The Small Sister privacy project has released the first beta of its SmallMail application, which it claims will allow people to send email messages that can't be intercepted or traced by government agencies or the security services.
SmallMail hides the content of email headers when messages are transferred across the Internet by encrypting that data. Because the information can't be traced, security agencies are unable to determine where a message originates and where it is heading.
The open source project was founded by a group of five Dutch developers and is headed up by Brenno De Winter, an IT journalist specialising in security and privacy matters. The NLNet foundation is sponsoring the project through a 25 euros (£24.29) donation.
Small Sister is the first public project offering anonymous email, De Winter claimed in an interview with IDG affiliate Webwereld. Current technologies only allow users to encrypt the body of a message, but fail to hide a message's headers from snooping.
Little Sister relies on Tor, a service that facilitates anonymous web browsing. The service routes Internet traffic across a series of routers across the world while scrubbing all information that can be traced back to the recipient. Government agencies trying to trace a Tor user will lose the trail as soon as the enter the Tor network. Although it is possible to send email through Tor today, in those cases the message itself isn't encrypted. SmallMail marks the first application that uses Tor in combination with encryption, while aiming to do so in a way that doesn't require advanced computer skills.
Because traffic is rerouted through a series of hubs, the delivery of a message will be delayed, taking about three minutes before delivery. Sending messages through SmallMail requires both the sender and recipient to install special client software, as well as switch to a special mail server. The project currently offers one such server for public use, and individual users can set up their own server. De Winter expects that in the future servers will be set up in redundant networks.
SmallMail is a direct response to European data retention legislation, which requires authorities to store email traffic and call log data for a period of six months. De Winter claims that the legislation is a severe threat to investigative journalism, because authorities could use the logs to trace down whistle blowers.
In addition to the privacy conscious, De Winter argues that the application could appeal to corporations and government bodies that need a secure way to exchange messages. Terrorists and criminals too could use the tool, he admits. "But unfortunately terrorists already have comparable tools of their own. You can use this both for good as well as for to do harm."
SmallMail is currently in beta and has been tested for Ubuntu only. It can be found here. The project is looking for volunteers to port the open source application, which is written in Python, over to Windows and OS X.