:: Internet Public Policy Issue Region/Country: all :: Description Silent Circle and Lavabit founded the an alliance to create an end-to-end encrypted 'Email 3.0' with an open source protocol and architecture. :: Relevance there is no open internet without message privacy. The current mail system cannot secure privacy. Encryption is possible, but even then the messeage contacts (metatdata) can be clearly gathered. Goal: Support for an the new email system in Thunderbird, using an easily accessible integrated encryption UI. Maybe even the creation of a mail server When: together with the availability of the protocol and the first server :: Additional Information http://silentcircle.wordpress.com/2013/10/30/announcing-the-dark-mail-alliance-founded-by-silent-circle-lavabit/ http://www.darkmail.info/
Hi Navid. What is your clear technical request in this bug report? What are identifiable subtasks for developers?
The Dark Mail Alliance is planning to create a new kind of mail protocol and architecture that allows privacy protected mail exchange, where neither the content of the mail can be read nor can anyone see who is communicating with whom, even if they have total control of the network and political pressure to force mail servers to give them data. This should not only prevent spying but also prevent blocking by deep packet inspection. Protocols need clients and servers that implement them. And marketing that makes people use them. Off the cuff I see the following technical subrequests for the Moziall Foundation: 1. With the other members co-create a protocol and architecture that is not just privacy friendly but secures privacy completely. Deliverable: protocol and architecture document, agreed by the alliance. 2. Publish it as open source, making certain there are no patents violated. Deliverable: Legal document stating there are no patent or copyright infringements. 3. Prove the theoretical safety of the protocol and architecture against all known technical and political forces of the NSA. Deliverable: Proof of safety to a list of known attack scenarios. 4. Implement the protocol in Thunderbird and make it the default -- Thunderbird should still be able to receive and send classic e-mail but only if users explicitly refuse to generate encryption keys or consciously decide to send mail unprotected (say, because the receiver cannot receive the protocol). Deliverable: New version of Thunderbird 5. Assert makes unprotected privacy very clear and Thunderbird is still easy to install and set up (no separate installation of Enigmail and GPG). Deliverable: thoroughly tested UX concept 6. If there is no reference server for the protocol create one (though maybe there won't be a client server infrastructure). Deliverable: Reference server 7. Offer a easy to use finding and verification system for encryption keys. Deliverable: Key search and verification infrastructure with a client integrated in Thunderbird. 8. This is not just another mail client. It's a complete ecosystem. It needs strong marketing to get started. Deliverable: Press releases, events, blog and any kind of social buzz, videos of popular or important people recommending its use from experience, etc. This is my first Mozilla feature request. I would like to hear how I can enhance it.
If you are after Mozilla joining the process of defining technical specifications, this is something social that cannot be solved by bug reports. If you are after making developers implement something, we'd probably have to wait for an RFC (or something similar) to be published.
The number of votes that came in only a few hours indicates that there is quite some demand for the email infrastructure to be fixed. The Mozilla Foundation has some political power and is the organization that is attuned most naturally to the problem of user privacy as it has no commercial or political agenda. It is also much more agile than standards committees. It can try politically new ideas more easily. I posted this bug for the Internet Public Policy "product" (as Bugzilla calls it), as the web’s DNA is threatened and the Internet Public Policy group's identity is to "make the Web more robust and take action when the web’s DNA is threatened." A solid technical specification is the first, necessary step. What is the appropriate channel to get Mozilla involved in the process?
Navid, The Thunderbird Team at Mozilla is currently discussing the DarkMail Alliance. Although there is not yet any official interest to get involved we are aware of the alliance. As Andre pointed out a bug is not the proper venue for this but please feel free to watch the discussion here https://mail.mozilla.org/pipermail/tb-planning/