Re: [Fsuk-manchester] Manchester Geek Nights

fsuk-manchester

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night

From:	Bob Mottram
Subject:	Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night
Date:	Thu, 13 Nov 2014 09:44:33 +0000
User-agent:	Mutt/1.5.23 (2014-03-12)

On Wed, Nov 12, 2014 at 07:24:47PM +0000, Mircea Moise wrote:
>    On Thursday, 20th of November we will host a hack night on Pixelated
>    ([1]https://pixelated-project.org) in the ThoughtWorks office in
>    Manchester.
>    Pixelated is a secure Open Source email solution. It aims to help
>    organisations to implement secure solutions. It addresses two key
>    problems: mass surveillance and centralisation. More info about the
>    event can be found here:
>    [2]http://www.meetup.com/manchester-geek-nights/events/218619965/ . The
>    code is on github: [3]https://github.com/pixelated-project
>    The session is hands-on and it's aim is to get people started on the
>    project. It will be great if we will be able to address a couple of the
>    project's issues.
>    I hope to see you there,
>    Mircea

I think that attempts to increase the security of email are useful simply 
because email protocols are so ubiquitous but that ultimately those protocols 
can't be made secure. Instead it might be worth putting effort into something 
like Bitmessage with an email bridge (so that you can still use conventional 
email clients) or have a look at whatever the Darkmail people are doing.

The threat model for conventional email - even if the body and subject of the 
message are encrypted - is kind of disturbing if you consider what a pervasive 
adversary can do to obtain the social graph.

https://github.com/pixelated-project/pixelated-platform/blob/master/threatmodel.md

IMHO the main threat comes from passive surveillance either by states or 
corporations. Both of those adversaries are primarily interested in the social 
graph, not the content. From the state perspective via email you can easily 
find hubs, "key influencers" and sources of what they refer to as "social 
contagion". From the corporate perspective they're mainly interested in who 
your current or prospective customers and suppliers are, and they don't need to 
know the content to guess what you're buying or selling.

I have made my own attempts to run a secure email server with the Freedombone 
project. There is a mailbox variant, so you can install an email server in 
isolation with only email ports open, and that minimises the attack surface and 
ensures that there isn't any possible web/database compromise pathway into the 
mailbox. Also, I'd advise against using STARTTLS because it gets downgraded. 
Use SSL/TLS instead.
If you use an email to Bitmessage bridge installed on the client machines then 
that mitigates a lot of the metadata leakage (although not entirely).

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night, Mircea Moise, 2014/11/12
- Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night, Bob Mottram <=
- Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night, muchweb, 2014/11/13
  - Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night, Mircea Moise, 2014/11/15
- Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night, Bob Ham, 2014/11/14

Prev by Date: Re: [Fsuk-manchester] Celebrating MFS's 7th Birthday (Thurs, 13 Nov)
Next by Date: Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night
Previous by thread: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night
Next by thread: Re: [Fsuk-manchester] Manchester Geek Nights - Pixelated Hack Night
Index(es):
- Date
- Thread