SoylentNews is people
SoylentNews
Wired reports that Ladar Levison (of Lavabit fame) hired the convicted ex-hacker Stephen Watt to create DarkMail — a set of protocols and servers which apply a similar approach as onion routing to the email metadata (sender and recipients) and would still enable the existing email clients go "dark".
The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata.
The project has made for an interesting pairing between Texas technologist Ladar Levison and convicted hacker Stephen Watt, whom he's hired to help develop the code. Both have had previous battles with the government in very different ways.
The project is composed of several parts: an email client called Volcano; server software called Magma Classic and Magma Dark; and the Dark Mail, or Dmail, protocol, which they're designing to replace existing protocols for sending and retrieving email that don't hide metadata.
"If you trust your server, you can use Outlook and the server will handle everything for you," Levison says. "The preference would be that you use the Dark Mail client, but I understand that this is not even a possibility for some organizations."
Dark Mail is modeled loosely on TOR — The Onion Router... With Dark Mail, there are primarily two main servers involved in an email transaction: the sender's domain and the recipient's. And although the sender's server can identify the source from which the email was sent, it doesn't know the recipient, just the recipient's domain. The server at the recipient's domain decrypts the "to:" field to deliver the correspondence to the right account, but doesn't know who sent the email — just the domain from which it came.Seems like in the today's society one need to rely on outlaws to claim back some freedom (as in: being an honest citizen is no longer enough to guarantee it).
(Score: 4, Interesting) by frojack on Monday July 21 2014, @05:35PM
TFS wasn't too specific, but it seems quite possible you would want to include PGP for your text body.
This mechanism is all about obscuring the the headers and metadata, so that none of the handlers can actually see both where it came from and where its going, and only the first and last servers have the knowledge to determine the final recipient.
Sort of like PGP for headers. Your client need only know/fetch the public key of the receiver's domain.
Still each server along the route (and presumably direct routes would be selected AGAINST, in favor of TOR, as you mention), needs only to know about the target domain, and couldn't decrypt any of the rest of the routing information, or the payload.
The most a spy agency could determine was that there were X number of messages destined for Location Y, but only if they managed to insert themselves into the chain.
No, you are mistaken. I've always had this sig.