[Mailman-Developers] [GSoC14] Full Anonymization Project Idea

Kshitij Gupta kgupta8592 at gmail.com
Tue Mar 4 19:47:30 CET 2014 

Hello,

I am Kshitij Gupta, an undergrad student in Computer Science and
Engineering at National Institute of Technology, Jamshedpur, India. I have
previously worked on AppArmor Profile Tools[1] in GSoC'13 for openSUSE and
have some experience with Python and bzr/launchpad. I have had little
exposure to workings of email and mail servers.

I have been looking at the project description and found the idea
particularly interesting as it will allow me learn about internal working
of mailman and also understand privacy aspects.

As I understand, we can do this in the following ways:
1. For each subscriber on the mailing list generate a random encryption and
decryption key, which will be store in the database.
2. Everytime user sends the mail we can encrypt the email to a hash which
will then be used as the pseudo id for the user. To do this we can either
use salt (as in time) to ensure a new email id is generated everytime or
without salt which equivalently fixes a single id for the user.
3. From the email we can cleanup headers, converting the users timezone to
a standard UTC timezone.
4. We can also hash the users original email id and append it as a
signature to sign the mail, ensuring the authenticity of mail in a
conversation.
5. For replies, the person replying can respond to the message, the email
address will then be decrypted by matching against the list of all
decryption keys and matching the digest of the mail id for additional
security and forwarding it to the intended user.

The above steps (in my understanding):
1. Will allow users to anonymously post to mailing lists.
2. Ensure nobody can pretend to be someone else in a thread via the
personal salt.
3. Allow users to communicate in threads and reply to each other.
4. Use a constant space for users in the database, at the cost of matching
against multiple decryption keys and then checking against the hashed email.
Look forward to some feedback and hope to contribute to the mailman
community.

[1]- https://code.launchpad.net/apparmor-profile-tools , however the code
was recently merged into the branch upstream at:
https://code.launchpad.net/apparmor where development continues.

Regards,
Kshitij Gupta

More information about the Mailman-Developers mailing list