[tor-talk] Secure email with limited usable metadata

[mirimir]

On 06/30/2013 03:52 PM, alice-tor at Safe-mail.net wrote:

> everyone is tooting about pgp these. pgp encryption doesnt solve the problem of tla surveillance. pgp encryption does not touch metadata (recipent, sender).
> 
> how to secure mail communication?

There's an easy solution. Only communicate among arbitrarily anonymous
accounts, and always use arbitrary subjects.

> i was thinking about pointing the mx record of the tld to a mail server that is shared with other individuals. the server is configured to drop incoming non-tls smtp connection from other mail server. On a per account basis, every message that is not encrypted to the public pgp key of the address is dropped, too. users use pop3/smtp over a hidden server to download/send messages.
> 
> what do you think? the setup is easy to maintain. if inbox size is limited to a few mbs any cheap vps thats like 20$ a year can be used to service hundreds of thousands of accounts. a trusted umbrella organization is needed to maintain the server as anonymity is increased by increasing users count. is the tor project or torservers.net interested in running such a service? i would literally pay money for that, so would others.

If you want total overkill, you can use Mixmaster nyms with
alt.privacy.anon-server as inbox. Quicksilver is easy to use, and runs
on Linux in Wine.