# Anonymous Postbox You must be familiar with email or messages? When you send one, you must notice that they contain two very important fields, "from" and "to". Most messaging services don't necessarily need "from" but require it to prevent spoofing and abuse. However, "to" field is necessary to deliver the message to the right destination. Alas, one shouldn't forget that having these two fields on messages is quite dangerous! Why? Because they reveal that a message, even though encrypted, was sent from this person to that person. And learning this exposes the sender and recipient to privacy risks from adversaries. Even if we remove the "from" field, like [Signal](https://signal.org/blog/sealed-sender/), learning that a set of messages were addressed to a specific individual at some point in time, can reveal useful information. Metadata on your messages expose your [identity, your political allegiance, and even your job dissatisfaction](https://www.aclunc.org/sites/default/files/Metadata%20report%20FINAL%202%2021%2014%20cover%20%2B%20inside%20for%20web%20%283%29.pdf)(Page 5). Plus, it might not be kept as [safe as you thought](https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/) with the ones you trust it with. If you are mistaken that "from" and "to" reveal nothing, then how comfortable you did be texting a government whistleblower and not being investigated by police? For complete privacy and anonymity removing "from" and "to" is quite important, but how does one deliver a message without a "to" field? This is where [oblivious message retrieval](https://github.com/Janmajayamall/ObliviousMessageRetrieval) helps. Using it, app servers can deliver messages to correct destination without "to" and "from" field. This surely sounds fancy, but how does it relate to "Anonymous Postbox"? It does, because "Anonymous postbox" is your private postbox into which you can receive messages without "to" and "from". This means the app servers wouldn't need any metadata and will not learn a thing about your messages. Neither an adversary monitoring either yours, or server's, network traffic, will be able to learn about your messaging habits. The postbox isn't just limited to receiving messages, as in text, but can receive any piece of data. This expands its usefulness into areas where privacy + anonymity and metadata leakage at any stage of user flow isn't acceptable: Privacy preserving blockchains. As you did expect, transactions in privacy preserving blockchains are encrypted. This means, unlike Ethereum, "to" and "from" fields on them are hidden. If your device has the capacity to monitor all transactions relayed over the network, it can simply "trial decrypt" them to identify the ones addressed to you. However, this is not possible for light devices (mobiles wallets) or the ones that don't always stay online. Most solutions at present rely on servers to download compact representation of all transactions on user's device. The wallet first identifies, using trial decryption, ids of transactions addressed to user and queries addressed transactions in subsequent request from the server. This leaks to server the transactions user is interested in, thus violating their privacy. Moreover, with increase in blockchain traffic "trial decryption" becomes more expensive on user's device causing user experience to get worse. Wallets can use private information retrieval to hide "transactions of interest" when requesting addressed transactions from server, or connect over TOR to remain anonymous, or adapt "constant" bandwidth protocols to prevent eavesdroppers from learning anything. But these solutions are still exploitable and make UX worse. You can checkout [this thread](https://forum.zcashcommunity.com/t/zip-314-privacy-upgrades-to-the-zcash-light-client-protocol/38868) on Zcash forum that clearly lists all solutions and ways they can be exploited. The ideal case will be to completely disarm any adversary, including servers, from linking the sender with the receiver. As far as I am aware, there are two ways of achieving this: (1) Oblivious message retrieval (Anonymous postbox) (2) Fuzzy message detection. The latter breaks the link by introducing uncertainty. This means the server, or an adversary, can learn that a certain transaction is addressed to specific individual upto certain probability. Anonymous Postbox, using oblivious message retrieval, completely disarms adversaries from linking a sender to a receiver. Server learns no information when a user wallet creates a new transaction, neither anything when it sends a user its pertaining transactions. In context of blockchains, there exist an interesting trade off between two approaches. Fuzzy message detection, especially its adoption in [Penumbra](https://protocol.penumbra.zone/main/crypto/fmd.html), can by default have entire user base as its anonymity set. In oblivious message retrieval, users will have to opt in. Thus raising concerns around size of the anonymity set realised in real world usage. I am optimistic that Anonymous postbox will prove itself useful in future for individuals to maintain their privacy and anonymity. Not being ignorant, I realise that bringing it to masses will require solving many challenging engineering problems, and I think it is achievable. If this interests you or you will want to be one of the first users, then shoot me a dm!