Hamann Distributed

Making mistakes at scale so you don't have to.

Will Darkmail Be Secure? Probably, but It Doesn't Matter.

So there’s currently all the rage about the Dark Mail Alliance, re-inventing electronic mail in an easy to use, fully decentralized and cryptographically secure fashion. I think there are some brilliant minds on the project and I personally wish them the very best.

A few months ago, there was the first true spiritual successor of the original Skype called Tox in the making, and I can’t even pretend all of this this isn’t great news. Finally the FOSS community wraps up DHT’s, strong crypto, hole punching and even video – just like the original Skype – and puts it into a nice zero-configuration package. The project is getting well deserved publicity, crypto expertise and UX love, and is predestined to take off soon in times of PRISM-raised consumer awareness.

So why am I still not excited?

Because we’ve progressed to far. Laws worldwide have been hollowed out from steady lobbying since 9/11 – and it helps to look into the past to predict what will happen next.

Tox and Darkmail are already on the shortlist of every TLA (three letter agency) worldwide. What happens if you use it? Guess what – you’re officially making yourself a preferred target.

A great read on this topic is PHK’s “More encryption is not the solution” that goes much more in depth than this article and I admit I couldn’t have written it any better.

But to phrase my concern in my very own words: You can still trust the math behind cryptography – but it doesn’t matter at all. What you can’t trust on in 2013 is your device manufacturer, your carrier, your operating system and your e-mail provider.

And especially if you’re a second-class citizen of the world (or you are from the US, and your traffic somehow gets routed outside US jurisdiction), the NSA won’t give a shit on breaking all international laws to get to the messages you are sending and receiving. Not only did they self-excempt themselves from international jurisdiction like just a few other states like Cuba or North Corea – they are not even liable to any of their actions to their own people.

So who will use the new strong cryptography tools? Here’s my prediction: 20% curious minds and technologists, 40% who have something to hide for good reason, 40% who have something to hide for bad reason. The big masses won’t care. And as long as you’re not using a more exotic device, carrier and operating system – preferably not even from your own IP as to not have blown your cover by the mere fact that you are using encrypted traffic – you can bet your ass they will go after you to have you lynched in the public.

So what’s coming up next? Voice processors. After Facebook helped indexing anything that you expose to the public and Dropbox went along with implicit “free photo sharing” to the NSA, their next target will be everything you didn’t even want to expose. Uploading hours and hours of voice communication is still too obvious by looking at your phone bills, but 24h of your verbal communication in an encrypted zipped text file after your device’s built-in speech recognition (of course together with GPS location info) will just disappear in the data noise of always-connected “factory” and carrier daemons and is easier to process for real-time analysis anyway.

Make no mistakes – the on-demand “roving bug” is already a reality since 2006 – this will only take it to the next level. Even switching your phone off will not protect you, but rather make you a hard target again.

Privacy in the near future will be at places where you don’t have a smartphone – and nobody around you does either. It will be as hard to find as diamond and impossible to stop if we don’t start acting on a political level soon. And to quote my favourite political satirist, Volker Pispers: “Politicians in Germany always say: Why not collect all the fingerprints and save them in a database? The Spaniards do it as well! – Do you actually know why? It was done by a dictatorship (Franco) and fell into the hands into a democracy. No problem – except if it happens the other way around…”

If you’re not scared yet, do yourself a favor and watch the ingenious “The lives of the others” to get a grip about what a real dictatorship managed to do with 1980’s technology already. Put more than thirty years of technology evolution on top and you’ll be scared shitless. If you want to know why the Germans are always at the forefront of privacy protest, that’s why.

What’s going to stop all of this? Not Tox. Not Darkmail. Simply people standing up all over the world to stop the madness.

And honestly – I don’t see that coming.