~ev/mailbox

A digital mailbox so that people can send you private messages
ask the server for pubkey on first contact
add disclaimer
add raw message to view encrypted message

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~ev/mailbox
read/write
git@git.sr.ht:~ev/mailbox

You can also use your local clone with git send-email.

#Mailbox

A digital mailbox so that people can send you private messages

WARNING: this software is not intended for use for anything important, whatsoever. Do not use it for your critical mission. We do not know if this actually works, we just think that it works. We have no idea if TweetNaCL is actually secure, or simply advertised as secure. We also have no idea if our code doesn't suck. Please assume our code sucks, and go back to using your bmail (aka: ok, boomer mail).

If that didn't scare you away, give it a try by reading everything below before you do anything.


#Why?

Electronic Mail is so 1960s.

Setting up and running your own email server is a bitch and a half. So most people just use Gmail, FB, Microsoft, etc and give away all of their private communications so these companies can read their correspondance with "artifical intelligence" otherwise known as low-paid workers in third world countries who speak a little English. These not really artificial workers keep your email box clean of spam for a low price compared to how much these companies make off your email by selling you advertisements that are targetted as closely as possible to your needs and wants.

Why is email so hard to set up yourself? Because it's an ancient system with a million configuration options, no privacy, and was built to emulate the US Postal Service (POP3 even stands for Post Office Protocol) by tossing all of your emails out onto the information super highway and hoping they get routed to their destination.

Then there are the kids these days, who do not use Microsoft Exchange Server to send emails. Instead they fall into using e2e encrypted chat apps that they've been tricked into thinking are private, because these companies tell them that they are private. Yes, their messages probably are private to m2m attacks, because only SnapChat and WhatsFace can see your messages -- but the people at these companies can probably read their messages.

Why not build a digital mailbox, instead of trying to build a digital postal service?

IRL, Mailboxes are easy to use. You open the box, and toss an envelope into the box. In many places in the world, you can send someone a letter just by tossing a letter into their mail box! It's totally easy, no postage required.

My aim with Mailbox is to make the code so simple that you can write it yourself. If we keep it simple, we can all build our own mailboxes from scratch and within our communities we can probably keep them interoperable. If not, we can work out the details between each other.

#What?

Mailbox uses TweetNaCl, because it's relatively small and was written by Daniel J. Bernstein at University of Illinois Chicago. Because we're going to write this application in JavaScript, we'll use the JavaScript port: TweetNaCl.js.

We use ed25519 keypairs (the same as is in http://bogbook.com/, so you can use the same key if you want) as identifiers. We convert the keys to ed25519curve keypairs using ed2curve when boxing and unboxing messages.

When you hit 'Send' Mailbox encrypts the message to the recipient, then it contacts your host Mailbox and saves the message there, so it can be picked up later when the recipient checks their Mailbox.

In order to check your mail, Mailbox downloads all of the mail on the server into your browser, where it saves the messages in their encrypted state. Then it attempts to unbox all of the messages in your browser, failing if you don't have the correct key.

#How to run Mailbox

git clone http://git.evbogue.com/mailbox.git
cd mailbox
npm install
npm start

Navigate to http://localhost:7777/

Right now Mailbox isn't quite ready to send to multiple mailboxes --- to send me a message using mailbox, visit http://mail.evbogue.com/ and send a message to @Q++V5BbvWIg8B+TqtC9ZKFhetruuw+nOgxEqfjlOZI0=


MIT