Thursday, March 19, 2015

Secure Comms





LookingGlass is high security email you control, served up simple to use

LookingGlass is an email security appliance.
LookingGlass attempts to automate the heavy lifting of forward secrecy, end-to-end authentication, online pseudonymity, with a distributed architecture.
  • Forward secrecy means that email is now burn-on-decrypt, and no password is ever reused between messages. No single message compromise can lead to any other. (Learn more)
  • Authenticated means that you can be assured that you are talking to who you think you are talking to, and that there is no one sitting in the middle of your communications. (Learn more)
  • Pseudonymity means that your identity is protected. If you are careful to not link your LookingGlass covername (explained later) to your real world identity, there should be no trace who wrote or read your LookingGlass emails. (Learn more)
  • Distributed (peer-to-peer) means that your email only ever exists in one of two places - on your LookingGlass server, or on the recipient's server. There is no third party that stores email, encryption states, or routes messages. (Learn more)
LookingGlass is free, it is Open Source, and it was made with <3

Ways to get started

  • LookingGlass was originally designed to be run on a Raspberry Pi, and you are encouraged to use this method - here are the steps involved in that.
  • LookingGlass has also been released as a VMDK disk image, for use with virtualization software such as Virtualbox. The getting started guide for that method is here.


  1. Once you have finished setting up using one of the methods above, the final step will be logging into the setup wizard in a web browser, being asked to choose a passphrase for the drive encryption, to choose a covername, and a passphrase for your email encryption.
    Please use incognito or private browsing mode to access your LookingGlass. This will keep your browser from helpfully saving your passphrases. DO NOT SAVE YOUR PASSPHRASES TO YOUR COMPUTER.
    The passphrases can be changed but you CANNOT change your covername once set, without resetting the device to defaults and losing all of your settings.
    The passphrases are meant to be hand written out and kept somewhere safe. Do NOT save them to your computer.
  2. After accepting the above, please be patient while drive encryption is finalized and other housekeeping completes. You should be ready to go within 5 minutes. Stop hitting refresh, you're not helping anything.
  3. The navigation bar of joy should become visible at the top of the screen.

Email quick start

  1. Exchange covernames through some channel OTHER than online.
    By phone, by face to face meeting, carrier pigeon, by letter, by one-time pad, by coded eye blinks, by signal lamp...
    If this is not possible, you will need advanced instruction. For maximum security, this step should be as firewalled from your online activity as you can manage.
  2. Under the Contacts tab, type their covername into the Add contact box. Autocomplete should find the covername (it will appear in the pulldown box in all caps). Click the covename and then the + (plus) symbol just to the left of the Add contact box.
    • An invalid covername will never be allowed into the address book.
    • If you misspell the covername it will be added to the address book, but then fail to return valid information. The security progress bar will go to zero and deleting the contact will be the only option.
  3. You should recieve a prompt that LG is doing the necessary lookups.
    LG will now download the other user's public key and network information.
  4. Within a few minutes, you should see the contact's security progress bar advance - one hundred percent is the highest level of security that LookingGlass can provide - authenticated and forward-secret email.
    To view information about the contact, click the gear button to the right of the progress bar on the Contacts page.
    If action is required to advance the contact's progress, you will see prompts here. There will also be brief information about the contact's current state.
    If your contact is also online and logged into their device, LG will automatically attempt to negotiate forward-secret email and advance security levels. If not, handshaking will queue into the background and advance at the next opportunity.

Tips & Misc

  • Leave your LG device online as much as possible.
    If someone wants to send you email, it will fail to get through if you are offline for too long. By eliminating as much as possible a pattern for when your device is online, you lower the amount of metadata you emit.
  • To log out, close your browser rather than select LOCKDOWN.
    Select LOCKDOWN only when you need to go offline or are feeling paranoid. When a LG device is locked down, it cannot process email.
  • Log into your LG device every so often.
    Your email password automatically gets wiped during periods of inactivity, so your contacts will not be able to advance their security state without logging in once in awhile.
  • Join the chat room, and ask for help if you are having problems.
    Be polite, and someone should eventually be able to assist you. We want your experience to not suck.
  • Run your browser in 'private' or 'incognito' mode.
    This will lower the amount of incriminating data cached on the device you use to browse LG.
  • The best way to power down the LG device is to put it into LOCKDOWN mode, or turn it off during a requested reboot cycle.
    This will make sure the device is synchronized before shutting it down.
    There is a Reboot button under Settings -> System administration.
  • You can bookmark the LOCKDOWN button, and use it without even logging in.
    You can also have someone on your network really annoy you by continually hitting this address, locking you out of the device.
    This was a design decision to fail-safe and allow someone in a panic to encrypt the device quickly.
  • You cannot have an unencrypted conversation with LookingGlass.
    Note however, that subject lines are not encrypted.
  • Adding contacts automatically adds you to the recipient's address book.
    When one person (Alice) successfully adds the other (Bob) as a contact, Bob will have Alice in his addressbook automatically during the handshaking process. You do not both have to add each other - the discovery mechanism takes care of that.
  • Keep your LG device behind a firewall or router.
    Exposing your device directly to the Internet is an unnecessary risk, and will allow anyone on the internet access to the web interface. This is nonoptimal.
  • Use SSL to browse your LG instance.
    Using HTTPS instead of HTTP will secure your local communications.
    Optional Install the SSL certificate for LG in your browser, to shut up the certificate warnings.

More info

The latest documentation is first published to Tor. Try there first if you can. :)

Technical Brief

This Document