Computer: Email: Automated
Freemail   (+3, -2)  [vote for, against]
an encrypted P2P IM/email network

This is a decentralized, secure communications network. You generate a PGP public key. When you want to communicate with someone, you exchange public keys with them face-to-face, via email, or phone. Then, you send a PGP encrypted message into the freemail network. Clients attempt to route the message to its recipient. PGP encryption ensures the privacy of the message and identity of the writer.

If routing happens quickly enough, this system can work as an IM. Otherwise, it works as a collective email system.

Another benefit is that you can send any type of data -- it need not be text.

Also, you can introduce people to one another or convey messages securely over this network. Because the user has initiated the key exchange in another social space, they know how certain they should be of the identities of anyone sending them a message.

This prevents spam, because you don't have any anonymous communications (or at least, you don't have to read them).

PGP encryption is good enough to be not worth cracking, so you don't have to worry about other people reading your communications. In fact, the only worthwhile thing to do on this network is pass messages around.

Another benefit of this system is that you don't have to rely on any mail server, or any server going down. As long as you have your PGP keys with you, and a client application connected to the freemail network, you can retrieve your messages.
-- lawpoop, Jun 08 2005

AOL encrypted IM http://www.instantm...article.php/2218981
In beta for military and business customers [Freefall, Jun 09 2005]

Bitwise encrypted messaging http://www.bitwiseim.com/
Google is your friend. [Freefall, Jun 09 2005]

Bitwise requires money and registration http://www.bitwiseim.com/signup.php
Why Bitwise is not Freemail [lawpoop, Jun 09 2005]

Explanation of public key technology http://en.wikipedia.org/wiki/Public_key
So you can be certain who you're talking to [lawpoop, Jun 10 2005]

Seems baked, but I'm not tech-y enough to say for sure.
-- Eugene, Jun 08 2005


Sounds good to me.

There's surely no reason why the public keys couldn't be in an online database, right? This would negate the need for the initial contact. (I suppose would create need for centralised server)

..

Hey... how about the user name, selected when registering, generates the public key via some numeralisation of the alphabet? (There would obviously have to be some restrictions on user name choice). I then see this working exactly like normal e-mail, with the sender entering the username@freemail.com, and then PGP encryption is automatically applied via the generated public key..?

Does that make sense or do I have no clue what I am talking about?
-- radicalllama, Jun 08 2005


The latter. If you can generate a key, based on the recipient's name (whether algorithmically or by looking something up in a database), so can a spammer.
-- jutta, Jun 08 2005


But only if they know the recipient's user name- which makes it no different from any e-mail system operating presently.
-- radicalllama, Jun 09 2005


This would use a bottleneck slide, yes?
-- bristolz, Jun 09 2005


bottleneck, turtleneck, whatever it takes...
-- dbsousa, Jun 09 2005


The first link in a google search for "encrypted IM service" returned the article in the link.

Would a successful thirty-second google search with a very obvious search term combination classify this as baked, widely known to exist?
-- Freefall, Jun 09 2005


[Freefall] Does encrpyted AIM require you to register your username with AIM? Does it rely on any kind of centralized server? If so, then encryped AIM (or any kind of encrypted chat, for that matter), is not this idea.

This is a P2P chat system with no centralization. Users make their own identities, and give it to their peers. They don't sign up with AOL or any other authority. The only authority here is your personal reputation with the people you communicate with, and the people who vouch for you.

For the reasons above, I think that the only way this system would work is with an open source application, or at the very least, spec of the protocol made public.
-- lawpoop, Jun 09 2005


So this is pure peer-to-peer encrypted linking, with no central server? I think there are applications out there that are fully capable of this already. Another 30 seconds on google found an application called "Bitwise", which allows direct connection and encryption (128 bit for free, 448-bit for paid users).

New link added.
-- Freefall, Jun 09 2005


[Freefall] I guess I didn't explain this properly, but you're missing the point. This idea is to provide secure end-to-end encrypted communication between two parties.

bitwise requires you to sign up for their service. They also bill you.

Bitwise has no place in my private conversations. They have a closed-source product. I have no way of knowing whether or not they are listening. Even if they aren't now, they could be in the future.

Furthermore, if you don't pay, you're off the network. Bitwise owns your conversations, not you. If you read my idea, you will see that users create their own identities, no Bitwise, or any other 3rd party.

This is why this needs to be an open-source, open-protocol implementation. 'Freemail' is more than just a catchy name. It means you own your own conversations, not Bitwise.

Trust me, I've been around the electronic block for a while. This idea has not been implemented yet. Google is your friend, but it is not a magic wand. You actually have to read the stuff you encounter, and understand it.
-- lawpoop, Jun 09 2005


1. You can already encrypt any message -- be it email or IM. Just send the encrypted string.

2. If you give your public key to everyone who needs to contact you, it will eventually fall into the hands of spammers. Change your public key and you lock out everyone.

Baked, useless, mfd. Sorry.
-- not_only_but_also, Jun 10 2005


[not_only] There are several problems with your status quo criticism that freemail addresses. Freemail solves some worst-case-scenario communcation schemes that current IM technology does not.

The point you are missing here is that if you are getting a signed message back, you can validate the identity of your conversation *partner*.

1. Any IM service you use today requires some kind of registration through a centralized service. You are susceptible to AIM or MSN authorities posing as your buddy, when really they are not. Thus, you can have communcation, even encrypted communication, with an imposter. In Freemail, you *exhange* PGP keys with someone. That way, when you get a message from them, you can be sure its them (unless they are sitting at the computer with a gun to their head, being told what to type).

2. It is true that spammers can get your public key, but so what? Don't answer anonymous email. Remember, you have *exhcanged* keys already with people that you want to communicate with, so you can verify that messages claiming to be from them really are from them.

The nice things about public keys is that, if you want to dithc the old one and start using a new one, you can give your new public keys to everyone you know. They will verify that its from you because its encryped with your old public key.

So your points are invalid.

I suggest you do a little reading on public key technology. It should prove quite enlightening. See link.
-- lawpoop, Jun 10 2005


I don't agree with all of what [not_only] said, but I return to my original worry about over-reliance on this sort of thing: complexity.

Is it secure? Yes. Can it be subverted? No. When my message absolutely is for the eyes of the addressee, will another party read it? No. Is there a benefit to cracking keys? This is my concern.

If I wish to encrypt my own 'itty bitty' emails, and use a key, there isn't a spy in the world, trust me, who would benefit by the time wasted in cracking my key. There exist utilizers of email that have issued more mail thus far today than I will in my entire life ... and sensitive communication to those utilizers is important and valuable. Those ! and $ factors alone assure that code breakers will be forever in the hunt of weak keys and workarounds for unauthorized access to files. Incorporate chip identification technology and next step would be access to entire machines. I'd wager that there are developers at Gmail who would flout the proof of concept at sales meetings, just to dissuade independents from going it alone.
-- reensure, Jun 10 2005


There are tools out there that allow encryption via single private keys that require both parties to have the key in order to encrypt and decrypt a message. This allows exactly the confirmation you're talking about.

There are also several tools that allow symmetric key pairs (PGP comes to mind), which use a public key/private key pair. The interesting thing about this is that it doesn't really matter which key is which, but a message encrypted by one key can only be decrypted by its match, and vice-versa. Via this method, anyone with one of the keys can send a message that only the holder of the other key can decrypt.

I'm getting off-track. I guess my point is that there are tools out there that do exactly what you propose. They've been in existence for years. The fact that you haven't found them yourself doesn't make it a new idea.

Bitwise does not require money for the FREE version, but does require registration and payment which allows you to get full functionality equal to what you're requesting. Saying "make it free" doesn't make it a new idea either.
-- Freefall, Jun 10 2005


[freefall] If you take all of the features *together*, then you have a new system. Anything new is built out of existing parts. When they first built cars, they already had carriages and motors. But, put them together, and you have the horseless carriage. This certainly qualifies as a new idea.

Yes, I understand that each part of Freemail already exists individually. What doesn't exist is a P2P network for transmitting arbitrary data based on public key exchange. Yes, you can use other networks to exchange PGP encrypted data. The P2P aspect is yet uncreated.

Bitwise only allows use of *thier* client software. I'll bet the protocol is theirs, too. Can I make my own bitwise client? Can I make a bit-wise protocol compliant application? If not, there is the danger. I'll repeat myself, bitwise is not freemail. Bitwise might be able to listen in on conversations (I live in the land of the partiot act). Bitwise might be able to remotely disable their clients, free or otherwise. Bitwise might go out of business.

Most importantly, does bitwise traffic any of the data through any of their servers, or is it a totally decentralized P2P network? If not, bitwise is not Freemail.

It seems that you think that the decentralized p2p feature of Freemail is an afterthought, but it really is necessary. If you have reliance on any server or company, that's a potential security hole. If you can reverse engineer the bitwise protocol and use it on a decentralized P2P network, bitwise could morph into Freemail, but currently it is not. Right now you can't communicate on the bitwise network without the cooperation of the bitwise corporation, and this is the problem. With Freemail, the user is totally in control.
-- lawpoop, Jun 10 2005


[re_ensure] If the key cracking is your only concern, you can use longer keys. Keys beyond a certain length are illegal in the US, but you could still use it, I guess. I don't know how they would track you down. Besides, even with 'consumer' grade keys, it would take months, upward to a year, for someone to break a conversation.
-- lawpoop, Jun 10 2005



random, halfbakery