Monday, July 21, 2014

Hide metadata when you email your grandma?

Warning: True geeks, nerds, and security experts may not want to read this post. It may distract you from the complex tasks you face. Instead, you may want to move on to a safer web site, like Disney. Also, we think that the really sneaky among you might be using something like this already.

If, on the other hand, you would love to send your grandma an email and hide metadata (the To: and From: data), have a look.

The email To: and From: fields are very much appreciated by every internet hoover sucking on cables and bending waves. Many highly educated and experienced engineers are working on making encryption easier for the rest of us to use. And they are working on ways to hide those pesky metadata in emails.

Here is a simple concept for a program to hide these two fields when you communicate with grandma. You can improve it by hiding the subject line, too. Or get used to writing emails without a subject line until a great solution comes around.
By the end of the post, you'll have a better understanding of how complicated it really is to make metadata "go away". So, hopefully, once someone comes up with a comprehensive solution, you'll donate to his/her/their project.

What you need:
1) You need to be familiar with PGP.
2) A couple of (free) email accounts.
3) Some coding skills (motivated beginner to intermediate will do fine).

Try this:
1) For the sake of simplicity, put only the recipient (To:) in a text file, encrypt it, attach it to an email. Ignore the From: field, and leave the subject line blank.
2) Send the mail to your free account, for example <bait@catandmouseandcat.org>.
3) Now, get out your coding skills and find some open source software.
Use software and skills to download the email, decrypt the To: address text file.
4) On catandmouseandcat.org,create a new email with the decrypted recipient in the To: field. Use software and skills and send the new mail. Make sure you throw away all the headers and make a "new" email.

In essence, this is not much more than a "hey, grandma, can you forward this for me" algorithm with some cleanup.

In case we have not dissuaded all experts from reading this, let's acknowledge some issues. If someone "sees" you send a mail to <bait@catandmouseandcat.org> and then sees a mail from <bait@catandmouseandcat.org> to <grandma>, they might say, ah, it is from you to grandma. You can onion that a bit, make a few more intermediate stops, though it is work with the manual encryption. You can keep the mail on the catandmouseandcat.org server for a random time and send some bunk mails to a bunch of dummy accounts. If you are doing this in China, encrypted bits of the Little Red Book would be fun. If you are doing it in Russia, you have thousands of pages of Dostoyevsky or Tolstoy to choose from.

Then there is the even nastier problem of the email content. Even if it is encrypted, that Someone might look at the length or run a quick fingerprinting algorithm over it and then go "ha, gotcha, we don't know what you are writing but <bait@catandmouseandcat.org> just sent a mail to <grandma> with the same content as the one you sent to <bait@catandmouseandcat.org>". You'll need to get creative with that one. One option might be to double encrypt the content. First, use the public key of grandma, then encrypt that encrypted text using the same public key as for the To: address.  Once it arrives at <bait@catandmouseandcat.org>, "decrypt" the contents, too. <bait@catandmouseandcat.org> can't see the real text because that is still under grandma's key, but an onlooker won't be able to do a simple gotcha.

Don't forget to put the return email address into the text somewhere unless your grandma knows it already.

Oh, and sorry if a tool like this already exists and we simply did not find it.

No comments:

Post a Comment