Idea: How to exchange Emails outside the forum, without giving up opsec

[OutOfMemory]

I'm just gonna roll out an idea here that lingered on my mind to post on bitcointalk for longer now, on how to exchange messages via email outside the board, with like atomic low security risk.

Question: How to send Email to a forum member without giving up anonymity or worrying that highly sensitive, private information is being stored in btctalk's PM database?

Answer: Consider the following steps:

1. Member "A" wants to send mail to member "B"
2. B creates a ten-minute-mail address (TMM), sends it to B via PM or posts it in a forum message
3. A sends email to B's TMM-address, using a random string or number as email title
4. A let's B know what random string/value he used as a title, to avoid imposters.
5. B looks in his TMM inbox, opens and reads A's email, identified by said unique title.
6. TMM address expires after ten minutes, as usual. All traceable data should be lost.

I came across this idea when using a newspaper portal comment section, lacking the ability to exchange messages with other users, when i did want to communicate privately with another user, without exposing (one of) my email address(es) to the world and also without worrying that somebody else could disturb communication by pretending to be the user i originally wanted to communicate to.

I created a TMM address, posted it with a request to instantly send me (one of) his/her real email address(es), with a random number as title. After sending the mail, the user should post his random number, for me to identify the authentic email in the TMM inbox. Could have also been a phone number instead of a private email address, for example.
So i could write a standard email from a personal account to the user's personal email without exposing my or her/his email addy (or phone number) to the world forever.

Maybe this is of some use to some follows here on bitcointalk.

#hodl

EDIT: If you find a flaw, let us know and discuss it  

[1713454987]

1713454987

[1713454987]

1713454987

[1713454987]

1713454987

[1713454987]

1713454987

[LoyceV]

Isn't it much easier to just use a new Protonmail account for this? I made one for the sole purpose of receiving an encrypted email once, and if I need it again, I can just use it again.

[o_e_l_e_o]

I don't see any major flaws with your set up, other than the fact it is massively over thinking the problem.

If you want to send another user a message without exposing any private info like an email address and without any risk of it being intercepted, then just have them provide you a PGP public key, encrypt the message, and send it through a private message.

[OutOfMemory]

Isn't it much easier to just use a new Protonmail account for this? I made one for the sole purpose of receiving an encrypted email once, and if I need it again, I can just use it again.

Consider you posted your protonmail addy on a public www channel. You would receive quite some spam. It's like indirectly spamming protonmail, especially if you'd do this often, imho. That's why i chose the ten minute way, for example to let somebody i don't know write to my protonmail address. I wouldn't need to remember (or store) multiple protonmail addresses, change their password(s) regularly (optimally) etc.

It's just another layer of security and there are no after effects as soon as the mail address expires.
But hey, security isn't always meant to be easier, isn't it?  

I don't see any major flaws with your set up, other than the fact it is massively over thinking the problem.

If you want to send another user a message without exposing any private info like an email address and without any risk of it being intercepted, then just have them provide you a PGP public key, encrypt the message, and send it through a private message.

I'd have to manage additional keys. Not easy for a guy with memory problems, maybe that's why i can't exactly agree to the "over thinking". 
It's just quick, clean, easy approach, which applies to all other platforms. It's not restricted to forum use, but also newsgroups (if you're into that kind of thing) or public http-chat, comment sections of news articles - you name it.

[LoyceV]

Consider you posted your protonmail addy on a public www channel. You would receive quite some spam.

I posted it months ago, and haven't received any spam.

6. TMM address expires after ten minutes, as usual. All traceable data should be lost.

But you can't verify that, so you have to trust them on it. "Trusting" isn't very "Bitcoiny".

If you want to send another user a message without exposing any private info like an email address and without any risk of it being intercepted, then just have them provide you a PGP public key, encrypt the message, and send it through a private message.

I'd have to manage additional keys. Not easy for a guy with memory problems

PGP keys aren't ment to be remembered, just store them safely. It's annoying to setup though.

How cool would it be if the (new) forum would implement client side PM encryption by default?

[o_e_l_e_o]

It's just quick, clean, easy approach, which applies to all other platforms.

Same as PGP keys. Just post your public PGP key once, and anyone can send you encrypted information which only you can read across any medium they choose - email, PMs, instant messaging, chat rooms, Facebook messenger, Twitter comments, forum posts, you name it. Even better is that you can verify it came from the person you think it did by using their PGP key, with no need to have them message you over a different medium with a random string of characters.

It's annoying to setup though.

Setting up a PGP key for the first time would only take marginally longer than OP's "disposable email plus forum message to confirm" system, but once you've done it once then it takes seconds to use it again in the future.

[OutOfMemory]

Consider you posted your protonmail addy on a public www channel. You would receive quite some spam.

I posted it months ago, and haven't received any spam.

Lucky you 

6. TMM address expires after ten minutes, as usual. All traceable data should be lost.

But you can't verify that, so you have to trust them on it. "Trusting" isn't very "Bitcoiny".

Can't disagree on that, but the purpose is to hide a private email address from the public and to make sure only the right person receives it.

If you want to send another user a message without exposing any private info like an email address and without any risk of it being intercepted, then just have them provide you a PGP public key, encrypt the message, and send it through a private message.

I'd have to manage additional keys. Not easy for a guy with memory problems

PGP keys aren't ment to be remembered, just store them safely. It's annoying to setup though.

How cool would it be if the (new) forum would implement client side PM encryption by default?

Extraordinary cool 

[LoyceV]

the purpose is to hide a private email address from the public and to make sure only the right person receives it.

Why would you trust TMM more than a PM on Bitcointalk?

[OutOfMemory]

It's just quick, clean, easy approach, which applies to all other platforms.

Same as PGP keys. Just post your public PGP key once, and anyone can send you encrypted information which only you can read across any medium they choose - email, PMs, instant messaging, chat rooms, Facebook messenger, Twitter comments, forum posts, you name it. Even better is that you can verify it came from the person you think it did by using their PGP key, with no need to have them message you over a different medium with a random string of characters.

True, but i don't want anyone to send me information. I pick a certain user on a public channel (news comment thread), make sure it's him/her that sends me his email address and then i can send my pgp pubkey to this one via "permanent" email for future communication. I don't have PM available on all channels and there's the advantage.
If i post a pubkey on more than one public channel, then there's a traceable connection. I avoid all of this by the ten-minute-mail-randomstring "method".
The idea behind this is not too hard to grasp 

the purpose is to hide a private email address from the public and to make sure only the right person receives it.

Why would you trust TMM more than a PM on Bitcointalk?

I wouldn't. And as stated before and shown in the title "outside bitcointalk forum".

EDIT: gotta run, read yours later...

[moderator's note: consecutive posts merged]

[o_e_l_e_o]

I don't have PM available on all channels and there's the advantage.

You don't need PM for PGP. You can post your encrypted messages publicly. No one else could even tell who the message is for, let alone the contents.

If i post a pubkey on more than one public channel, then there's a traceable connection.

It is trivial to create as many PGP keys as you want.

Sending sensitive information unencrypted to an email address, even a disposable one, is not secure.

[hilariousandco]

Isn't it much easier to just use a new Protonmail account for this? I made one for the sole purpose of receiving an encrypted email once, and if I need it again, I can just use it again.

Or just encrypt your messages which should be if you're worried about anyone else reading them PMs or emails.

[Rizzrack]

How cool would it be if the (new) forum would implement client side PM encryption by default?

Might be doable I guess. You would have to save a PGP pub key in your profile info somewhere (which could be publicly visible or not) and the system would use it do encrypt the message.
For decryption you would need to paste/type the priv key yourself each time (not really a fan of saving priv keys in DBs. Privacy usually comes with less confort)

You would need to trust that the priv key is not stored and only used to decrypt.
So trust your PMs are not read or trust your priv keys are no stored or trust that...

There's no such thing as a trustless automated system. Pluses and minuses I guess

[The Sceptical Chymist]

I don't see any major flaws with your set up, other than the fact it is massively over thinking the problem.

But I give him props for thinking about stuff like this, and even if the solution is overly complex it's something that's interesting to me.  I have no idea what a 10 minute e-mail is, but I'm pretty sure I know what the concept is and that something like that exists (I don't stray far on the internet; I'm a hermit inside a hermit).

I don't have any operations with members of the forum I need to keep secret, so this kinda-sorta doesn't apply to me.  The creativity of encrypting messages has sparked my interest, and I wish I knew more about cryptography....but alas, it would be like learning a new language for me.  Protonmail will have to suffice.

[OutOfMemory]

I don't see any major flaws with your set up, other than the fact it is massively over thinking the problem.

But I give him props for thinking about stuff like this, and even if the solution is overly complex it's something that's interesting to me.  I have no idea what a 10 minute e-mail is, but I'm pretty sure I know what the concept is and that something like that exists (I don't stray far on the internet; I'm a hermit inside a hermit).

I don't have any operations with members of the forum I need to keep secret, so this kinda-sorta doesn't apply to me.  The creativity of encrypting messages has sparked my interest, and I wish I knew more about cryptography....but alas, it would be like learning a new language for me.  Protonmail will have to suffice.

Right. Good to know.
The story:

I posted comments on a news site which didn't have PM or similar possibilities to contact other users privately. Omit the encryption and eavesdropping issues for now, please.
So i asked myself how to let a single user (or multiple users) - who probably have low knowledge in computer science and encryption - know that he should write an email to me if he/she/they would be ok with that. I had to take in account that literally every other commenter could write me fun mails in the like of "hey, it's me, what's up", and i felt generally uncomfortable to leave an email address of mine on the interweb just like so (for reasons and tradition - don't ask please). That's when the idea was born.
10 minute mail addresses are webmail accounts that get deleted if you don't show activity for 10 minutes. Perfect for registering on "freebie" websites, without letting them sell your email to the spam-marketing army.
An email addy i can forget about, nobody will ever be able to bug me through it after use. I just had to make sure that i don't reply to funny clowns that pretend to be the user i wanted to get into direct contact with. That was the birth of the random number, which the user posts in a comment on the news site, right after sending his email address to the 10 minute address i created for this atomic purpose.
end of story.

Like it or leave it 
I'd just thought it could be useful for somebody here, not restricted to bitcointalk ("here's PM, dude!"), which i'm aware that it's not exactly on-topic in meta. I apologize for my ignorance 

[o_e_l_e_o]

-snip-

That's all fair enough. Here's how I would approach the same situation.

I post my public PGP key if I haven't already, or even create a brand new one just for this purpose if I want. I ask the other user to use my public key to encrypt their email address and post the encrypted message. I decrypt their message to obtain their email address, which I can then send an email to. Obviously you can reverse the roles and ask the other user to provide their PGP key first for you to use to encrypt and post your own email address.

Bonus points if both parties share their public keys, so you can now encrypt all email communication, which is absolutely necessary if you are sharing anything sensitive since most email accounts are neither encrypted nor secure.

However, I appreciate my set up requires a degree of technical knowledge and your approach may be more suitable for non technical users.

[OutOfMemory]

-snip-

That's all fair enough. Here's how I would approach the same situation.

I post my public PGP key if I haven't already, or even create a brand new one just for this purpose if I want. I ask the other user to use my public key to encrypt their email address and post the encrypted message. I decrypt their message to obtain their email address, which I can then send an email to. Obviously you can reverse the roles and ask the other user to provide their PGP key first for you to use to encrypt and post your own email address.

Bonus points if both parties share their public keys, so you can now encrypt all email communication, which is absolutely necessary if you are sharing anything sensitive since most email accounts are neither encrypted nor secure.

However, I appreciate my set up requires a degree of technical knowledge and your approach may be more suitable for non technical users.

Exactly. In my case it was all about dating a girl (with shallow technical background).
You don't impress girls by sending them a public key, normally 

[o_e_l_e_o]

Exactly. In my case it was all about dating a girl (with shallow technical background).
You don't impress girls by sending them a public key, normally  

Lol! You better not let on that you just called said girl "shallow". 

5 merit for the first person to provably get a tinder date after using the opening line "What's your PGP public key?"

[nullius]

5 merit for the first person to provably get a tinder date after using the opening line "What's your PGP public key?"

Woah, dude, is o_e_l_e_o encouraging me to dox myself and others for merits?  Or suggesting that intelligent people use social graph leeching, communications-monitoring mass-surveillance sites like Tinder?    ;-)

No Tinder here, and no public proofs of confidential activities.  Nonetheless, this invokes a serious comment that I threw in here:

I don’t kiss and tell.  Get the easy-to-use Protonmail app, and nobody will ever even know that we were in contact.  (Crypto protip, speaking from experience:  Women love having ways to keep secrets.)

Intimate secrets.  Secret diaries, secret love-notes, — whispers in the ear across the distance when we are apart, so that we can always be together.

Such things will not exactly entice a typical woman (or a typical anybody) to memorize gpg command-line switches.  But if presented in a romantic, non-nerdy way, this will seduce her into Protonmail, or encrypted chat/voice/video apps, etc.

—And besides seduction, try fear, disgust, and a feeling of intimate violation.  Show her this video, starting just before the 10-minute mark:
https://www.theguardian.com/world/video/2014/jul/17/edward-snowden-video-interview

Can he [Snowden] give an example of what made him feel uneasy? “Many of the people searching through the haystacks were young, enlisted guys, 18 to 22 years old. They’ve suddenly been thrust into a position of extraordinary responsibility, where they now have access to all your private records. In the course of their daily work, they stumble across something that is completely unrelated in any sort of necessary sense — for example, an intimate nude photo of someone in a sexually compromising situation. But they’re extremely attractive. So what do they do? They turn around in their chair and they show a co-worker. And their co-worker says, ‘Oh, hey, that’s great. Send that to Bill down the way’, and then Bill sends it to George, George sends it to Tom, and sooner or later this person’s whole life has been seen by all of these other people.”

The analysts don’t discuss such things in the NSA cafeterias, but back in the office “anything goes, more or less. You’re in a vaulted space. Everybody has sort of similar clearances, everybody knows everybody. It’s a small world. It’s never reported, because the auditing of these systems is incredibly weak. The fact that records of your intimate moments have been taken from your private communication stream, from the intended recipient, and given to the government, without any specific authorisation, without any specific need, is itself a violation of your rights. Why is that in the government database?”

How often do such things happen? “I’d say probably every two months. It’s routine enough. These are seen as sort of the fringe benefits of surveillance positions.”

It is no joke.  I tightened up on opsec in my personal life, after I realized that the voyeuristic professional perverts at the NSA must have an outright pornographic view of years’ worth of my intimate moments that were NOT MEANT FOR SHARING.  The NSA’s dragnet mass-surveillance is tantamount to a U.S. government-internal version of pinkmeth.

My private life is not intended to be a Ciphersex show for NSA creeps.

This is a serious motive to use no-backdoor encrypted communications, for any decent person who has dignity and self-respect.

Explain it to your date that way, and not in terms of your key size.  Don’t show each other your bits until you get encrypted with her.