[tor-talk] Confidant Mail, was re: Mailpile SMTorP

Wed May 27 00:50:40 UTC 2015

Confidant Mail is another next-gen mail architecture worth a look. You 
can access
servers directly, via exit node, via hidden service, or via I2P. You can 
have your mail
hosted on your own server, on someone else's server, or in the 
Distributed Hash Table.
In the "server" case there is no limit on attachment size. You do not 
have to be online at
the same time as the recipient.

It's written in Python and uses PyOpenSSL and gnupg encryption. If you 
are looking for
next gen email over Tor, look here: https://www.confidantmail.org

Mike

On 5/26/2015 4:36 PM, carlo von lynX wrote:
> On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote:
>   
>> On one hand, Mailpile is after security, which is great. But on the
>> other hand they use node which doesn't sign packages, therefore
>>     
>
> What a shame! Somebody please fix this node thing. I can't
> believe these nodejs enthusiastos are playing around with all 
> kinds of crypto something javascript applications but build 
> on top of a house of cards.
>
> I still have plenty of criticism for SMTP and the idea of
> doing PGP on top of SMTP but having the server run as a
> hidden service from my own laptop gives this architecture
> quite a legitimacy boost.
>
> While with a mail system like Pond the few popular servers
> can be deanonymized by confirmation attack, then taken over
> by authorities and subdued to send traffic shaped messages
> back to the users, thus slowly deanonymizing the entire
> social graph of Pond users... SMTorP appears to me to be a
> better idea.
>
> With both send and reception points on the user's laptop,
> an attacker that wants to inject a traffic shape into the
> Tor network needs to take over the laptop itself. From my
> understanding there is no other place on the network
> where that sort of attack would be successful.
>
> If that is true, that would be a great progress. Too bad
> that the old problem of both having to be online at the
> same time is re-introduced. We could have started using
> Retroshare over Tor two years ago to achieve the same goal.
> Retroshare looks a little less fancy than Mailpile, but
> it doesn't need any pip or node.
>
> Also Framstag's sendfile SAFT implementation can be a neat
> quickfix solution. The server is easily pluggable into a
> hidden service and provides for mail-like spooling of 
> messages and native binary file transfers, without all
> the overhead of e-mail.
>
>
>   