Friday, June 28, 2013

Onion Email

Imagine that, instead of your email server delivering the email to the recipient’s server, the email was sent encrypted zig-zag all over the internet in an attempt to thwart traffic analysis and provide privacy.

Anonymous remailers are not new, but they are rarely adopted.

So imagine The Onion Router (TOR) could deliver email batch…

Ideally, you encrypt your payload e.g. with GPG.  Then you pick some TOR routers to hop over.  Then you encrypt the message and some random padding for the last hop, and then the hop before it, all the way back to the first hop.  Then you send it to the first hop.  The first hop decrypts it, sees its instructions to forward it to the second hop, and so on.  Only the last hop knows the final destination recipient (but not the payload).

TOR routers batch together the messages they receive and send them onwards every few minutes, all together.  A TOR router may also, some small random chance, add another onion skin and perhaps padding and send it off to some random router it knows about.

Eventually the last hop gets the packet and can decrypt it to discover its an SMTP envelope and send it back to the real email system and the recipient.

There might be some public SMTP-TOR gateways so you can email it to TOR from your normal email account easily.

By building it into TOR, it’d have a large install base.  By building a browser plugin it’d have a straightforward user story.  It might actually get used?

Notes

  1. williamedwardscoder posted this

 ↓ click the "share" button below!