Tails

#2 Updated by intrigeri 2014-11-06 09:47:39

I doubt anyone on the current team will have time to work on this any time soon, so the next steps would be:

1. clarify “extremely appropriate for all the design goals of the Tails project”: which part of our design goals does it cover? what user story would it address?
2. decide whether we would like to see mixmaster installed by default, or made easier to install and configure
3. if yes, see who’s going to do it, or mark this ticket as low-priority (= patches welcome but we won’t do it ourselves)

#4 Updated by aguelier@ruggedinbox.com 2014-11-06 19:21:09

1. I thought I already clarified the most important Tails goals Mixmaster covers in the sentence following the one you quoted, but if you want me to do so I could cite practically every section of the design document here with each section number followed by the word “check” because Mixmaster appears to cover almost the whole thing (which should not be surprising at all because it wasn’t many years ago when Mixmaster was considered an equal peer to projects like Tor and i2p).

Like Tor, Mixmaster is a general purpose tool with many possible user stories, but the particular one I have in mind is that since many of the anonymous communication tools out there are not compatible with the standard unencrypted, unobscured email that constitutes the majority of global communications (if we include the email to sms gateways that are almost always provided with sms service), it is useful for users who are further along in their transition to more secure communication systems (ex OTR) to be able to continue establishing contact with users of standard unencrypted email/sms in the most secure/minimally-revealing way possible. Although there are obviously many risks that cannot be addressed without the cooperation of both sender and receiver (such reducing the risk of intercepted message contents with PGP encryption), the unique benefit of a tool like Mixmaster is that it still affords senders partial use of the standard unencrypted email/sms channel even without any cooperation from the receiver whatsoever so that unencrypted email/sms notices like “log in to OTR” or “please install PGP, Mr Greenwald, because I’m going to send you a set of documents that reveal an illegal mass surveillance program” can be sent without exposing the metadata or social network of the sender. Granted the user in this story could also use Tails to send from a one-time disposable email address at a site like ruggedinbox.com, but as I also already mentioned in the sentence after the one you quoted, the hassle of this approach does not fully satisfy the tails design goals and, given the risks created by the non-cooperative receipient in this user story, it also seems appropriate for the sender to try to compensate for these risks with some kind of additional precaution (that Mixmaster over Tor provides with greater resistence against an end-to-end correlation attack).

1. Obviously Mixmaster should by installed by default and, as mentioned, Tails advocates like Jacob Appelbaum mistakenly think it already is installed by default. The only reason I suggested the option of making it easier to install/configure is to not be so presumptuous, but let me be clear now that not having Mixmaster as part of a default Tails installation is absolutely absurd and I can’t imagine any target user in their right mind using what is currently installed in Mixmaster’s place (eg Claws Mail and/or disposable webmail).

1. I am willing to do it myself, but I lack sufficient documentation on how Tails differs from other standard Debian or other torrifying setups to get it done quickly. So I made this ticket in the hopes that someone who has more knowledge about Tails than myself can either help me understand these specific differences (or point me to their documentation), simply do it themselves, or some collaborative combination of the two.

intrigeri wrote:
> I doubt anyone on the current team will have time to work on this any time soon, so the next steps would be:
>
> # clarify “extremely appropriate for all the design goals of the Tails project”: which part of our design goals does it cover? what user story would it address?
> # decide whether we would like to see mixmaster installed by default, or made easier to install and configure
> # if yes, see who’s going to do it, or mark this ticket as low-priority (= patches welcome but we won’t do it ourselves)

#5 Updated by aguelier@ruggedinbox.com 2014-11-06 19:25:10

1. I thought I already clarified the most important Tails goals Mixmaster covers in the sentence following the one you quoted, but if you want me to do so I could cite practically every section of the design document here with each section number followed by the word “check” because Mixmaster appears to cover almost the whole thing (which should not be surprising at all because it wasn’t many years ago when Mixmaster was considered an equal peer to projects like Tor and i2p). Like Tor, Mixmaster is a general purpose tool with many possible user stories, but the particular one I have in mind is that since many of the anonymous communication tools out there are not compatible with the standard unencrypted, unobscured email that constitutes the majority of global communications (if we include the email to sms gateways that are almost always provided with sms service), it is useful for users who are further along in their transition to more secure communication systems (ex OTR) to be able to continue establishing contact with users of standard unencrypted email/sms in the most secure/minimally-revealing way possible. Although there are obviously many risks that cannot be addressed without the cooperation of both sender and receiver (such reducing the risk of intercepted message contents with PGP encryption), the unique benefit of a tool like Mixmaster is that it still affords senders partial use of the standard unencrypted email/sms channel even without any cooperation from the receiver whatsoever so that unencrypted email/sms notices like “log in to OTR” or “please install PGP, Mr Greenwald, because I’m going to send you a set of documents that reveal an illegal mass surveillance program” can be sent without exposing the metadata or social network of the sender. Granted the user in this story could also use Tails to send from a one-time disposable email address at a site like ruggedinbox.com, but as I also already mentioned in the sentence after the one you quoted, the hassle of this approach does not fully satisfy the tails design goals and, given the risks created by the non-cooperative recipient in this user story, it also seems appropriate for the sender to try to compensate for these risks with some kind of additional precaution (that Mixmaster over Tor provides with greater resistance against an end-to-end correlation attack).

1. Obviously Mixmaster should by installed by default and, as mentioned, Tails advocates like Jacob Appelbaum mistakenly think it already is installed by default. The only reason I suggested the option of making it easier to install/configure is to not be so presumptuous, but let me be clear now that not having Mixmaster as part of a default Tails installation is absolutely absurd and I can’t imagine any target user in their right mind using what is currently installed in Mixmaster’s place (eg Claws Mail and/or disposable webmail).

1. I am willing to do it myself, but I lack sufficient documentation on how Tails differs from other standard Debian or other torrifying setups to get it done quickly. So I made this ticket in the hopes that someone who has more knowledge about Tails than myself can either help me understand these specific differences (or point me to their documentation), simply do it themselves, or some collaborative combination of the two.

intrigeri wrote:
> I doubt anyone on the current team will have time to work on this any time soon, so the next steps would be:
>
> # clarify “extremely appropriate for all the design goals of the Tails project”: which part of our design goals does it cover? what user story would it address?
> # decide whether we would like to see mixmaster installed by default, or made easier to install and configure
> # if yes, see who’s going to do it, or mark this ticket as low-priority (= patches welcome but we won’t do it ourselves)

#10 Updated by intrigeri 2014-11-10 12:20:43

Assuming mixmaster is installed by default, are there more user-friendly ways to use it so send email than the command-line?

#11 Updated by aguelier@ruggedinbox.com 2014-11-11 02:37:18

Mixmaster defaults (without any flags or options) to an excellent user-friendly ncurses interface and other anonymity projects that have included Mixmaster include it because it is specifically MORE user-friendly than a full mail client like Claws. The Whonix project says:
‘Motivation behind this: "What if there where a bookmark pointing to mail.local (or something like that) where you can simply enter an e-mail address, from sender (optional), subject and text, click send and mail is on its way? No sign-up/registration/smtp server required.’

I would also like to point out that there are non-GUI applications installed in Tails by default such as Mutt, but for those who insist on a complicated GUI there’s also wrapper package in the debian stable repositories called “Premail” which can make Mixmaster a Sendmail compatible replacement for integration with GUI clients such as Claws Mail. Once Premail is installed you’re supposed to simply edit your account settings in Claws by changing the “Basic” server information to “Use a mail command rather than SMTP server” with a specification of “/usr/sbin/premail -t -i”. Then, to activate the mix network for outgoing mail, you can either edit the account settings to “Add a user-defined header” of “Chain:” or simply append the string “((chain))” to your outgoing email addresses like this “president@whitehouse.gov ((chain))” on a case by case basis. The only problem is that, after doing all this and clicking the send button in Claws, it doesn’t work (but gives an error message of “Recipient is not specified.” Any ideas?
https://packages.debian.org/stable/premail
http://manpages.debian.org/cgi-bin/man.cgi?query=premail