Chatmail servers as middleman for classic email

If I understand correctly when user can’t use chatmail servers (e.g. IP whitelist like in mobile networks in Russia, possibly Iran and other countries with heavy censorship) and bound to use classic email there is a lot of information being collected by email provider.

While classic email mode in such circumstances is the only way of secure communication it possess a security risks. Even if chatmail servers will relay every message and hide real emails from classic email providers that won’t stop providers to compare files of encrypted messages and companies (and states) still be able to connect accounts to each other.

Bear in mind that whitelisted email providers in Russia require phone number for registration so basically can identify all classic email Delta Chat users before their first message even sent.

Classic email is a great censorship circumvention tool but it is vulnerable. Apart from individual chat privacy with introduction of channels in Delta Chat classic email providers will be able to track peoples subscriptions and therefore states will be able to track and prosecute dissenters.

I don’t have enough knowledge to fix such vulnerability myself but I have some thoughts:

Proposed behavior

1. User sends a message to another user
2. User message locally encrypted as usual - with recipients public key (all metadata is unencrypted)
3. Metadata (sender and recipient addresses) encrypted locally with chatmail server public key
4. Encrypted message AND encrypted metadata sent to GENERIC address of chatmail relay
5. Chatmail relay receives message and decrypts metadata to relay a message
   1. Chatmail relay (with random delay) adds senders address and garbage data beside message and encrypts it with recipients public key again to alter filesize and timestamp of the original files in email
   2. Chatmail relay sends altered encrypted message to recipient from GENERIC address
6. Recipient receives message then identifies sender with first decryption (chatmail relays) and displays message in correct chat with second decryption (senders)

Maybe message bundling by relay also can help with data obfuscation and optimization.

I think you are inventing Anonymous remailer - Wikipedia.

This could certainly be done by bots. Onion bots which batched massages would slow them slightly, but weaken timing attacks. Such bots would tend to be secret, I don’t know if any exist.

Profiles that use multiple relays/e-mail addresses, combined with upcoming session keys that only last for one exchange, should make traffic analysis harder in most cases; but if all the e-mail addresses are pre-linked to real-world identities by the Russian government then it won’t help.

Generally, Deltachat does not currently attempt to hide sender and recipient address metadata. There are better messenger apps for that, though I don’t know how well they’d work in some areas of Russia. Building your own covert wi-fi is an alternative for local communications.

If that is what you are saying, would it be okay to retitle this post “Chatmail leaks metadata on which accounts communicate” or similar?