On 2005-04-27T16:09:12-0400, Tyler Durden wrote:

Oh...this post was connected to my previous one.

Is there some way to make it evident that someone has opened your email?

Hotmail could make this evident. - Force deleted messages to remain in the Trash bin for a week after receipt of the message, and display all Trashed mail in the Inbox with red strikethrough. - Record and display login ip addresses, dates, times, in the style of unix "last". Each addresses different aspects of the problem.

Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service.

If you're worried about unsophisticated attackers reading your mail, why not use PGP or S/MIME? That's one of the things encryption is for. Of course that wouldn't prevent an intruder from deleting all your mail, but hopefully the sender would notice your lack of response and contact you out-of-band. Nobody should consider email a reliable communications medium these days.

No, the threat model was outlined in a previous post. Consider some "agency" that has lots of resources and technologies, but also doesn't particularly want local authorities or (for instance) hotmail to know what they are doing. In general, this is going to make their operation much less intrusive, lower cost (ie, due to not having to physically send people) as well as avoiding a lot of legal hassles due to paper trails. So I guess what I'm looking for is way to be quite certain that someone (aside from Hotmail admin) is opening, reading, and closing my email 'unobtrusively'. Of course, once such an effort is detected, said agency may decide to follow a more intrusive investigative path, but this has practical consequences. My home alarm system is probably a better example. If NSA, for instance, is going to bother entering your house and setting up whatever, I'd bet they'd LOVE to not bother with the local security/alarm company, because then there's a paper trail, people who might be a friend of the surveilled, and other 'local' issues. They're definitely going to use their fancy gadgets, etc..., to bypass the alarm system while making the alarm company everything's going just fine, or perhaps a battery has expired. In this case there'd be nothing to subpeona. Therefore, if you suspect you're being surveilled, even if you can't secure anything you want might want to secure, you can at least force them to commit legally actionable acts, or else force them to give up their 'phishing' expeditions. -TD

From: Bill Stewart To: "Tyler Durden" CC: cyphrpunk@gmail.com, cypherpunks@al-qaeda.net Subject: Re: Email Certification? Date: Wed, 27 Apr 2005 16:04:54 -0700

I'm still having trouble understanding your threat model. If you're talking about somebody who can get Hotmail's cooperation, e.g. cops or sysadmins, there's no way you can prevent them from doing anything they want to your incoming mail. If you're worried about crackers guessing your password, then some web-based email systems automatically mark mail as read, some don't, some let you mark it, some let you remark it as unread. (I haven't ever used hotmail, and my cat stopped using it when the Child Online Protection Act required Hotmail to cancel accounts for anybody under 13 years old who didn't have parental permission, so the interface has probably changed since I last saw it.)

Are you worried specifically about Hotmail? You're mentioning using gmail to pre-filter your hotmail messages - gmail's going to have similar potential threats, except that it's probably better managed, and if you're going to send the mail to gmail anyway, why not just read it on gmail? In general, if you've sent unencrypted email to an untrusted system, then you've got no way of knowing that it hasn't been read.

At 01:09 PM 4/27/2005, Tyler Durden wrote:

...

Oh...this post was connected to my previous one.

Sorry...my ideas along these lines are still a little foggy but I'll try to articulate.

Basically, let's assume someone with some resources has cracked your email and wants to monitor what you send and receive. let's also assume they don't want you to know it. Let's assume they also are not particularly thrilled about having hotmail know what they're up to (if needs be they can obtain a warrant, etc..., but this is clearly less than desirable compared to more direct techniques). It seems fairly easy to me to (for instance) create a bot that duplicates all of the email and resends it to your hotmail account so that when you log in everything looks fresh and new. (There are probably easier ways to do this via direct hacks of hotmail).

Is there some way to make it evident that someone has opened your email?

Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service.

BUT, it occurs to me that you might be able to have gmail forward your mail to hotmail via some intermediate application you've set up that takes the timestamp and whatever and creates a hash.

Eh...for email you may have a point, but I'm not 100% convinced. In other words, say they want to monitor your email account. Do you really believe they are going to tap all major nodes and then filter all the traffic just to get your email? This is that whole, "The TLAs are infinitely powerful so you might as well do nothing" philosophy. And even though I might be willing to concede that they get all that traffic, one hand doesn't always talk to the other. there may be smaller branches on fishing trips accessing your email if they want. if one were able to monitor the email account for access, you'll at least force your TLA phisher into going through proper internal channels. He might actually get a "no", depending on the cost vs risk. Look..."they" aren't some super-Orwellian hyperorganized hive-mind. They're a big, fat bureaucracy full of big, fat bureaucrats. That's why they don't get real jobs! Look...a little tiny yap yap dog can often scare off a bigger dog or animal by making it clear that any interaction's going to suck. This isn't because the big dog couldn't ultimately kill the little dog, but because the big dog will realize it's just not worth it. -TD

From: Morlock Elloi To: cypherpunks@al-qaeda.net Subject: zombied ypherpunks (Re: Email Certification?) Date: Thu, 28 Apr 2005 12:17:53 -0700 (PDT)

...

I'm still having trouble understanding your threat model.

Just assume braindeath and it becomes obvious.

No tla with any dignity left would bother e-mail providers or try to get your password. All it need to do is fill gforms and get access to tapped traffic at major nodes (say, 20 in US is sufficient?). Think packet reassembly -> filter down -> store everything forever -> google on demand.

Concerned about e-mail privacy? There is this obscure software called 'PGP', check it out. Too complicated? That's the good thing about evolution, not everyone makes it.

end (of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:

__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

At 17:43 2005-04-29, you wrote:

Eh...for email you may have a point, but I'm not 100% convinced. In other words, say they want to monitor your email account. Do you really believe they are going to tap all major nodes and then filter all the traffic just to get your email? ...

Well, they could just tune in on Echelon, which really seems to be reality. There is no need for "infinite" resources to do such a thing.

This is that whole, "The TLAs are infinitely powerful so you might as well do nothing" philosophy. And even though I might be willing to concede that they get all that traffic, one hand doesn't always talk to the other. there may be smaller branches on fishing trips accessing your email if they want. if one were able to monitor the email account for access, you'll at least force your TLA phisher into going through proper internal channels. He might actually get a "no", depending on the cost vs risk.

Here is the fundamental misunderstanding. Your email is no "account". There are no place where your account is stored. The only thing that exists is an endpoint, where you receive your mail. Before the mail reaches that point, its's just TCP-packets on the wire. If the listener is on a mail router, you could possibly see a trace of it in the message header, but it's possible to rewrite that stuff to, so the only way to KNOW if someone reads your mail is to analyze the potential readers behaviour based on the information in your mail. /O

At 16:10 2005-05-02, you wrote:

...

Here is the fundamental misunderstanding. Your email is no "account". There are no place where your account is stored. The only thing that exists is an endpoint, where you receive your mail. Before the mail reaches that point, its's just TCP-packets on the wire.

OK, what the heck are you talking about? You're telling me that hotmail/gmail is stored on my personal COMPUTER? Not even a TLA-originated campaign of disinformation would attempt to get that across. Are you like a 14-year-old boy or something?

That's completely unwarranted for. The end point for hotmail is Microsoft's hotmail-servers, and for gmail the endpoint is Google's servers. Stop being so damned rabid. /O