'Chaffing' refers to a countermeasure used in the military where planes throw out shreds of reflective material etc. to confuse incoming missiles and/or radar.
Since we now know that meta-data is actually more valuable than content when it comes to traffic analysis and determination of social networks...
("We kill based on metadata" stated one US official recently in 2015)... how can people protect themselves against this sort of unauthorized dragnet surveillance?
Plug-ins for email clients could be developed that send sets of 'chaff' emails to willing participants in a pool of worldwide email users. The chaff mail should look as realistic as possible, and be sent in ways that mask which one, if any, are real messages intended to be read.
- Every outgoing email is accompanied by more chaff mails to a randomly-selected group of participants
-Obviously email clients should have an easy-to-use way to get more participants into the pool (think AdBlock's downloadable filter lists, but with lists of opt-in email accounts)
- Number of chaff mails sent is configurable by the sender (obviously, more is better to a point but we don't want to spam the world)
- Email clients should also support random burst/trickle of chaff emails sent when user is *not* sending a real email either (so client can run in background); this should be configurable as well by the user.
- Support for detecting outgoing PGP-encrypted mails, mutating them by scrambling and re-computing the checksum, so even these invalid PGP decoys -look- valid on cursory inspection (ie., PGP tools would say it's a valid PGP encrypted payload, but there will be no real decryption) -- waste the spooks' time, if they are trying to decrypt these)
Plaintext chaff would be tougher to make look convincing as it either needs to be Markov-chain gibberish or built froma set of canned chaff body texts, which would stand out obviously upon closer inspection; while PGP decoys would require full attack to even determine if they're real emails or chaff.
A way for recipients to 'winnow out the chaff' would of course be nice... as everyone participating would be getting lots of emails not really intended for them.
In a sense I'm proposing a rate-limited form of spam, but turning th concept around for *our* benefit. Spam's hard to filter, let's use that concept to our advantage for privacy.
Again, PGP could help here, as the ability to decrypt would be the indicator of a real message meant for the recipient. Most PGP email clients support caching decryption keys for a time period, so users would only need to enter keys once in a while and the email client could do trial decryptions on incoming mail without bugging the user for each one. Or, people who already knew each other might pre-arrange a keyword to be in the header for a following conversation to alert the user (but beware, having a constant 'fist' like this would begin to aid snoopers in detecting desired messages if left unchanged or they eavesdropped on the negotiation for that keyword!)
Imagine if this were something a few large email clients used by default: emails could be greatly protected against metadata traffic analysis via a swarm of emails going around that weren't actually email.