us, we're from the government" type arguments.

That's all. I'm not saying it was good to waste taxpayer money on such a boondoggle, and the "good for something" is a little bit like saying WWI was good because we got Aspirin out of it.

timothy

In 5 years...

[BrK]

...As technology advances and we use e-mail as our primary means of communication, the easiest way to defeat Carni-whore will be to use the telephone :)

5 years after that the new recruits at the FBI will think Morse Code is some alien communications protocol...

Re:PGP over email isn't secure?

[kaphka]

That's what nymservers are for.

Hmmm... I wanted to include a link to some nymserver information, but I can't find any more recent than 1998. Don't nymservers still exist?

Re:Let me try to correct..

[dodobh]

Your example is perfectly correct. The format when using IP addresses is not @10.20.30.40 but @[10.20.30.40].
Note the square brackets. This bypasses the DNS lookup, according to some RFC. I can't recall the number right now, but this has been reported to work on LIH ( http://lists.linux-india.org ). you could ckeck out the archives, if they have been restored by now.

Re:Hushmail had this a long time ago.

[gad_zuki!]

Pegasus mail does this too, or at least something very, very similiar.

From their page on encryption:

Encryptor and security-related plugins for Pegasus Mail.

This page lists locations for add-ons you can use to add encryption capabilities to, or enhance the security of Pegasus Mail for Windows.

QDPGP Developed by Gerard Thomas, this is the premier 32-bit encryption plugin for Pegasus Mail, and the only one currently officially certified by the developer of Pegasus Mail itself. With support for all major versions of PGP and for a variety of other encryption and security concepts, QDPGP offers the most complete and well-integrated encryption component available for Pegasus Mail. Requires any 32-bit version of Pegasus Mail v3.0 or later.

PGP-JN Developed by John Navas, this module provides support for PGP v2.6 for the 16-bit version of Pegasus Mail.

PMPGP Created by Michael in der Wiesche, PMPGP provides an alternative to QDPGP for 32-bit versions of Pegasus Mail, with excellent support for the full gamut of PGP functions, and an optional interface and documentation in German.

Re:correct me if I'm wrong...

[matman]

i accept the correction. I just checked it, and you're right, it wont do @ipnumber. However, the rest of my arguement that running pgp should make others seeing the message largely irrelevant. that's the point of it.

correct me if I'm wrong...

[matman]

but cant anyone just run an smtp server? does username@ipnumber not work as an address? I figured that it does, as it would only look at mx records if its user@hostname.

That sounds pretty peer to peer to me. Besides, as long as it's done using pgp, or gpg, or 3des (altho then you'd lose the public key advantage of signing), or whatever, it's unlikely that anyone is going to be able to decode it without the key. I wouldnt be too worried about sending an encoded message via normal smtp channels. If it's routed thru the internet, something listenin to packets in the right place will see it. Sending it thru ftp or some proprietary system just sounds like obscurity.

Re:correct me if I'm wrong...

[icqqm]

But they'll setup this server instead. Would it really be that hard to setup a competing program that's just a mail server?

snake oil?

[Alban]

This is not meant as flame bait.

This system can't work. It protects the contents of your message, but it doesn't hide the fact that a communication between you and another party took place.

In other words, it doesn't protect privacy.

Most of the time, the important thing to know is that a communication took place, even if you don't know the contents. If you suspect someone of illegal activity (or simply want access to someone's confidential information) and that person sends a mail with SafeMessage, you can know where that message was sent (the protocol is probably easily identifiable) thanks to the peer to peer connection. So the next thing to do is to either break in the recepient's computer or use much more sophisticated equipement so spy on the recipient (you know where he lives, so you're all set if you're a governement agency).

The government is probably going to laugh at that one.

I'm really not impressed.

Plus why are they insisting on the peer to peer thing? All traffic will still go through an ISP.

Re:snake oil?

[Greyfox]

Yah, as I've said, you need to use anonymous remailers to obscure WHO the mail was sent to for a truly private message.

And ideally your guy on the remote end won't save your message -- just decrypt it in memory, read, it and flush it.

Yeah, and...

[Greyfox]

The FBI would still know who you were communicating with, if not once. Bouncing your mail through an an anonymous remailer chain (Still encrypted to the recipient's key with PGP, too) would prevent even that.

Secure mail and Carnivore

[Greyfox]

The average citizen is starting to realize that using encryption for mail is a good idea. I'd rather like my bank to be able to correspond with me via PGP encrypted mail, too, but that's not going to happen anytime soon.

Of course, between PGP and anonymous remailers, you've had the ability to obscure your mail transactions for years now. If you don't want them to even know who you're sending mail to, blast a message through a chain of remailers, and always encrypt your mail to the recipient's key as well. Not that Joe Average Citizen would go to the effort to do this, even if his mailer incorporated support for all that.

I've been using the VM mailer with mailcrypt lately, and it does incorporate support for all that. I hope that Evolution does, too.

Re:This is just useless..

[MWright]

If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on,"...

That problem can easily be solved. Just start each message with a certain keyprase, or, even better, a pseudorandom number. Both people would share the seed, and, after that, the message would start with something like <distance from seed><number> (Distance from seed is how many numbers must be generated before this one.) Any message where the distance from the seed is the same as from a previous message from that sender will be rejected.

This makes it so that if one message is cracked, the person in the middle still couldn't pretend to be one of the people cummunicating. It would also be impossible to brute-force without first seeing a few million emails. Also, the seed would be easy for someone to remember.


-----

Re:This sounds incredibly dumb.

[Crixus]

I don't need to read anything again. There is a chance their server will have to store the message.

Further, and as everyone knows, the message will STILL have to go through a dozen routers between peer 1 and peer 2, so their whole damn plan falls to the ground.

I stand by my statement. This scheme is stupid.

Rich...

This sounds incredibly dumb.

[Crixus]

Ummm, the email is still going through THEIR server, so what is to keep the FBI from getting a court-order to put Carnivore on this company's (AbsoluteFuture.com) server?

Someone please explain to me how this is any different or any better than the Public-Key systems they I'm using right now?

Does it matter how many servers the encrypted message goes through when you're using military grade encryption like GPG employs? I think not.

Do we even KNOW what ciphers this company is going to use? And since they'll probably close the source code can we be sure it's secure? No, probably not.

This silly idea sounds like they're going after people who don't actually use encryption now and will be impressed with the SOUND of this idea. When in reality they'd be better off running GPG or PGP.

Rich...

Impossible

[Trinition]

I think X said it best in #50 -- this is secure, direct instant messaging but the information still goes through many routers on its way to its destination, so comeone could still capture it.

If you really want true secure communication methods, you can:

1. Distribute bits of your communication through IM, e-mail, FTP, HTTP, snail mail, sky-writing, etc.
2. Use quantum entanglement
3. Work for the FBI
4. Make up your own language
5. Use telepathy with those you wish to contact
6. Refuse to communicate, thus, nothing will be intercepted
7. Communicate only with the voices in your head
8. #8 was an example of secure communications
9. See CueCat Encryption

Re:PGP over email isn't secure?

[icqqm]

The problem (according to them) isn't with the content not being secure, but with the server logs showing that an email took place. Apparently that in itself is reason enough for people to use proprietary software.

Re:Power to the people

[icqqm]

I'm sure you understand the irony of your statement. How the software reportedly works is that you need the software to decrypt the message, and the sender (read: not you) has the power to destroy the message after a certain time. So I'm sure the program has also disabled cut & paste. Does anyone else see the similarity with this and the Content Scrambling System used on DVDs? It's about making sure people use proprietary software so that the software can then control the content.

Lovely

[PingXao]

While nice, this is not revolutionary. The other machine which you communicate needs to be on and you need to know the IP address. Traditional email uses a store-and-forward technique where the receiver machine doesn't need to be on and connected. Netcat with encryption (see CryptCat which is currently linked by /. from the SecurityFocus sidebar) will do the same thing. As will any number of other techniques. This is elementary and isn't even a blip on the screen unless you're clueless. Not that there aren't a lot of people who are in that category and see this as a new "threat".

Let me try to correct..

[Tairan]

"but cant anyone just run an smtp server? does username@ipnumber not work as an address? I figured that it does, as it would only look at mx records if its user@hostname. "

Lets try the first one:
Yes, anyone can run an SMTP server. Many ISPs do block the outgoing traffic though. If you are fortunate enough to have one that does not, then your SMTP host will send mail, but not receive it. You can convince your SMTP server to pretend to be whatever host you want it to be. You too can send mail and pretend to be CmdrTaco@slashdot.org! You will not be able to receive mail though.

The format username@hostname.domain.tld is the only form that works. When you send mail, the SMTP server is going to use DNS to resolve the name. A request will be send to hostname.domain.tld asking for the mail server's IP address. Then, the mail will be sent on its way to that IP, the mail server. If you put in an IP address such as 10.20.30.40, then your mail server is going to try and look for the tld 40, domain 30, subdomain 20, host 10.

Do I have this correct? Did I leave anything out? Someone correct me if I am wrong!

Less Complicated? *UPDATED*

[Th3+D0t]

Oops, I just realized that while "dot-coms" are intended to make money, they do not. Thus this is probably really stupid and completely worthless. Go back to IRC.
---

Re:Finally!

[Th3+D0t]

Woah.. AOL 7 is out? Where's my CD?!
---

Re:I love anything that thwarts the governments po

[carbon3C]

Good point. It's very rare to see a government like that of Switzerland that actually encourages its people to use encryption, especially businesses. If only our (USA) government cared about its citizens as much...

Why we need Carnivore

[Emerson+Willowick]

Sadly, Carnivore is but the one way the FBI and government can fight the horrors of underground radicalism and rebellion that circulate vastly through the World Wide Web. Any large country intent on maintaining order and safety for its citizens will have to rely on surveilance means in order to have accurate information for protection. In order that American safety is not compromised by vast underground efforts such as those advocated by the radicalist handbook known as the Anarchist's Cookbook and others, Internet sites, and the World Wide Web as a whole, must be monitored.

The correspondance between peers, while always valued, has never been 100% private. Aside from the eyes of God, carrier services such as the Postal Service and the Pony Express have always engaged in careful monitoring of their mail in order to spot potential threats to the nations security. As a rational, intelligent, law abiding citizen, I see no reason why I should find myself at risk. For those of you here who would like to refer to yourself as anarchists, I do not really think you understand what is going on. If you choose to portray yourself in an image designed to attract attention and nothing more, you must come to terms with the negative ramifications of doing so. Authorities need information to enforce the laws properly, and if you choose to stand in their way for the sake of image, I fail to sympathize with your plight.

And if you say that there is no need for survelience, take a look around yourself. The whole piracy and "warez" movement started by Napster is fast becoming a dangerous counterculture that violates the American dream of capitalism and the important Protestant Work Ethic ideal noted by Charles Beard. Militant anarchist groups promoting terrorism are spreading like wildfire through the many data centers of the World Wide Web. How do you think people like Timothy McVeigh and Richard Jewell and Eric Rudolph gathered information and conspired the plans for their attacks? Violent hatred groups such as the Black Panthers are promoting their immoral bigot messages through online propaganda. Even the very economic and social sanctity of our country is being threatened by the powerful new Jew conspiracy that has extended its control of the media to our digital network world. Do you really think these groups are harmless and deserve to be protected?

Sadly, Slashdot is gravely mistaken on its stance on online monitoring. The Internet, E-Mail, FTP, and such are all vital components of the World Wide Web that are in danger of succumbing to underground anarchist terrorism. And personally, I'd rather have one law-abiding government serviceman peek upon my E-Mails than be let loose in an uncharted sea of dangerous collusion and corruption in order that a few devoted computer users may talk privately about their emotionally devoid lives.

Carnivore

[faldore]

Just don't get caught with a link to SafeMessage on your web page, or the FBI will sue you for circumventing their copyright protection.

Weapon War

[MWoody]

As most of us already know, countries at war tend to engage in a weapon-countermeasure-countercountermeasure-etc. exchange. One builds a tank, the other builds anti-tank guns, hence the anti-missile tank, and then the anti-armor missile.

What's interesting is that we now have an example of such a stand-off inside our own country, between its citizens and the government! Government monitors e-mail, citizens encrypt e-mail, etc... Not a good sign for the continuing solidity of our nation, I do believe.
---

Re:Maybe unencrypted mail was a good thing

[duke_trinity]

I go to a College where "freedom of speech" and "freedom of association" have very limited meanings. We are marked by the administration as being either "good" or "bad" and, based on this judgement, we are either supported in life after college or we're screwed (by them). I know quite well that trust in higher ups with virtually unlimited power can be misplaced but I also understand that sometimes there are dangers associated with technologies developed without keeping that kind of thing in mind (e.g., nuclear weapons). This, however, is not an argument against technology... it is an argument for the proper use of technology by those who use it.

If the FBI is going to do its job, they need to be able to use wire taps and collect evidence. Encrypting email with techniques they can't crack prevents them from doing their job... which is fine. However we can be more certain that the people we have put in power are more likely to use their power for good than we can be certain of the people who take control by force. The good thing here is that now, if they want to continue invading our privacy, they will have to innovate and invest in the development of new technology to do so.

Innovation is a good thing. Privacy is a good thing. But we need leaders we can trust to use our innovations properly and respect our privacy.

If you think that's redundant then I give up.
-Duke

Re:PGP over email isn't secure?

[CaseyB]

To: sales@gaspowereddildoes.com
From: djtalon@subxxdimension.c

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hIkDPRWysueuweUBA+YhW2K6n2PPnFOcZulHzNNdeJ8OxHX5Aq 3mbRKBlnogMjkD dr8wzb6yNk0QWxKyUSQUaoluaUKex/oEdXxXBCWLIXuKUebk/0 DEL4oMYwPsjekD edm/u8qrJ3CzWDePC4D5EOZ9COkog/02/l6abgt7XNPpJvmyAX +bnwzqVKYAAAC9 IlZteUKkvLyB+PaSu7HbN5VUvJ2VBMPwg7xePKtaKIHjtZyMG6 YNg/8qA7LbO4CE D9TwYiWdMTLovGVY2WleWBupeBMiAxtIqQT8IdwGSzzM8w8XWD nRfCVC2S3g9FRP cXm6WHriqbzq5NOHL8Q2dSWNFBp0ZHs1M/AAwtgnABMgMQXlTd do23q3Z+wg5xes N/rFoHp3g4EGbS9mz42cTOeQXGljMG2E1NAdDp3mUqRZLmfkko F2lMKbBFGW =2NpQ
-----END PGP MESSAGE-----

Would you be content an ISP employee viewing this perfectly well encrypted message as it passes through their servers?

PGP Webmail

[Billy+Donahue]

Lokmail.net has a free webmail service which is PGP enabled. I don't know about y'all, but I like interoperability in my Carnivore busting..

Anyway, since when is Carnivore busting such a big deal? I would suggest to anyone who can't use PGP directly for whatever reason to get a Lokmail account.

licq

[Lord+Ender]

Licq has done RSA encryption when talking to other Licq clients for a while now. Which is one reason why it is WAY better than AOL's ICQ client. Licq has had this long before this new company, since ICQ communication is peer-to-peer (unless you send offline messages).

Power to the people

[AlephNot]

If nothing else, this will give Joe Ordinary a way to use a tool that's becoming incresingly necessary in a world incresingly dominated by groups like the MPAA. I've used PGP, and the learning curve is a bit too steep for many of the people who truly need it. To have an important tool is one thing; to make it readily usable by the masses is quite another, and I believe encrytion tools have suffered from this for far too long. After long last, widespread encryption is becoming more of a reality.

Hushmail had this a long time ago.

[Azog]

Hushmail has had secure, encrypted email for a long time now. It uses a Java applet to do the encryption in your browser, without having to download and install any application. The Java source is available for everyone to check for security holes. Hushmail never actually sees your private key. It looks pretty secure, overall - it's been around for a couple of years and I haven't heard of any holes in it.

Bruce Schnier has even reviewed it. He has some problems with it, but there's no glaring security holes. Still, you're probably better off with GPG, storing your private key yourself.

So SafeMessage is nothing new. Of course, the more the merrier. Everyone should use encryption all the time, and competition is a good thing.


Torrey Hoffman (Azog)

I love anything that thwarts the governments power

[leereyno]

Power in the hands of ordinary citizens which balances the power held by the government, this is the cornerstone of democracy.

I can forsee a time when encryption becomes every bit as important as free speech or the right to bear arms are to holding the government in check.

With things like the DMCA, Carnivore and other moves being made by the powers that be to undermine the power of the people, it is easy to get angry and discouraged. But then I see something like this and it reminds me that there are people out there willing to fight back. That not everyone has forgotten that the government derives its power from the consent of the governed and not the other way around.

Lee

Why this is different from PGP/GPG

[Gurlia]

Apparently some people here are confusing this system as a similar one to PGP/GPG, so here goes...

With PGP/GPG, you publish your public key and others use your public key to encrypt messages to you. The same key is used over and over again.

With this scheme, apparently they are using a one-time encryption method: I would presume a random key is created during message sending time, and after the timeout, the message and the key is destroyed. Now suppose a 3DES key is produced for *each* message. That's going to be *very* hard for people to listen in, 'cos after cracking the key for the first message, they've gotten nowhere with the other messages.

Of course, it's debatable whether this will actually increase the strength of the encryption in practice.

And, as somebody else has said, there's nothing to stop the recipient from making copies of the decoding key and the message indefinitely. I presume the timeout is implemented in whatever client program they're selling -- but as we all know, any rules enforced by software (including timeout rules) are easily bypassed.

So I'd say, the timeout factor isn't going to make too much of a difference, though the idea of using a different key for every message *might* make the encryption system stronger.
---

My two cents

[fluxrad]

I'd just like to say. I'm an international terrorists and i am VERY dissappointed in the US government for this whole carnivore deal.

First off, i feel that my right to send plain-text email to my friends (such as mkhadafi@libya.com or carlos_the_jackal@internationalterrorism.co.uk) have been infringed by this "carnivore" program. Being that we have absolutely no other means of secure communications, like a phone session or even speaking face to face, my particular terrorist cell has been using email for quite some time now.

Another problem that arizes with this email snooping stuff is our new-found inability to transfer bomb making instructions to one another. Obviously there is no other way to find out about how to make bombs, or even a nuclear weapon....it must be done by email.

I guess i am angry, but i must congratulate the US...with carnivore it is obvious that the FBI has successfully eliminated any possibility of my compatriates and I actively engaging in anti-US terrorism.

damn.


FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network

PGP over email isn't secure?

[talonyx]

Since when is PGP via email less secure then over DCC or ICQ or FTP or any other 3 letter protocol?

Carnivore doesn't brute-force PGP, does it? That would take a lot of work for the random chance of finding a keyword like "blow up the pentagon" or "al gore is an erectilly dysfunctional motherfucker".

Seriously, folks, PGP is secure enough for now. Pretty Good Privacy. And lots of people use it. Good nuff for me and maybe later I'll use something else, but it will probably just be public/private key like with longer keys.

This isn't secure e-mail

[X]

It's secure instant messaging, whether they realize it or not. It has all the draw backs and benefits of instant messaging as well (inefficient use of resources, instant delivery notification, doesn't work when they're off-line, etc.)

The stupid thing though is the implication that just because this isn't going through an intermediary server it's more secure than PGP. What a crock! It's still going through a ton of routers, any of which could be copying the contents for analysis. Indeed, the way Carnivore, from what I know, doesn't so much scan the mail store as scan mail traffic. Heck, there are going to be roughly 10 copies of the message made before it gets read!

This is just useless..

[Sir_Winston]

Not only is PGP or GPG good enough, but this new service really doesn't offer anything useful. Here are a few points to consider:

First of all, peer-to-peer over the Internet isn't really peer-to-peer at all. It's very vulnerable to man-in-the-middle exploits, since by definition any packets going out over the Internet aren't headed straight for the recipient, they have to travel over an untrusted network first. At any point along this network, a third party could insinuate himself between you and the recipient--particularly if that third party is a law enforcement or intelligence agency, since companies which own the Internet infrastructure are legally required to help such organizations. Since the data is encrypted, this may or may not be a threat depending on the strength of the implementation and upon the ability of the sender and recipient not to be socially engineered into giving out compromising information. If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on," then either you'll be communicating with the third party in readable fashion from now on, or you'll have to stop communicating anything confidential at all. Since a passphrase has to be suitably complex to be useful, the same attack is useful against shared-key crypto. I don't see how this new system could overcome this flaw at all.

Secondly, the biggest security flaw in communicating via the Net is usually whether you should trust the person at the other end or not. Many of the people we correspond or transact with over the Net are people we've never met IRL, and therein lies the problem. We have no way of knowing if the person we just started communicating with is really a fellow subversive who'll come and help with the demonstrations against the IMF we're planning, or whether he's LEA. Peer-to-peer messaging is therefore useless in real-life applications.

In fact, peer-to-peer messaging is perhaps actively dangerous. It provides a direct record that a given IP address communicated with this other given IP address at a particular time. Therefore, if your recipient is really an enemy, he now has a record of your IP communicating with him. Even though the message under this system is supposedly encrypted all the time and destroyed after a set period, this means nothing: your recipient's eyes have to see it at some point, so he can just as easily do a screen grab or if that's not possible take photographs of the text. Yes, IPs can be spoofed of course, but it's harder to do in peer-to-peer communications, and you'll still probably leave a trail of logs.

Contrast this with anonymizing forms of communication. Properly anonymized through use of remailers or remailers in combination with m2n gateways, or through services such as ZKS Freedom (if it can be trusted--who knows?), it doesn't matter if there's a man-in-the-middle, nor does it matter if your recipient is trusted or untrusted. If you leave no trail, you're safe, untraceable therefore untouchable. Peer-to-peer is the opposite of this, and very useless in the real world. PGP your message and send it via Freedom or a remailer chain, and you're golden. Of course, the best way to assure your protection is to run a public remailer yourself--that way you can be sure that at least one remailer in your chain will forward no previous headers and keep no logs. Then, you have absolute deniability even if traffic analysis hints at your involvement with the message in question--aside from which, remailers often pad messages, send out bogus messages, and use delays between receipt and sending of messages to thwart traffic analysis.

The ultimate way to communicate privately is to use the above suggestions and also divorce recipient e-mail messages from the game entirely once communications have been established. Use a m2n gateway at the end of your remailer chain, to post the PGP'd message to USENET. Either use alt.anonymous.messages with a predetermined heading, or use an empty or spam group. By using a nym with the reply block pointed to a given news group, you can allow people to communicate with you just as if they were e-mailing a real e-mail address, which eases first contacts with people not used to security.

In other words, peer-to-peer isn't a step forward, it's a step back. It's inherently insecure. The only secure communication is insulated communication, with several layers between sender and recipient. Personally, I'd love to see a company or group of hackers put together easy-to-use software to allow for this sort of anonymous communication, rather than the false security of direct peer-to-peer. Imagine if everyone with a cable or DSL connection (it takes some bandwidth and uptime to be a remailer) who wanted secure communications could just download a simple piece of software which sends anonymous messages for them and also acts as a remailer itself. Imagine a Gnutella-like network for remailing anonymous PGP'd messages and possibly posting them through news gateways to a group like alt.PGPtella.messages. If you made it easy to use, we could have truly private and secure communications in the hands of the people, and Carnivore and other spyware would be useless. For my ideas on how to make a network such as this work, read my musings about what Gnutella should have done and how to replace Napster here. The concept in that post which I think is applicable here is the idea about "regional servers," only in a remailer-type system instead of a file sharing system the "regional servers" would be mostly for finding IPs of connected machines to route through and for establishing initial connections to the network, although you could make this user0definable in case you know a trusted party on the network. All messages in such a system would be PGPd from each hop to the next, with "regional servers" promoted by the software itself based on uptime and other factors, and unlike with the current remailer system you needn't manually choose each hop along the route--the software could be let to do that, and if the next hop along the route that has been chosen has gone offline, the remailer stuck with the message would forward it to a random hop which is online. Currently, the remailer system is sometimes unreliable, but a new system like this could solve reliability issues. And, as I said, since every user of the system would be a remailer as well as a potential sender, there's absolute deniability: "Sorry, Secret Service guy, you may have traced the message back this far but I'm afraid my machine doesn't keep logs after a day. No, the logs aren't recoverable because they're securely overwritten after the specified period, with no possibility for recovery. I didn't send it and I don't know who did; feel free to look at the computer running the software." All your personal info can be encrypted with something like Scramdisk or the Encrypted File System, just in case the men-in-black do decide to take a look at your box(es).

Anyway, I think I've adequately described my distaste for direct peer-to-peer communications like this product.

Re:This is just useless..

[Sir_Winston]

This is why I said "run a public remailer" instead of just "run a remailer." Anyone can download and configure the standard remailer software, but naturally that doesn't make you a real remailer. However, it doesn't take a lot of effort to advertise a remailer--almost all serious users of remailers read a few basic forums, such as alt.privacy.anon-server. If you make "the big announcement" in such places, and prove yourself to have consistent uptime and reliability, you'll probably start getting hundreds or even thousands of messages a week within about a month or two--if you're reliable. If however you're offline and unavailable too much, or if your stats are flaky, no one will use you.

In deciding what remailers to use, people go on two things--reputation of the operator, and reliability statistics. Operate a reliable service and post in the right places, maybe join the remops mailing list, and you'll have absolutely no problem getting people to use your service and hence have complete deniability.

But in any event I suggested something even more important later in my post--that if someone would write an easy-to-use application for sending and relaying anonymous, encrypted e-mail, something simple enough for everyone to use, along the principles I outlined, then the public would beat a path to your door. Imagine if running a remailer and sending anonymous email through it were as simple as installing a Napster or Gnutella client--with thousands of nodes sending encrypted communications to each other, through randomized paths chosen by algorithms in the software, traffic analysis of any kind would be useless and anonymity would be guaranteed.

The problem is, no one has even tried such a thing. If half the effort put into Gnutella and Freenet were put into such a project, it would happen and quite quickly. It'd be one of the top downloads on Download.com and Tucows. But, among the several reasons this hasn't happened are the fear of having widespread easy-enough-for-anyone anonymous email, since it could be used by criminals and even worse abused by spammers. There's a reason that remailers are notoriously difficult to use: the people who code the software to run them and interface with them are the same kinds of people who are remops themselves, and they fear being used for spam or kiddy porn since that could get them visits from the fuzz. What they fail to realize is that a properly redesigned system of remailers with a clean and easy software interface which requires all clients to be servers as well, all traffic to be encrypted from node to node with a different key and padded to a different size, and other basic precautions, would get so many users as to make any visits from the men in suits useless. The same sorts of people who install Napster to get music and Gnutella for file sharing would install this program for private e-mail. There would be too many nodes and too much traffic to trace anything, and if they did trace parts of a path back to a particular node they'd contact the user and in all likelihood get some guy who has no idea what they're talking about because he's just an average user who wanted to send private mail. If all the data is never stored unencrypted, then the men in suits wouldn't even have any excuse to examine that Joe User's computer. It all comes down to designing the system well, and if it's designed well, it would become ubiquitous and impossible to stop or trace.

The only bad side effect of this would be increased possibilities for spamming, but since almost all spam is commercially motivated the senders are known. It would perhaps even be a good thing if a system like this were implemented and spamming skyrocketed, because it would spur on anti-spamming legislation which, without a big crisis, simply isn't going to happen thanks to Congress' own "commercial interests." The ultimate effect of such legislation, which as I said will probably only happen if spamming does skyrocket, would be to make spamming far smaller than it is now since the risks of severe criminal and civil penalties would outweigh the potential benefits.

But, I digress...