[katzenpost] privacy by design

[matbit at airmail.cc]

“imagine” all the people sharing all the world
John Lennon

Hi team,
It maybe looks like off topic, but since we are in same page and 
striving for “privacy right” please forgive me for this post and help me 
if you can.
Many thanks in advance.

It is Hu, a freedom enthusiast software developer, who believes in 
Privacy, and digital rights as well.
I developed an open source and free(libre) app to support people 
establishing their “decentralized online community”, without need to 
running a website(having domain name and host), or having an static IP 
or even dynamic IP.
The software called Comen, stands for “Community Maker Engine“. Users by 
installing Comen can form an autonomous unstoppable online community in 
which they can have their username(much like Domain name), send 
encrypted messages, participate in forums/discussions and having wiki 
pages, personal weblog, run survey, kind of smart contracts, DeFi and 
some other important activities.

Entire communication between nodes (the machines around the glob that 
installed software) is done through “emails”. The Comen software 
automatically sends and receives hundreds of emails in hour to/from 
nodes. Indeed I developed the Comen software to make it very easy, every 
group of people (without any technical knowledge) by 2 or 3 clicks 
establish an online community. To join a community, people just need to 
know the peer’s email address and install the software.
The Comen software creates a local copy of a blockgraph (unlike the 
Blockchains the data structure of Comen is a DAG and not a link-list) 
and records all received blocks in its local DB (AKA distributed 
ledger).
By this design we have an autonomous, standalone, unstoppable, 
decentralized online community on top of a blockgraph in which users 
have personal data sovereignty.
This approach is about caring privacy and avoiding mass surveillance, 
especially in giant social-networks. By Comen everyone can join to 
hundreds different groups or leave them and no one spy them.
Comen is not good for “online gaming” or funny kitty “video watching”, 
but it perfectly works for serious issues against censorship and it 
cares user's privacy. it stops global passive eavesdropping.
Every single line of code that is running on user’s computer is 
transparent and audit-able.
Keeping it simple results No spying, No information exploitation, No 
hidden 3rd party IP connection.
The horizon of system is "Making standard internet, inside the classic 
internet, based on peers".

Going back to software, the email messages between nodes are encrypted 
by asymmetric public/private PGP keys, so they are safe and secure, and 
the email body (the text message) looks like a normal PGP encrypted 
message. The system works perfectly, BUT as we all know the big failure 
of “email protocol” is “meta data leakage”. So we need to fix this issue 
and improve the privacy of email protocol in whole.

You may ask abut “why you use email as transporter and just do not use 
TCP/IP or other newer decentralized messaging protocols”?
The answer is:
- Everyone can obtain one or one million email address with no cost, and 
governments can not stopping individuals from using email. -Thanks free 
speech defenders we still can have anonymous email without compromising 
our identity -, whereas for all other alternate solutions user need to 
obtain an IP or some kind of identification or membership processes, 
which are all in contrast with privacy.
- Email infrastructure is well-established and is accessible all over 
the glob. The emails work perfectly in most dictatorship countries with 
high level of censorship, oppression, IP banning, low speed internet, 
and all other barriers for commercial, high speed services we are using 
freely in Europe and US.
- The email is the only neutral, free (non proprietary) and open 
protocol/technology for communication.

You may ask why you want to update the existed protocol instead of “just 
use TOR or I2p or … and forward your traff	ic to these networks”?
Even TOR or I2p can be disabled, and they did it in Iran, North Korea 
and I guess also China.
In addition using TOR or I2P... as an extra effort for email is not a 
comprehensive and easy use case.

If we improve “email protocol itself”, and add some optional feature to 
it in order to reduce the metadata leak and offer this improvement as an 
“Open (non proprietary) Standard” and drive a social movement to force 
email providers to implement these features/protocols in their 
softwares, we will achieve a huge improvement in “privacy” protecting 
and “freedom of expression”. we can not simply let the email die!

This improvement will improve “email” users experience in whole, and 
also “Comen” software security and privacy level that indirectly causes 
to improvement of “freedom of expression” in recursive style.

I want to ask your opinion about this proposal, since you are 
experienced and professional.
What do you think about idea in whole and its feasibility?
Perhaps we should exchange some emails to talk about details and figure 
out how to deal with this proposal, political(legal) issues, preparing 
some RFC or standard design specs and plan and strategy and roadmap, and 
so on.
We are not too many people with this point of views, so please feel free 
to forward this email to people you may know they are interested in this 
case. (better if encrypted message).

Looking forward to hearing from you.
Hu

P.S. Please no public announcement yet.


My public key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF7mDQ8BDACz2v/gpJGTtTDCMiu2Lsixg9mUf5JBCKvzGJecl76iiLyH08u5
MrcQZsy49YkUIwcPTaTsQxlnSfvNP2Kn+CaK/xE/M/VWLhv9iAS8CbnonRRbgFUC
pCTbXtIsd8e/CNiYugjPh0f0+SqUL4OP4YkGlze8e6CE5OEAVbhwEoxmH0Q6dphk
w35qmtAg4ogWMQIKiwwIYoWw+cfuBAeYSpV1INhqa8LBSxypN/s9bncFkiwYybFd
HdafS3ubj8eTvUFdXFCmwywEQplhB7Vy09IW6QtdNNIMnZ5vEdY3O31q9Bpciuw9
pAbAahRBYIXxPfpKAZbbUuapTxuV3q7H/RB/lBribLt/F2vnA0NnAX5+BKlo0Ls1
ekT0+Rnq4uG5LRwd5/j9XQ0kL6bsNuoa8KJ7EoudZMf5JByHF9mvXvtu3NajQMuD
+bVh+u1P/DRMiBUlrA+IDW63zSGblnqb+AyY0+2/iYNaD5R8XB4+Lb1HHHAgNJU3
OTxrJoi75a5dYhUAEQEAAbQ1SHUyMDIwIChIdSA8bWF0Yml0QHNlY21haWwucHJv
PikgPG1hdGJpdEBzZWNtYWlsLnBybz6JAc4EEwEKADgWIQR1p6C0TxkyrtMaHHjL
/Se6pzY48gUCXuYNDwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDL/Se6
pzY48nnmC/9YO2IYvBg/8jzsSF8CEZCfhcNZ9uwNY5DuoEUFwWmU0SUQ8hVLDGQ/
4zHBPhH3o3xaXLNryokwgwtOSP8mD6/UzVIx+k9puRjnqg/DuIOvedpLHcfOL7KY
tDmuancr8HaqtdtIk/j8rqU91Yejidt6B/NVe+94XrfXRzWZxKFGubz40sHnm/7E
JqSQ6oD7Uc/1kdNfR9sv1v46lV6pXKuYP/UGTgiogO2dXVDnhoEbxBnfVVwTm//U
p6QLAnDrY3T7EAQIBZlnRNkIv+cFTn+6vue3mZ+b5bPzktq/KgANbYyO0mHSMiNM
o2hrbu2ququ6RtLLCEbt9RsiBTX9ii8A9tIeo7/fTdEQOSneKgR6cpvRUiKIoGfD
o0WCK+Ca2Yxbk5jE2pE2ra7H/6mlDOUYpJxM3Ja2nbh5rjynPpzxl4DhimhPjajx
hSgzOC2dV0MUW4oLakzm/cWpgEM8GXwJ6oKi2Od5hFo4gKSFLpzZKJqWLYRIXCFi
JxnQsmoaOgG5AY0EXuYNDwEMALjosse/DIFmJiIuXmYXCBSWRRAHNhRsij6Lth+m
F57hlLprBetfMM0fELhRjDByGMI2EtB7bFMJEnAlPp/CVV4QVydEgZYwtd4JQBP7
ucxlOSyXKW7e175Ahr3EDAjXnDDoN9+J+DaAu+rOc7OePJPBUujPhVxj5KMWF70f
7mKH0yxwiVYZ4ir89fXQgWbDpUeizSyHSSdxFtKqt0DGxnyCsPpVD886TZdILN3L
eSlItx5hpf/Owq2PZHizN8vn4IwJP8wW2qKSZEpkmHfz5LKT0Rr02FiMKkmznnPk
q/pUxTIwrWfcOpXYvQrNnPYxKAREXidOdNn9iOhl5prbyoctE2vdjxd/nP5DujHs
ZAKuGroZ6jAKVkJKl/rtG7ep0VrS35YkdQ4N9Z33uqM9FZZ+hMLCbaOhKb1kuPkm
fYL8MC92jyDdL2xxxDkDkuivwtm8odOpmJoR8XRDR2hL3iEjnmF8kYUVsMKpLKLE
3G1p1EPqoDEd7Jnb23LL0FsHcwARAQABiQG2BBgBCgAgFiEEdaegtE8ZMq7TGhx4
y/0nuqc2OPIFAl7mDQ8CGwwACgkQy/0nuqc2OPIEHQv8CtQDp61gqfxLG1S+kDLK
Ly55s8zBD0MQX+s8ue+Qi/9UWBfXY/nUReh1b/H2S1fgQg17Yjpuz0ytsUa88c8D
5IPP+UrZlnAobalenYXY3O8wcD78EkOQpg1wJNbW5KLqbkoidy8EYfIqJIoI6EtJ
loPmu2u7sNb03F0nDvm3gjwMOhTx44dHTCPSp1mKUtBnsPBJzUBlPV1IJv0QwrD7
9hFHPNbps1iwo7h0uhff0c+hk3o6t1L0W+LqEQ+HwLStL8LQy7+rBYHeuX7WTm4/
jXUZxow8MZGizclSLCZRn8TdQJJ5uq1IPjaFiA8gHmReC8RxcfHi2+HTRh6iD0YY
NPbpEwhjqajAZn+0w+DnipF4YamWWcoLIngBXWQEngZTpw7p2zj3Ln1e5l4i4o5E
Vx8iDhtq+DsHnCX2e/lPWHmNGe1JeFDD8050f6J58pBCItRKqBOcv3+dZKGBVq6Y
uxWQfwxl5CMbZjbXcBRZisFWhJf7prmvqF7BQT4xR+PG
=5qqo
-----END PGP PUBLIC KEY BLOCK-----