December 27, 2008, 8:19 PM — The Small Sister open source privacy project has released a first beta of its SmallMail application, allowing individuals to send e-mail messages that can't be intercepted or traced by governments or snoops.
SmallMail hides the content of e-mail headers when messages are transferred across the Internet by encrypting that data. Because the information can't be traced, security agencies are unable to determine where a message originates and where it is heading.
The project was founded by a group of five Dutch developers and is headed up by Brenno de Winter, an IT journalist specializing in security and privacy matters. The NLNet foundation is sponsoring the project through a €25 euro (US$35) donation.
Small Sister is the first public project offering anonymous e-mail, De Winter claimed in an interview with Webwereld, an IDG affiliate. Current technologies only allow users to encrypt the body of a message, but fail to hide a message's headers from snooping.
Little Sister relies on Tor, a service that facilitates anonymous Web browsing. The service routes Internet traffic across a series of routers across the world while scrubbing all information that can be traced back to the recipient. Government agencies trying to trace a Tor user will lose the trail as soon as the enter the Tor network. Although it is possible to send e-mail through Tor today, in those cases the message itself isn't encrypted. SmallMail marks the first application that uses Tor in combination with encryption while aiming to do so in a way that doesn't require advanced computer skills.
Because traffic is rerouted through a series of hubs, the delivery of a message will be delayed, taking about three minutes before delivery. Sending messages through SmallMail requires both the sender and recipient to install special client software, as well as switch to a special mail server. The project currently offers one such server for public use, and individual users can set up their own server. De Winter expects that in the future servers will be set up in redundant networks.
SmallMail is a direct response to European data retention legislation, which requires authorities to store e-mail traffic and call log data for a period of six months. The reporter claims that the legislation is a severe threat to investigative journalism, because authorities could use the logs to trace down whistle blowers.
In addition to the privacy conscious, De Winter argues that the application could appeal to corporations and government bodies that need a secure way to exchange messages. Terrorists and criminals too could use the tool, he admits. "But unfortunately terrorists already have comparable tools of their own. You can use this both for good as well as for to do harm."
SmallMail is currently in beta and has been tested for Ubuntu only. The project is looking for volunteers to port the open source application, which is written in Python, over to Windows and OS X.
