Getting back to the idea of "just build it already," Darkmail is coming. Glacially slowly, but it is coming. The interesting thing about this project is that it isn't a new email client but rather aims to become part of the IETF specifications for email transport.
http://arstechnica.com/security/2015/01/lavabit-founder-wants-to-make-dark-e-mail-secure-by-default/
A few threads back I asked the question "how does one monetize that which is taken from them without consent?" Modifying the underlying architectures and protocols of the Internet in ways that move them toward a secure by default posture is perhaps beyond the scope of VRM but certainly is an enabler of VRM since it will make it harder to surveil us en masse. This is true both in the sense that it is better to send messages in envelopes than in postcards (or the digital equivalent thereof) and in the sense of countermeasures against deliberate circumvention of user-side controls.
On the email front one instance of deliberate circumvention is that ISPs are known to force email traffic to plaintext, even in cases where the user has configured their mail user agent to use TLS, as reported by the EFF.
https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
Darkmail addresses these threats by [en|de]crypting the message at the endpoints, and decrypting just enough addressing and metadata at each point along the way to get to the next node. By stringing together a chain of 4 nodes (similar to TOR) it is possible to hide the metadata whilst still delivering the email properly.
Also, since all the email is signed it is possible to filter by signature and drastically reduce spam. Moar signal, less noise.
Kind regards,
-- T.Rob
T.Robert Wyatt, Managing partner
IoPT Consulting, LLC
+1 704-443-TROB (8762) Voice/Text
+44 (0) 8714 089 546 Voice
Fat fingered from a mobile device
Pleez 4give spelling errurz!
Archive powered by MHonArc 2.6.19.