Email via Onions

April 6, 2018 - Reading time: 2 minutes

I use org-agenda, the Emacs task manager, as a TODO list and the problem of getting email to work from an onion address has been a remaining very low priority task for the last couple of years. Not many people need this sort of functionality, but as time passes the problems with conventional email get more acute, especially if you are running your own server.

The problems with existing email can be summarized as:

  • You need a domain name, which costs money.
  • You need a TLS certificate. This isn't as much of a problem now as it was a couple of years ago, but LetsEncrypt is becoming a single point of failure.
  • The protocols were devised during the "profdoctor" stage of the internet, when most users were academics and everyone trusted everyone. Security was an afterthought, and the consequence was a massive spam problem.
  • Port forwarding has to be done for NAT traversal. What if you don't control the internet router?
  • Indiscriminate blocking based upon IP address ranges is increasingly a problem.
  • Some ISPs block email ports.
  • Some ISPs force users to proxy outgoing email via their own server, making censorship or MiTM a possibility.
  • PGP/GPG is needed for content security. A lot of people whinge about the unusability of email encryption.

Using onion addresses gets around the above issues. With onion addresses the public key crypto comes for free, so PGP isn't strictly required and the nay-sayers can stop whining. If you're paranoid enough then you can still use it as an extra encryption layer. Using onion addresses also ensures end-to-end security between email servers.

So long as you're willing to put up with a random-looking email address, and your friends are sufficiently geeky, then onion addresses solve a lot of niggly problems.

Recently I've put some effort into making this work on Freedombone and managed to arrive at a solution where you can send email between onion addresses or between an onion address and a clearnet address. Configuring Exim to do this is mind-bendingly tricky, but possible. This is also a sufficiently niche thing that there is not much information available out there, and what information exists is usually either far out of date or just wrong.

Support for onion email addresses will work "out of the box" with a new Freedombone install. There is also an app called bdsmail, which does something similar but using I2P as the transport mechanism. So you can take your pick, whether you're a Tor fan or an I2P fan.

Another Blogging System

March 31, 2018 - Reading time: 1 minutes

The popular Ghost blogging system has been in Freedombone for a while. Recently I was trying to update it using the current Node LTS version (8.9) but not getting very far. The command line app had its option to specify the user account deprecated, and that seemed to be an important feature without which the installation process became a lot more complex.

I was struggling to get the ghost command line to work without a lot of errors and was also thinking that it's 2018 and surely blogging software doesn't need to be this complex to administer. The essence of blogging software is pretty simple, and probably it doesn't require these thousands of javascript dependencies.

So I've decided to remove Ghost from Freedombone for now. Instead I've replaced it with Bludit. Bludit is much simpler and easier to install. It has no database, so moving it from one domain to another or making backups is just copying a directory. The amount of RAM needed is negligible, so it should run even on the most minimal single board computer. It also of course supports RSS via a plugin.

Perhaps Ghost will return in future, but for now I think Bludit is a better option for self-hosting. When you're self-hosting web systems it's not just the bling which matters, but also the practicality of maintaining the system over time and on low cost hardware.

This means there are now two blogging options on the server version of Freedombone - Bludit and HTMLy. Both are databaseless and written in PHP.


The blog of Bob Mottram, a Free Software hacker and maintainer of the Freedombone project.

Web site