[lifeisstillgood]

Ok, I'll bite. This is a good post - I am negative on your ability to pull this off, but it's a worthwhile discussion to have IMO

* Totally anonymous (ie no metadata trail) communication seems impossible / impractical. If everywhere is the Tor then we massively increase traffic, (not to mention the trustworthiness of "everyone" is a lot lower per unit than everyone currently running a tor node)

Anyway, even if a encrypted anonymous message arrives for me, just working out who it's from without any metadata seems complex web of double decryption

I do struggle with how anonymity is going to solve all problems with totalitarian states. In the end we need to solve this in the real world of politics and execution squads so we don't mortally worry about letters or emails being read.

* there is a lot more here than my tired brain can handle - but my main concern is a simple human one

- if secure anonymous comms is "impossible", then I could see levels of secure encryption (sent from my iPhone, sent from my PC hardwired at home that has a secure USB boot on my key ring). But this idea demands that as the recipient I work hard to determine from context if the message is secure - aha it's 11pm in the UK and Adam just mailed me a secure note saying we should give everyone an Owl. Chances are high he is pissed and his mates sent it.

Once technology stops helping us make those decisions it's kind of pointless - May as well just keep sending clear text is not an irrational stance.

Be interested in the discussion in the morning - cheers

* lastly - what email client do you guys use that allows gpg on mobile?!

Edit: clean up

[adamcaudill]

I'm not the only one working on it, but I am the lead. I have my doubts too - but I don't see that as an issue. Any email replacement has a long way to go before it would be used widely - getting a real standard through the IETF alone will be difficult. But, this is a starting point - it's something to build from, a conversation starter if nothing else. Even if it gets ripped to shreds, if it gets people actively working on another solution, then it was worth it.

It's the conversion that matters to me, there needs to be a solution to this, and for that to happen people need to get engaged.

As for anonymity, I don't think there's a good option there - the spec I'm writing isn't anonymous to the recipient, or to the recipient's server. My focus is on encryption and authentication. There's more metadata exposed than I'd like in my model, but it's a balancing act between competing goals. We'll see that in any standard that replaces email - there are many forces at play with different goals and different requirements. No solution will make everyone happy.

There are issues, metadata being a big one, that the proposal I'm working one doesn't address as well as I'd like. I'm hoping others will try to tackle this issue as well, and come up with other methods that may work better.

When we are ready to release a public draft, it'll just be the first step. We don't expect anyone to just say "Hey, that's perfect, let's replace all the email servers" - that isn't going to happen, and it's not our goal. A lot of review will be needed, changes will need to be made to address different concerns, and maybe it'll progress to a useful system. Maybe somebody else will come along with a different idea, and that one will get the community backing. What I want is a replacement system that is secure - I don't care who's design it is. It's not about ego, not about winning for me - it's about prodding the community into action.

As to the last question, as others have answered, K-9 Mail. It works well enough for my needs.

[AnthonyMouse]

> Totally anonymous (ie no metadata trail) communication seems impossible / impractical. If everywhere is the Tor then we massively increase traffic

That really isn't the problem. If onion routing works for anything it works for email. Text is low bandwidth. You make the email servers relay for each other so it scales: More email servers, more relays. And if you're willing to have your emails delayed by e.g. half an hour you can get a much stronger level of anonymity than you can with realtime systems like Tor because random delays between hops on high traffic nodes in combination with padding to power-of-two size boundaries makes traffic analysis extremely difficult.

> Anyway, even if a encrypted anonymous message arrives for me, just working out who it's from without any metadata seems complex web of double decryption

Every message to you should be encrypted against your public key, so you decrypt it with your private key and immediately learn who it's from. The issue is if you have multiple public keys and you don't want the message to identify which one to use in any way. There could be some interesting cryptographic solutions to that I'm not aware of, although in the worst case you could just try all of them until one works.

[lifeisstillgood]

Duh!

I went off on one thinking how do I find which public key Of my 4000 contacts is the right one ... When no-one will encrypt a secret message with their own private key !

Sorry - total brain fart. Apologies to others down thread too.

[raving-richard]

    Anyway, even if a encrypted anonymous message arrives for me, just working out who it's from without any metadata seems complex web of double decryption

It's simple. You can encrypt everything, including the metadata. Then, when it arrives in your box, you simply decrypt everything, and see who it's from. It doesn't have to be anonymous.

[lifeisstillgood]

How do I know which key to use to decrypt it? If there is any identifier then that is an identifier for the sender - an irrevocable one that will slowly build up a metadata trail.

Anonymity is hard if not impossible - it's why I don't think evoting can work and why this seems laudable but hard

[raving-richard]

Your software can try each key until one of them works. If none of them work, it can say "this message can't be opened with one of the keys available". Or even "this message requires key 1234 5678 to open, but it's not currently available". It's not something you need to care about. You don't need to have any information about the sender unencrypted. It's not at all necessary to deliver the message.

[lifeisstillgood]

Hmm - I get an average of 1000 messages a day, mostly spam, and I have - good grief - 4000 seperate email addresses in my inbox - and it just took 0.001 s to decode a txt file

So that's 4000 seconds to prove a message is spam

I'm not loving this idea

That can't be right ...

[rakoo]

FYI, bitmessage (https://bitmessage.org/) is a working implementation of this "Everyone Gets Everything" model. Maybe have a look at how they do things ?

[narrowrail]

K-9 mail on Android. Not sure about iOS, but I have seen an implementation somewhere on code.google in the past (not sure of its current status).

[mike-cardwell]

K-9 Mail is good, but it doesn't support PGP/MIME. Only inline PGP. Doesn't look like they will either as it's been on their todo list for several years now with no progress.

[aDevilInMe]

Whilst this is true it is not really that big a problem. You can open the attachment, copy to the clipboard and then use APG to decrypt. It could be nicer and would be excellent if the client supported PGP/MIME, but I can live with it.

[x1798DE]

I would say it's a not-insurmountable problem, but definitely a big problem. If I have to copy-and-paste all my e-mails into APG just to read them, that's a significant inconvenience.

[lifeisstillgood]

Thanks - am looking to jump to the dark side soon anyway :-)