Privacy preserving web-based email

Authors:
Kevin Butler;William Enck;Jennifer Plasterr;Patrick Traynor;Patrick McDaniel
Affiliations:
Systems and Internet Infrastructure Security Laboratory, The Pennsylvania State University, PA;Systems and Internet Infrastructure Security Laboratory, The Pennsylvania State University, PA;Systems and Internet Infrastructure Security Laboratory, The Pennsylvania State University, PA;Systems and Internet Infrastructure Security Laboratory, The Pennsylvania State University, PA;Systems and Internet Infrastructure Security Laboratory, The Pennsylvania State University, PA
Venue:
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Year:
2006

Citing 12
Cited 0

Internet Privacy Enhanced Mail

Communications of the ACM - Special issue on internetworking
The official PGP user's guide

The official PGP user's guide
Sendmail(2nd ed.)

Sendmail(2nd ed.)
Crowds: anonymity for Web transactions

ACM Transactions on Information and System Security (TISSEC)
Onion routing

Communications of the ACM
How to share a secret

Communications of the ACM
Freenet: a distributed anonymous information storage and retrieval system

International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
The free haven project: distributed anonymous storage service

International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Reasonable expectations of privacy

Ethics and Information Technology
Unpacking "privacy" for a networked world

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Publius: a robust, tamper-evident, censorship-resistant web publishing system

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Stronger password authentication using browser extensions

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service's privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user's privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google's Gmail, Microsoft's Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.