Email insecurity (was One of the great benefits of Open Source)
Email insecurity (was One of the great benefits of Open Source)
Posted Nov 10, 2025 13:32 UTC (Mon) by pizza (subscriber, #46)In reply to: Email insecurity (was One of the great benefits of Open Source) by paulj
Parent article: Debian to require Rust as of May 2026
Methinks the "strawman" here is one of your own construction.
Remember, you're not interacting with "friends and family", you're interacting with everyone said friends+family communicates with, and that's going to necessarily include complete strangers and businesses of all sizes. (If it was just a closed friends+family system, you have an alternate trust system and can eschew all of this automagic micropayment system entirely!)
Meanwhile, if you interact with real-world currencies, you will run into voliminous regulations and the 5th circle of hell that are payment processing systems. This goes well beyond the scope of taxation; Look up the UCC sometime.
Posted Nov 10, 2025 14:11 UTC (Mon)
by farnz (subscriber, #17727)
[Link] (21 responses)
The moment money gets involved, though, I have to ensure that I don't attempt to pay for mail delivery to this person's mail server, because if I do so, I will be in breach of sanctions law. And the easiest way to handle this problem is to pay someone who already handles sanctions law as a matter of course - stop running my own server, and just pay for Google Workspace or similar.
Posted Nov 10, 2025 15:02 UTC (Mon)
by paulj (subscriber, #341)
[Link] (20 responses)
As stated before, it is technically possible to have a distributed system that includes or relies on a distributed ledger payment system where no one can determine from the ledger, with any useful certainty, how much was sent by whom to whom. Only the sender knows how much was sent to which sub-address. The recipient knows how much was received to which sub-address, but not the address from which it was sent. I.e., a CryptoNote protocol.
Such non-transparent payment systems will ultimately dominate in the space for online, decentralised, distributed payment systems (and already do!), precisely because the older technology of transparent public ledger systems become mired in unworkable regulations. Eventually, the regulatory system will lose here and have to concede - just like in the previous regulatory war on maths in the 90s.
Posted Nov 10, 2025 15:41 UTC (Mon)
by paulj (subscriber, #341)
[Link] (18 responses)
Ergo, users are not sending any money to any specific node. Ergo, users in regime X, where regime X dislikes another regime Y enough that it has punitive sanctions against people within the reach of regime X who might do such terrible things as send messages within a distributed system that happens to have some participant nodes located in or run by people in regime Y, can not be said to have interacted in any way with regime Y.
The shocking rise of illiberalism, even neo-fascism, *across the world* will simply accelerate the adoption of privacy-protecting distributed messaging and payment systems. (Session - getsession.org - possibly being the best of what is workable, at this time, in the messaging system space).
Posted Nov 10, 2025 21:07 UTC (Mon)
by pizza (subscriber, #46)
[Link] (17 responses)
LOLwut?
Party A wants to send email to party B. To do so a token of some "value" must be transferred that can be converted to/from "money" at either end.
No matter how much technical handwavery you layer in the middle, there's no escaping that fundamental fact, nor the fact that national governments have _very_ strong opinions (ie "laws" backed up by literal armies) on the subject of "transferring tokens of value".
It doesn't matter what value I transfer to a sanctioned entity, or how I do it. Legally it only matters that I did so (or directed someone else to do so on my behalf).
> The shocking rise of illiberalism, even neo-fascism, *across the world* will simply accelerate the adoption of privacy-protecting distributed messaging and payment systems.
I'd agree with you on the messaging front, but *payment systems* are another matter entirely. The fundamental problem with distributed payment systems is how said system converts into "real" currency on either end.
Posted Nov 11, 2025 10:37 UTC (Tue)
by paulj (subscriber, #341)
[Link] (16 responses)
To fight illiberalism requires the ability to associate. To fight illiberalism in a state that is willing to use the tools of control against opponents (as has now happened in a number of western "liberal democracies", against dissident motivations across the spectrum - it's not a question of left or right) requires the ability to associate anonymously (at least, anonymous to outsiders). Effective association requires some anonymity in communication, and in acquiring and distributing resources.
To object to such tools because "Lolwut? govs wont like it bruv" is simply not an argument worth considering.
Posted Nov 11, 2025 12:38 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (15 responses)
No, anonymity is helpful if you want to subvert a democracy. Crypto is helpful for paying agitators in a deniable way(e.g. where does Tommy Robinson get money for his luxury vacations?)
If you want to overthrow a dictatorship(what's the point of using euphemisms like illiberal?) what you need is a mass movement that is too big for the state to handle.
The greater control a state today has because of surveillance is because of the current state of technology, you are not changing that by getting democracies to restrain themselves with laws. A dictator will just ignore these, making them completely pointless.
Posted Nov 11, 2025 14:05 UTC (Tue)
by daroc (editor, #160859)
[Link]
(Remember Debian? This is a song about Debian ...)
Posted Nov 11, 2025 14:08 UTC (Tue)
by paulj (subscriber, #341)
[Link] (2 responses)
It is interesting to see how my generation of techies - who when they were young would have nearly all been involved in or at least strongly supported the cypherpunk movement and been against the government in the crypto-wars of the 90s - have with often become more conservative at least in terms of supporting state control. People who once would have invoked May's (popularised by Schneier) four horseman of the Internet as a derisory label, now invoke those horsemen in support of the ever broadening tech-panopticon surveillance state.
Posted Nov 11, 2025 15:34 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (1 responses)
It's possible to write a fictional scenario where these really are the bad guys, but currently on planet earth none of the far to few countries that are actually respecting the rule of law deserve to be overthrown.
Your specific example refers to Syria, the old regime would have collapsed years earlier if they hadn't been propped up by the drug trade and associated money laundering so crypto was very much on the wrong side there.
Posted Nov 11, 2025 17:59 UTC (Tue)
by paulj (subscriber, #341)
[Link]
Posted Nov 11, 2025 15:51 UTC (Tue)
by NAR (subscriber, #1313)
[Link] (10 responses)
In Hungary (an illiberal democracy) the mass movement (a new opposition party) that grew too big to handle was (partly) sparked by an anonymous report that the president pardoned a pedophile-enabler. As far as I know, the guy who noticed that pardon (buried in official communication) and sent it to the press is still anonymous. So having an anonymous communication format has it merits even if a mass movement is required to replace the government.
Posted Nov 11, 2025 16:48 UTC (Tue)
by malmedal (subscriber, #56172)
[Link] (9 responses)
it is in a democracy's own best interest that its citizens can communicate safely without being overheard.
Posted Nov 11, 2025 18:12 UTC (Tue)
by paulj (subscriber, #341)
[Link] (8 responses)
We want to communicate anonymously (from the POV of others), without being overheard. We have looked at our threat model and our security requirements, and determined it is best served by obtaining phones running GrapheneOS. You lack the resources to obtain such a phone, and further the regime you are in views the purchase of secure phones as very suspicious - and you are likely to be put (at a minimum) under observation if such a purchase is detected. We have determined that it is best I purchase the phone for you (you havn't the resources), and we do so as anonymously as possible (so we have at least some plausible deniability if detected, e.g. intercepted shipment). I am known, in the wider world, to be associated with you.
One option is for me to use Tor to go to an anonymous online bazaar. Then to use an anonymous distributed payment method to buy a GrapheneOS phone, and have it shipped it to you (ideally, some drop-box or shared address that is at least not /uniquely/ associated with you). You and I know, from experience of others, that there is a minimal intercept rate on such shipments.
This is NOT an unrealistic example of how anonymous communication systems AND anonymous payment systems can be used to help protect activism in some places.
Posted Nov 11, 2025 20:12 UTC (Tue)
by pizza (subscriber, #46)
[Link]
This is an example of a quasi-anoymous communication system that sorta works (except for the glaring problem that it's a literal *phone* which means you're going to be "anonymously" tracked by $telco and/or anyone running an ISMI catcher)
Take away the "phone" part of that and you can piggyback off of public/"open" wifi, again for varying degrees of anonymity. That said, a not-terribly-repressive regime can easily require folks to require some sort of government ID and/or tied to your device [1] as a condition to grant access to said wifi. And said regime can easily require all traffic to be routed through "great firewalls" or some other classification/inspection/tracking system [2]
And sure, you can interpose middlemen, but when $oppressive_regime has no qualms about disappearing its own citizens, all you'll accomplish is a slight delay in how long it takes your door to be kicked in.
> One option is for me to use Tor to go to an anonymous online bazaar. Then to use an anonymous distributed payment method
Again, the vulnerability here is the ability to convert this "payment method" into $national_currency on either end. Those exchanges are the choke points that governments can, and do, go after.
...I keep coming back to the "what threat vector are you trying to protect yourself against" question. Because a guido wielding a gympie trounces technical handwavery... every. single. time. (see xkcd #538)
[1] I experienced this a decade ago when traveling in the Middle East.
Posted Nov 12, 2025 13:12 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (6 responses)
It's unrealistic to the point where it looks like a parody. Is it intended as one?
Phones are widely available in almost all countries, it is rarely a hard to get item. In a country where they are hard to get, North Korea, they have implemented some kind of authorization scheme so only government provided phones can actually connect to the network, an activist firing up your graphene os phone will be arrested immediately.
(I believe they do have provisions for tourists calling abroad, but an activist trying this will be noticed and arrested)
Posted Nov 12, 2025 17:08 UTC (Wed)
by paulj (subscriber, #341)
[Link] (5 responses)
1. proceeds to give an example of a country where phone purchases generally are restricted as described
If your argument really is that activists never need to buy anything that may be sensitive, where anonymity is desirable, then it is your argument that is parody.
Posted Nov 12, 2025 17:10 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted Nov 12, 2025 19:02 UTC (Wed)
by malmedal (subscriber, #56172)
[Link] (3 responses)
> "It's so unrealistic it's a parody!"...
> 1. proceeds to give an example of a country where phone purchases generally are restricted as described
No, I'm pointing out that anybody trying to use your OS if likely to be arrested very quickly. The phone will need to authenticate itself to the network in order to prove that it is indeed an approved phone with the correct spyware installed.
> 2. fails to spot that my comment says "You lack the resources to obtain such a phone",
No, I'm saying that phones are ubiquitous, access to one is not a limitation and I'm saying that getting a Graphene OS phone is not going to help if you are physically in a dictatorship.
What activists need to do is to make their electronic signature as innocent as possible. One common tactic is to post coded messages to a popular forum that also used by normal people.
With your solution, as soon as the police finds the first activist with with a Graphene device, they will know what the traffic looks like and can use that that simply the search for the rest.
Posted Nov 12, 2025 19:28 UTC (Wed)
by pizza (subscriber, #46)
[Link]
Along those lines, the Iranian revolution in the late 70s was famously seeded via already-ubiquitous cassette tapes of Khomeni's speeches.
Posted Nov 13, 2025 10:11 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (1 responses)
Thus, your goal is to not do anything that would give the police a reason to look at you; you're reliant on the fact that there's more citizens than police, and thus they cannot monitor everyone in depth. The moment you do something that marks you out as "odd", you're either fully compliant with the regime (just slightly weird - maybe you like brandy more than vodka), or you're marked out as a troublemaker and they will find a way to get you.
Posted Nov 13, 2025 11:54 UTC (Thu)
by malmedal (subscriber, #56172)
[Link]
Posted Nov 10, 2025 16:13 UTC (Mon)
by Wol (subscriber, #4433)
[Link]
And as far as I can tell, both you and farnz are in violent agreement on this point!
As farnz keeps on banging on, the problem is SOCIAL, and there is no way from a SOCIAL perspective that anything like this will take off.
Cheers,
And note that you can't control who your friends and family choose as mail providers. For example, my home mail server (used by 3 people - me, my spouse, my mother) regularly sends mail to a server belonging to a sanctioned entity. This is fine, legally speaking, because no money is involved; I'm forwarding data from my mother's mail client to her friend's mail server, and the mere act of forwarding data is not sanctioned.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
If you want to overthrow a dictatorship(what's the point of using euphemisms like illiberal?) what you need is a mass movement that is too big for the state to handle.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
[2] This capability continues to be demonstrated by China
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
2. fails to spot that my comment says "You lack the resources to obtain such a phone", so either I have to send you money somehow (anonymously) or I have to send a phone.
3. I may also be in the same restrictive regime, I just happen to have the resources to be buy the item.
4. There may be numerous other types of items useful to activism that one may wish to purchase for oneself or others anonymously.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
The key to this is that "innocent until proven guilty" is an artefact of liberal societies. If you're in an illiberal society of some form, once you've been identified as a troublemaker, you will be found guilty of something; if necessary, police will plant or forge evidence to show that you've been involved with something society at large considers abhorrent.
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Sending e-mail via a possibly sanctioned entity
Wol