[Strint-attendees] Email providers interested in metadata/traffic analysis resistance

Harry Halpin <hhalpin@w3.org> Sat, 01 March 2014 12:19 UTC

Return-Path: <hhalpin@w3.org>
X-Original-To: strint-attendees@lists.i1b.org
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by diego.dreamhost.com (Postfix) with ESMTP id 71DC4488AD for <strint-attendees@lists.i1b.org>; Sat, 1 Mar 2014 04:19:52 -0800 (PST)
Received: from [199.254.238.159] (helo=[172.27.0.28]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1WJitT-0006Vm-QV for strint-attendees@lists.i1b.org; Sat, 01 Mar 2014 07:19:52 -0500
Message-ID: <5311D064.8090700@w3.org>
Date: Sat, 01 Mar 2014 13:19:48 +0100
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: strint-attendees@lists.i1b.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Strint-attendees] Email providers interested in metadata/traffic analysis resistance
X-BeenThere: strint-attendees@lists.i1b.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: STRINT Workshop Discussion List <strint-attendees-i1b.org>
List-Unsubscribe: <http://lists.i1b.org/options.cgi/strint-attendees-i1b.org>, <mailto:strint-attendees-request@lists.i1b.org?subject=unsubscribe>
List-Archive: <http://lists.i1b.org/pipermail/strint-attendees-i1b.org>
List-Post: <mailto:strint-attendees@lists.i1b.org>
List-Help: <mailto:strint-attendees-request@lists.i1b.org?subject=help>
List-Subscribe: <http://lists.i1b.org/listinfo.cgi/strint-attendees-i1b.org>, <mailto:strint-attendees-request@lists.i1b.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Mar 2014 12:19:52 -0000

There's an open source (see code on github) project for server-side 
email provisioning for activist servers that is *very* interesting in 
how metadata/traffic analysis resistance can be applied to SMTP. The 
codebase already has a great number of useful puppet scripts and would 
really enjoy a code review.

Several human rights activist e-mail servers (riseup.net etc. - 
estimated 80,000 users) that are definitely under targeted surveillance 
want to upgrade to this system when its mature enough.

There is this approach called "NickNym" which I suspect is not very 
resistant likely for hiding email addresses, and implementation has just 
started.

https://leap.se/en
https://leap.se/en/source

Grab me if anyone is interested in a code review or simply pointing to 
what folks should be doing.

    cheers,
       harry