NOTUS (Notices To Users)

  • Feb 28th, 2015: We are currently beta-testing the server; please be prepared that all accounts may be reset at any time (see notices here). All incoming mail and pond messages are logged for debugging purposes, so please don't use the service for any confidential messaging!

  • Aug 29th, 2014: The token scheme has changed. All Pond users need to generate new receiving email addresses here.

  • Aug 27th, 2014: The security-aware user can also reach this website as a hidden service

What is this?

This is a highly experimental version (α stage) of a message gateway between Pond and EMail accounts. It is Free/Libre Open Source Software and can be downloaded from a Github repository.

What is Pond?

Pond is a new highly secure, asynchronous messaging application that does not create traffic profiles between peers that can be exploited by adversaries - even if these adversaries are able to monitor network traffic on a global scale. The messages are sent "off-the-record". We consider it to be the Next Generation EMail Protocol.

What is the use of a gateway?

There are many use cases where a message exchange between a Pond user and means of email-based communication is useful  —  especially if you try to use Pond as much as possible and want to avoid to revert to your email client for certain processes:

  • EMail-based registrations
    Most services on the Internet require you to provide an email address for registration and require you to click on links in confirmation emails.

  • Mailing lists
    Sometimes people want to join mailing lists and have to provide an email address to participate and receive emails from the list.

  • Message exchange with die-hard email users
    You can use the gateway to keep in contact with all your peers that will not migrate to Pond  —  even if it is the superior form for asynchronous message exchange.

Every Pond user on the gateway has an unlimited number of email addresses at her/his disposal (well, not really unlimited, but 264 different addresses sounds like a lot). So it is possible to use email communication with many peers without giving away any hints of the associated Pond identity. This feature is achieved by using tokens derived from peer identifiers: you can give a unique token to each email end-point you want to connect to; no two tokens look the same and there is now way to derive the peer identifier from them without knowing the secret key stored only at the gateway. The email address is than has the form pondgw+<token>@hoi-polloi.org, where <token> is replaced by a valid token for the Pond identity. A registered Pond user can create as many tokens as desired More on generating tokens can be found here.

Is it secure to use the gateway?

Of course it must be noticed that messages passing through the gateway do not have the same high level of security and privacy as messages exchanged between Pond users directly - they only have "EMail level security". The communication between the gateway and the EMail account is visible and therefore certainly subject to surveillance. The Pond side of the exchange is better off and keeps most of the advantages - one more reason to change to Pond as soon as possible...

You should also encrypt messages going through the gateway with an additional layer to prevent the gateway to see the message content. You need to negotiate and set up such encryption process with your peer before you start exchanging messages.

How can I use the gateway?

So if your are a Pond or EMail user and want to exchange messages across borders, please register.