GHOST on Nostr: Translated text from the Onionmail developer repo: Development Structure Changes Due ...
Translated text from the Onionmail developer repo:
Development Structure Changes
Due to interference around the TorMX incident and attempted attacks on developers' machines, OnionMail is now developed on an internal GIT repository (see details below).
Warning: The repository at https://github.com/onionmail/onionmail is not up-to-date.
Security Measures:
Following recent attempts by U.S. entities to uncover OnionMail’s organizational structure, we now adhere to the Furamide project specifications. Only trusted developers have write access to the main codebase. Public GitHub activity could reveal development timelines, making servers vulnerable to targeted attacks.
External git contributions are reviewed and selectively merged into the main code to prevent backdoors.
Source Code Availability:
The most updated source is currently on GitHub and in the APT package.
Future versions will be hosted internally. Weekly snapshots are available in the download section.
Request access via the contact page.
Compiling OnionMail:
You can rebuild OnionMail from the GitHub or APT package sources.
OnionMail 2 development is currently restricted to internal developers to protect test servers on Tor from pre-release interference (see TorMX incident). Repository updates will sync with version releases.
This development policy has been in place since October 2015.
Requirements for Compiling:
Source code (download section or APT package).
Java
Eclipse (recommended but not ideal; legacy choice).
Tor (to configure hidden services).
Request activation of "alice" and "bob" test servers.
Development Participation:
Contact us via the addresses listed on the website.
Do not rename files—coordinate with the core team.
Entry/exit nodes on developer machines must follow security guidelines.
Teams:
OnionMail (server application)
APT (packaging, server-side tools)
TAILS Wizard
Web (onionmail.info)
Translations
SysOp (server management)
Testing (security audits)
OnionMail Web (web interface)
Directory (OnionMail directory & related projects)
History:
OnionMail evolved from InterNos, an encrypted Android P2P network with SMTP support. InterNos’ core has been rewritten into a successor project (not yet public). Legacy code retains odd structures due to Java obfuscation practices and exception-driven thread termination.
InterNos support was dropped on October 23, 2013, leading to OnionMail’s creation. Early code borrowed from TORDnsLocalProxy, a Tor/Internet DNS proxy for Exim4.
Code Notes:
Functions like MxAccuShifter (originally multiplexerBytesAccumulatorAndShifter) derive from InterNos’ encrypted message protocol. Simplified for OnionMail.
file_get_bytes is inspired by PHP’s file_get_contents.
Some code is ported from other languages.
Network Growth:
Bootstrapped via the mes3hacklab with "alice" and "bob" servers.
Public directory launched at hackmeeting 2014 (non-essential but lists servers).
Peaked at ~50 servers; ~30 public and ~30 hidden remain.
Attacks & Countermeasures:
Post-Tor network attacks, U.S. agencies targeted OnionMail servers via TorMX and exit nodes. Exploits like Shellshock and Poodle failed (OnionMail doesn’t use OpenSSL).
Amusing Incident:
An exit node IP led attackers to a developer’s machine, which was actively logging traffic via Wireshark. Full attack debugged in real-time—LOL.
Furamide & Panopticon Strategy:
Inspired by Bentham’s Panopticon and Foucault’s Discipline and Punish, Furamide turns surveillance into theater: hidden actors simulate activity to confuse observers.
Internal/external git repos split.
Test servers route through NTU (TorMX briefly revived as a honeypost).
Experimental Features:
Emails with non-prime PGP p/q and randomized sensitive data.
RAM artifacts generate fake server keys, user credentials, etc.
Developer Guidelines:
Avoid coding in your personal style—pretend to be someone else.
No over-the-top obfuscation (unlike InterNos).
Let me know if you need further refinements!
Development Structure Changes
Due to interference around the TorMX incident and attempted attacks on developers' machines, OnionMail is now developed on an internal GIT repository (see details below).
Warning: The repository at https://github.com/onionmail/onionmail is not up-to-date.
Security Measures:
Following recent attempts by U.S. entities to uncover OnionMail’s organizational structure, we now adhere to the Furamide project specifications. Only trusted developers have write access to the main codebase. Public GitHub activity could reveal development timelines, making servers vulnerable to targeted attacks.
External git contributions are reviewed and selectively merged into the main code to prevent backdoors.
Source Code Availability:
The most updated source is currently on GitHub and in the APT package.
Future versions will be hosted internally. Weekly snapshots are available in the download section.
Request access via the contact page.
Compiling OnionMail:
You can rebuild OnionMail from the GitHub or APT package sources.
OnionMail 2 development is currently restricted to internal developers to protect test servers on Tor from pre-release interference (see TorMX incident). Repository updates will sync with version releases.
This development policy has been in place since October 2015.
Requirements for Compiling:
Source code (download section or APT package).
Java
Eclipse (recommended but not ideal; legacy choice).
Tor (to configure hidden services).
Request activation of "alice" and "bob" test servers.
Development Participation:
Contact us via the addresses listed on the website.
Do not rename files—coordinate with the core team.
Entry/exit nodes on developer machines must follow security guidelines.
Teams:
OnionMail (server application)
APT (packaging, server-side tools)
TAILS Wizard
Web (onionmail.info)
Translations
SysOp (server management)
Testing (security audits)
OnionMail Web (web interface)
Directory (OnionMail directory & related projects)
History:
OnionMail evolved from InterNos, an encrypted Android P2P network with SMTP support. InterNos’ core has been rewritten into a successor project (not yet public). Legacy code retains odd structures due to Java obfuscation practices and exception-driven thread termination.
InterNos support was dropped on October 23, 2013, leading to OnionMail’s creation. Early code borrowed from TORDnsLocalProxy, a Tor/Internet DNS proxy for Exim4.
Code Notes:
Functions like MxAccuShifter (originally multiplexerBytesAccumulatorAndShifter) derive from InterNos’ encrypted message protocol. Simplified for OnionMail.
file_get_bytes is inspired by PHP’s file_get_contents.
Some code is ported from other languages.
Network Growth:
Bootstrapped via the mes3hacklab with "alice" and "bob" servers.
Public directory launched at hackmeeting 2014 (non-essential but lists servers).
Peaked at ~50 servers; ~30 public and ~30 hidden remain.
Attacks & Countermeasures:
Post-Tor network attacks, U.S. agencies targeted OnionMail servers via TorMX and exit nodes. Exploits like Shellshock and Poodle failed (OnionMail doesn’t use OpenSSL).
Amusing Incident:
An exit node IP led attackers to a developer’s machine, which was actively logging traffic via Wireshark. Full attack debugged in real-time—LOL.
Furamide & Panopticon Strategy:
Inspired by Bentham’s Panopticon and Foucault’s Discipline and Punish, Furamide turns surveillance into theater: hidden actors simulate activity to confuse observers.
Internal/external git repos split.
Test servers route through NTU (TorMX briefly revived as a honeypost).
Experimental Features:
Emails with non-prime PGP p/q and randomized sensitive data.
RAM artifacts generate fake server keys, user credentials, etc.
Developer Guidelines:
Avoid coding in your personal style—pretend to be someone else.
No over-the-top obfuscation (unlike InterNos).
Let me know if you need further refinements!