LEAP Encryption Access Project

Bring back the 1990s!

What is Federation?

  • user → provider → provider → user
  • eg: SMTP, XMPP

Better federation

  • The users should be protected from the provider.
  • The provider should be protected from users.

What does
LEAP do?

  1. LEAP Platform:
    a toolkit to make it easy for you to run a service provider.
  2. New protocols:
    so that users don't need to trust the provider.
  3. Bitmask client:
    a client that works smoothly with any compatible provider.

LEAP Platform

sudo gem install leap_cli
leap new example --domain example.org
cd example
leap add-user --self
leap cert ca
leap cert dh
leap cert csr
leap node add blueberry services:openvpn \
     ip_address:1.1.1.1 openvpn.gateway_address:1.1.1.2
leap node add raspberry services:couchdb,webapp \
     ip_address:1.1.1.3
leap init node
leap deploy

New Protocols

  • Soledad: searchable client-encrypted synchronized database.
  • Bonafide: secure user registration, authentication, password change, etc.
  • Key management: precise rules for OpenPGP best practices, automated.

Bitmask client

Current Services: VPN

  • Easy to use.
  • Route all your internet trafic through an encrypted channel.
  • Prevent eavesdropping (thiefs in the public network, police, ...).
  • Circunvent internet censorship.
  • Prevent leaks (DNS, IPv6, ...).

Current Services: email

Work in progress

  • Easy to use.
  • End-to-end encryption.
  • Automatic key discovery and validation.
  • Backwards compatible with email and current OpenPGP usage.
  • Service provider has no access to user data.
  • Strong protection for metadata, when supported.
  • Cloud synchronized for high availability on multiple devices.

Our goals:

  • Mass adoption
  • Increase the cost of dragnet surveillance

Pixelated Useragent

  • Bitmask client and Email Client combined.
  • Modern, good looking UI.
  • Integrated search, search index encrypted
  • Tagging

Activist Setup

  • Useragent needs to get installed locally
  • Private Keys on local device

Organisation Setup

  • Multi-User encrypted Webmail
  • No Installation, access via browser
  • Private Keys on the server
  • Activist Setup possible on individual choice

Metadata

  • Simple Mail Transfer Protocol from 1982 (!)
  • Email exposes lots of metadata (Date:, From:, To:, Subject:, Useragent:)
  • "Memory Hole" proposal to hide metadata in gpg encrypted mail
  • Enforce Transport Security whenever possible.