Small Sister project protects against e-mail snoops

5 comments | 12I like it!
December 27, 2008, 08:19 PM —  WebWereld Netherlands — 

The Small Sister open source privacy project has released a first beta of its SmallMail application, allowing individuals to send e-mail messages that can't be intercepted or traced by governments or snoops.

SmallMail hides the content of e-mail headers when messages are transferred across the Internet by encrypting that data. Because the information can't be traced, security agencies are unable to determine where a message originates and where it is heading.

The project was founded by a group of five Dutch developers and is headed up by Brenno de Winter, an IT journalist specializing in security and privacy matters. The NLNet foundation is sponsoring the project through a €25 euro (US$35) donation.

Small Sister is the first public project offering anonymous e-mail, De Winter claimed in an interview with Webwereld, an IDG affiliate. Current technologies only allow users to encrypt the body of a message, but fail to hide a message's headers from snooping.

Little Sister relies on Tor, a service that facilitates anonymous Web browsing. The service routes Internet traffic across a series of routers across the world while scrubbing all information that can be traced back to the recipient. Government agencies trying to trace a Tor user will lose the trail as soon as the enter the Tor network. Although it is possible to send e-mail through Tor today, in those cases the message itself isn't encrypted. SmallMail marks the first application that uses Tor in combination with encryption while aiming to do so in a way that doesn't require advanced computer skills.

Because traffic is rerouted through a series of hubs, the delivery of a message will be delayed, taking about three minutes before delivery. Sending messages through SmallMail requires both the sender and recipient to install special client software, as well as switch to a special mail server. The project currently offers one such server for public use, and individual users can set up their own server. De Winter expects that in the future servers will be set up in redundant networks.

SmallMail is a direct response to European data retention legislation, which requires authorities to store e-mail traffic and call log data for a period of six months. The reporter claims that the legislation is a severe threat to investigative journalism, because authorities could use the logs to trace down whistle blowers.

In addition to the privacy conscious, De Winter argues that the application could appeal to corporations and government bodies that need a secure way to exchange messages. Terrorists and criminals too could use the tool, he admits. "But unfortunately terrorists already have comparable tools of their own. You can use this both for good as well as for to do harm."

SmallMail is currently in beta and has been tested for Ubuntu only. The project is looking for volunteers to port the open source application, which is written in Python, over to Windows and OS X.

» posted by ITworld staff

WebWereld Netherlands

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Close

On Twitter now

open source

Powered by Twitter
You are logged in | Sign out
Sign in and post to Twitter

What are you thinking?

Cancel Tweet sent

On Twitter now

Comments

$35000, not $35 donation

Hi,

We actually got 25.000 euro ($35.000) not 35.

Cheers,

Brenno de Winter
| reply

大阪 電装品

セルモーターリビルト。オルタネーターリビルト。 リビルト在庫多数。大阪で電装品販売。大阪でウイング車モーター修理・販売・在庫多数。大阪でパワーゲート車モーター修理・販売・在庫多数。大阪でバッテリー販売。リンク品在庫多数。
| reply
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Featured Sponsor

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Marketplace