Email Certification?

[Tyler Durden]

Oh...this post was connected to my previous one.

Sorry...my ideas along these lines are still a little foggy but I'll try to 
articulate.

Basically, let's assume someone with some resources has cracked your email 
and wants to monitor what you send and receive. let's also assume they don't 
want you to know it. Let's assume they also are not particularly thrilled 
about having hotmail know what they're up to (if needs be they can obtain a 
warrant, etc..., but this is clearly less than desirable compared to more 
direct techniques). It seems fairly easy to me to (for instance) create a 
bot that duplicates all of the email and resends it to your hotmail account 
so that when you log in everything looks fresh and new. (There are probably 
easier ways to do this via direct hacks of hotmail).

Is there some way to make it evident that someone has opened your email?

Right now, I can't think of anything you could do aside from suggesting that 
hotmail (or whoever) offer some kind of encryption service.

BUT, it occurs to me that you might be able to have gmail forward your mail 
to hotmail via some intermediate application you've set up that takes the 
timestamp and whatever and creates a hash.

Now your 'observer' of course could possibly go over to hotmail and try the 
same tricks, but this might be harder...the forwarded emails might not last 
very long. this might require a pretty heavy hack into gmail or else a 
subpeona, in which case they are much closer to the surface than 
before...'they' need more resources and possibly subject themselves to the 
legal system, which they probably still want to avoid.

-TD

>From: cypherpunk <cyphrpunk at gmail.com>
>To: cypherpunks at al-qaeda.net
>Subject: Re: Email Certification?
>Date: Wed, 27 Apr 2005 11:14:50 -0700
>
>On 4/27/05, Tyler Durden <camera_lumina at hotmail.com> wrote:
> > Hum.
> >
> > Can anyone figure out a way to determine if one's hotmail, etc...has 
>been
> > looked at or not?
>
>By whom? Someone at hotmail, or someone who got your password and
>logged in as you?
>
>Hotmail shows mail that has already been viewed in a different color
>than mail you haven't looked at yet. So it would be obvious if someone
>else logged in as you and read your email. But of course there is no
>way to know what insiders are doing. Maybe you could explain your
>attack concept more clearly.
>
> > The only thing my limited mind can think of sounds superficially like it
> > won't work:
> >
> > Use a gmail account to forward all email to some routine that 
>time-stamps
> > and then hashes the message+timestamp and then sends the email on to the
> > hotmail account.
>
>What would this accomplish? That is, what attack would it make more
>difficult? Are you worried that someone is intercepting your email en
>route to hotmail, reading and delaying it, then passing it on? And you
>hope to detect the unwarranted delay?
>
>CP