Category Archives: Post

What's Left for private Messaging

I had the privilege to address the annual Chaos Communication Congress (36C3) in Leipzig last week about the state and remaining issues in private communications.

The recording of the video has been made available by the CCC, and I have also posted the slides.

The TL;DR for me is that many of the trade-offs are balancing the stability of user experience with privacy mechanisms – and finding more ergonomic user experience interactions will be as important as new systems schemes are to improving the ecosystem.

I am particularly excited by the number of ongoing effort reducing trust in central servers. Many of the mechanistic trade-offs we face are due to the topology of our systems. With systems designed for fully anonymous interaction, like mixnets, PIR, and oblivious messaging, we can model and mitigate threats from much more realistic adversaries than we do with popular channels today. (For instance, consider an office which has received a whistle blowing message. If the receiving investigation wants to identify the source, they likely control both the local network, and have the ability to send messages to the account that initiated the conversation. Our current designs will find it quite difficult to protect a user from this scenario)

Email Security Checklist

There are a lot of various standards and protocols in play around SMTP that are being used today to validate email. when setting up self hosting, recently, I found it useful to refer to the following checklist of the following validations that I should be configuring.

For a server receiving email on behalf of a domain:

  • Delegated by MX or A record
  • Correct PTR record matching server HELO
  • TLS Cert for StartTLS upgrade support
  • MTA-STS record to indicate the expectation of TLS
    • A dns record of the form IN TXT "v=STSv1; id=20160831085700Z;" defining the current policy ID
    • the presence of which triggers an HTTPS fetch of
    • that file contains a policy of the form
version: STSv1
mode: enforce

For longer term validation (these standards seem to still be getting adoption, so probably won’t be validated by most senders)

  • DNSSEC enabled for the domain
  • DANE dns records for the expected cert
    • there’s a tool to test your implementation.
  • CAA dns record to limit cert issuer

For a server sending email on behalf of a domain:

  • Coming from a stable IP, ideally the same as the receiving server
  • HELO matches both MAIL FROM sender and the sending IP’s PTR record
  • Equipped with the TLS cert for the domain to be able to offer as a client certificate
  • SFP record
    • of the form TXT "v=spf1 +mx -all" (or “a” instead of “mx”)
  • DKIM header signing of messages
    • DNS <selector> record with pubkey
  • ARC headers
  • Register the domain on

Ethics of Censorship Measurement

I gave a talk this past summer at DEFCON on the ethical quandary that continues to play a role in the academic discussion of network censorship measurement. Over the course of my phd studies, there was a significant arc of time where the community yielded to caution as the issues around ethics were better understood.

These issues have not gone away, and in the intervening six months since this talk, we’ve seen new groups re-develop techniques deemed problematic by the prevailing winds of the academic community.

Watch on Youtube


Tibet 2018

In the second half of August, 2018, I biked from Golmud in Qinghai to Lhasa. The road, the G109, is a lifeline for Tibet, with 85% of supplies for Tibet imported along this route. It parallels the primary train line into the region, and was one of the first paved routes on the plateau.

It’s also 1000+km above 4,500m.

My original motivation for the trip was a similar but different route, the G318 road connecting Chengdu in Sichuan to Lhasa. This route is one of the most popular long distance cycling routes in China, and there are a number of posts I found when looking for bicycling adventures in China that were simply incredible. The 318 wasn’t fully paved until 2013, and it wasn’t uncommon to see posts where groups were fording stretches of waste-deep mud. While this adventure lacks some of the romanticism, it approximates what for me is at the heart of the pilgrimage.

We started by flying to Xining, with a layover in Beijing where I redeemed online train reservations for tickets. After a short connection to a night train to golmud, we got our bikes assembled, and I navigated the kuaidi system to ship the extra luggage to a hotel in lhasa.

The first adventure occurred 30km outside of town. After passing signs warning us we’d already entered Tibet (we were still 100’s of km from the official boundary of the TAR, but the G109 road is managed by the Tibetan authority from Golmud), we encountered a road checkpoint that wanted foreigners to be accompanied by a guide, and to have a valid permit for entering the region. I had worked with Extravagant Yak to secure a guide from TuoTuoHe, a town before the first such checkpoint which either of us were aware of. After a couple rounds of discussions between the officers, us, and the tour guides, we were allowed to continue unaccompanied on the first leg, as initially planned. The hesitation and negotiation reminded me of how rare it is for foreigners to be in this area.

The first week was the highlight of the trip for me. A series of low-mileage but strenuous days brought us to the plateau, and the direct, spontaneous interactions we were able to have each day were fantastic. We got water from a local spring, received a warm welcome from returning military convoys, and learned how to operate a coal stove.

Tibet was interesting to finally see as well. I’ve hesitated to travel or interact with the region because of the political sensitivities. I don’t feel like that I was missing too much – my general impression of Tibetan culture and lifestyle has not dramatically changed as a result of the trip, though I do appreciate the direct experience confirming what I had suspected. In broad strokes, the situation of the Tibetan minority does not seem abnormal to that of other Chinese minorities. Like Xinjiang, there are restrictions on movement, a different predominant language, and different cultural norms. The underlying tensions are not unique, increased Chinese driven development is modernizing the society, but there is concern that the uplift is not equitable, and that improvements may mute traditional cultural values.

Regardless, Tibet-the-location is beautiful, and was fantastic to explore.

Open Letter to the Cuba Internet Task Force

The following is a response to an invitation to participate in the recently formed Cuba Internet Task Force.

Task Force Representatives:
I will not be joining the Cuba Internet Task Force, or Subcommittees, because I believe the harm done by the existence of these committees outweighs any potential benefit of the recommendations that can come from them.

In recent years, Cuba has increasingly normalized Internet usage, through expansion and cost reduction of WiFi, through the advent of AirBNB as a major source of tourism revenue, and through growing traffic capacity.

In the scope of my work, I have documented the flourishing community wireless networks operating in tandem with official Internet service from ETECSA. These community efforts already address the “last mile” problem, and it is not hard to imagine the future where they are consolidated or integrated to provide Internet-to-the-home for many more Cubans.

These efforts are hindered by the perception by the Cuban government that the Internet and its associated ‘freedom’ are being forced upon them by the United States. In the wake of the creation of this task force, Cuban media has focused on the implied pressure, and private individuals in the Cuban technology sector have come under increased scrutiny.

Instead of attempting to influence the policies of another sovereign nation, I encourage us to reflect more on our internal policies. US government sanctions currently require a wide range of US-based education and reference sites from blocking Cuban traffic. Likewise, limitations preventing Cubans from connecting to US-invested undersea cables are partially responsible for the scarcity and cost of Cuban Internet connections. Reducing these sanctions can allow Cubans to become a market for US companies, and will provide additional incentives for widespread connectivity across the country.

A whirlwind trip to Beirut

Through a series of unlikely events, I found myself with the opportunity to visit Beirut for a week in early March of 2018. It was a great experience, and challenged many of the stereotypes I had developed about the realities of both the middle east and proximity to conflict zones.

The most impressive aspect of Lebanon to me was the handling and presence of the refugee situation in the area. Lebanon has had a significant southern area of refugee camps for those moving away from conflict in Palestine. More recently, a sizable refugee population has entered the country leaving the Syrian conflict. Today, there are more refugees in Lebanon than citizens, which is a source of conflict and tension in many parts of the country.

Camps, at least the impressive images of dense clusters of refugees we see in western news, do not reflect the reality I found in Lebanon. At least from the portion of the eastern countryside I saw, refugees are situated in small clusters of a few families at edges of existing towns and cities. While shelter construction is rushed, as families arrive and quickly need places to stay, there’s a significant local variability in how much local time and resources are available to construct more livable dwellings. On the ground, the competence and overloaded-ness of the local NGOs and community members is probably the biggest factor in outcome. The structures I saw had power, TVs, and charging android phones.

I was caught off guard in a good way by the urban population center of Beirut. First, Beirut continues to exist as a melting pot of a bunch of different ethnicities and cultures. Second, there was both a general tolerance and liberalism that exceeded what I’ve seen in UAE or Pakistan. Third, that liberalism translated into a much less pervasive security apparatus than I was expecting given the location and strife in the region. I needed to provide a passport as Identification for hotels, but did not need it for travel in the country, and did not need to show ID for access to school campuses of businesses. Part of that is white privilege, but in general there was not infrastructure to support any meaningful restrictions of movement or exclusion of groups from public areas.

I was likewise surprised by the seeming ease with which people were able to travel between Lebanon and Syria. For the demo day of a syrian entrepreneurship bootcamp, a number of spectators traveled to Beirut for the day from Damascus. The general sentiment I heard from several Lebanese was that the country is generally safe, but that as you get towards the edges, it’s preferable to travel with someone from the area who knows people. It’s often non-obvious, but traveling with someone who already has relationships built with those in the region seems to be the accepted way of keeping situations diffused.

In terms of connectivity, much of the stress of the country is that the conflict surrounding it has meant that there are not solid landline connections to the rest of the world. This means most Internet traffic is routed through an undersea cable to Cyprus, which limits the overall capacity for the country. In turn, this leads to relatively expensive fixed-line Internet pricing, with many people opting for mobile Internet. Mobile connections can often be cheaper and faster than the DSL providers. In rural areas, it was noted that there are some cases of communities sharing mobile connections, through hotspots or tethering to a connected phone.

One of the signs I found heartening was that at the makerspace in Beirut, there were members with Tor project and Internet activism stickers on their laptops. The ability openly express support for those causes is a great sign that civil society is able to function without significant pressure on that front.