summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGab <24553253+gabrix73@users.noreply.github.com>2025-12-07 20:27:48 +0100
committerGitHub <noreply@github.com>2025-12-07 20:27:48 +0100
commitee9819d6f7f9ad652f32deba86be1afc991bf593 (patch)
tree3ac026b200d1769a4f76b943b96aa35e9c9e0442
parent1edf21290549d6fa78a742bb7c34596a4ad94a81 (diff)
downloadfog-ee9819d6f7f9ad652f32deba86be1afc991bf593.tar.gz
fog-ee9819d6f7f9ad652f32deba86be1afc991bf593.tar.xz
fog-ee9819d6f7f9ad652f32deba86be1afc991bf593.zip
Revise README for clarity and feature updates
Updated README to enhance clarity and structure, added badges, and improved feature descriptions.
-rw-r--r--README.md676
1 files changed, 424 insertions, 252 deletions
diff --git a/README.md b/README.md
index f704b0b..6c14e92 100644
--- a/README.md
+++ b/README.md
@@ -1,116 +1,148 @@
-# 🌫️ fog
+# 🌫️ fog - Anonymous SMTP Relay Network
-**Anonymous SMTP Relay with Sphinx Mixnet over Tor**
+**fog** is a privacy-preserving SMTP relay that uses Sphinx mixnet routing to provide sender anonymity, forward secrecy, and resistance to traffic analysis. Perfect for anonymous email delivery, Usenet posting, and secure communications.
-fog is a privacy-focused SMTP relay that routes messages through a 3-hop Sphinx mixnet, providing strong anonymity guarantees against traffic analysis, timing attacks, and metadata correlation.
+[![Version](https://img.shields.io/badge/version-2.1.1-blue.svg)](https://github.com/yourusername/fog)
+[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
+[![Go](https://img.shields.io/badge/go-1.21+-00ADD8.svg)](https://go.dev/)
-## Features
+---
-### Security
-- **Sphinx Mixnet**: 3-hop onion routing with layered encryption
-- **Curve25519 ECDH**: Key exchange with forward secrecy
-- **AES-256-GCM**: Authenticated encryption for all payloads
-- **Traffic Analysis Resistance**: Fixed-size packets (64KB), batch processing, random shuffling
-- **Timing Attack Resistance**: Cryptographically random delays (500ms-5s)
-- **Replay Protection**: 24-hour message ID cache
-- **Size Correlation Resistance**: Uniform packet sizes with random padding
-- **No Metadata Retention**: Memory-only processing, no persistent logs
+## 🎯 Features
-### Network
-- All traffic routed through Tor
-- Decentralized node discovery via shared PKI file
-- Health monitoring with automatic failover
-- Each node can be entry, middle, or exit
+### Core Privacy Features
-## Architecture
+- **🔐 Sphinx Mixnet Routing**: 3-hop onion routing with per-hop encryption
+- **⏱️ Timing Attack Resistance**: Configurable message delays (1-24h) with multiple strategies
+- **🎭 Exit Node Anonymization**: Automatic header sanitization removes all identifying information
+- **🔄 Forward Secrecy**: Each message uses ephemeral keys, past messages remain secure if node compromised
+- **🚫 No Logs**: Zero persistent metadata retention
+- **🔀 Batch Mixing**: Messages are batched and shuffled before forwarding
+- **♻️ Replay Protection**: Message-ID cache prevents replay attacks
-```
-┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
-│ Client │────▶│ Entry │────▶│ Middle │────▶│ Exit │────▶ Destination
-│ SMTP │ │ Node │ │ Node │ │ Node │ (email/usenet)
-└─────────┘ └─────────┘ └─────────┘ └─────────┘
- │ │ │
- ▼ ▼ ▼
- Encrypt L3 Decrypt L3 Decrypt L2
- Encrypt L2 Forward L2 Decrypt L1
- Encrypt L1 (shuffled) Deliver
+### Technical Features
+
+- **📦 Persistent Queue**: SQLite-backed delay pool survives restarts
+- **🎲 Multiple Delay Strategies**: Exponential (default), Constant, Poisson distributions
+- **🏥 Health Checking**: Automatic node monitoring and path selection
+- **🔍 Debug Mode**: Detailed logging for troubleshooting
+- **🐧 Linux Optimized**: Systemd integration with security hardening
+
+---
+
+## 🛡️ Security Guarantees
+
+| Threat | Protection |
+|--------|------------|
+| **Traffic Analysis** | Padding + cover traffic |
+| **Timing Attacks** | Randomized delays (1-24h) + constant-time operations |
+| **Replay Attacks** | Message-ID cache with TTL expiration |
+| **Node Compromise** | Forward secrecy protects older messages |
+| **Size Correlation** | Fixed 64KB packet size prevents size analysis |
+| **Partial Network Observation** | Mixnet architecture breaks linkability |
+| **Global Adversary** | Multi-hop routing + batch mixing breaks end-to-end correlation |
+| **Metadata Analysis** | Exit node header sanitization + no persistent metadata |
+
+---
+
+## 🚀 Quick Start (Debian/Ubuntu)
+
+### Prerequisites
+
+```bash
+# Install dependencies
+sudo apt update
+sudo apt install -y golang-go tor git build-essential
+
+# Verify Go version (1.21+ required)
+go version
```
-Each node:
-- Receives Sphinx packets on port 9999
-- Accepts SMTP on port 2525 (entry point)
-- Decrypts one layer, applies random delay, forwards
+### Installation
-## Requirements
+```bash
+# Clone repository
+git clone https://github.com/yourusername/fog.git
+cd fog
-- Linux (Debian/Ubuntu recommended)
-- Go 1.21+
-- Tor
-- Minimum 3 fog nodes for mixnet operation
+# Build
+go mod tidy
+go build -tags="sqlite_omit_load_extension" -ldflags="-s -w" -trimpath -o fog fog.go
-## Installation
+# Install binary
+sudo mkdir -p /var/lib/fog
+sudo cp fog /var/lib/fog/
+sudo chmod +x /var/lib/fog/fog
+```
-### 1. Install dependencies
+### Create User & Directories
```bash
-apt update
-apt install tor golang-go
+# Create fog user
+sudo useradd -r -s /bin/false fog
+
+# Create directories
+sudo mkdir -p /var/lib/fog/data
+sudo chown -R fog:fog /var/lib/fog
+sudo chmod 700 /var/lib/fog/data
```
-### 2. Create fog user and directories
+### Generate Node Identity
```bash
-# groupadd -r fog
-# useradd -g fog -s /usr/sbin/nologin -r -m -d /var/lib/fog fog
+# Generate your node keys
+cd /var/lib/fog
+sudo -u fog ./fog -name your-onion-address.onion -short-name yourname -export-node-info
+
+# This creates nodes.json with your public key
+cat nodes.json
```
-### 3. Configure Tor Hidden Service
+### Configure Tor Hidden Service
-Add to `/etc/tor/torrc`:
+Edit `/etc/tor/torrc`:
```
-HiddenServiceDir /var/lib/tor/fog
-HiddenServicePort 2525 127.0.0.1:2525
+HiddenServiceDir /var/lib/tor/fog/
HiddenServicePort 9999 127.0.0.1:9999
+HiddenServicePort 2525 127.0.0.1:2525
```
-Restart Tor and get your .onion address:
+Restart Tor and get your address:
```bash
-systemctl restart tor
-cat /var/lib/tor/fog/hostname
-# Example: 66ehoz4ir6beuovmgt4gbpdfpmy43iuouj36dylqvkwgyp2dwpcbvjqd.onion
+sudo systemctl restart tor
+sudo cat /var/lib/tor/fog/hostname
+# Example output: abc123xyz456.onion
```
-### 4. Build fog
+### Join the Network
-```bash
-cd /var/lib/fog
-nano fog.go # paste the fog source code
+**Join the existing fog network or create your own!**
-go mod init fog
-go mod tidy
-go build -ldflags="-s -w" -trimpath -o fog
-```
+#### Option 1: Join Existing Network
-### 5. Export node info
+Contact the network operators to:
+1. Share your `nodes.json` (contains your public key + onion address)
+2. Receive the network `nodes.json` (contains all trusted nodes)
+3. Deploy to `/var/lib/fog/nodes.json`
+
+#### Option 2: Create New Network
+
+Start with 1 node (you), then invite others:
```bash
-./fog -export-node-info \
- -name YOUR_ONION_ADDRESS.onion \
- -short-name mynode
+# Use your own nodes.json
+sudo cp nodes.json /var/lib/fog/nodes.json
```
-This creates `nodes.json` with your node's public key.
-
-### 6. Create systemd service
+### Configure Systemd Service
Create `/etc/systemd/system/fog.service`:
```ini
[Unit]
-Description=fog - Anonymous SMTP Relay with Sphinx Mixnet
-Documentation=https://github.com/gabrix73/fog
+Description=fog - Anonymous SMTP Relay
After=network.target tor.service
Wants=tor.service
@@ -121,271 +153,411 @@ Group=fog
WorkingDirectory=/var/lib/fog
ExecStart=/var/lib/fog/fog \
- -name YOUR_ONION_ADDRESS.onion \
- -short-name mynode \
+ -name YOUR_ONION.onion \
+ -short-name yourname \
-smtp 127.0.0.1:2525 \
-node 127.0.0.1:9999 \
-sphinx \
+ -delay \
+ -min-delay 2h \
+ -max-delay 24h \
+ -delay-strategy exponential \
-pki-file /var/lib/fog/nodes.json \
- -data-dir /var/lib/fog/fog-data \
+ -data-dir /var/lib/fog/data \
-debug
Restart=always
RestartSec=10
-StartLimitInterval=200
-StartLimitBurst=5
-TimeoutStartSec=30
-TimeoutStopSec=30
# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
-ReadWritePaths=/var/lib/fog/fog-data
+ReadWritePaths=/var/lib/fog/data
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-RestrictNamespaces=true
-LockPersonality=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-PrivateDevices=true
-ProtectClock=true
-ProtectKernelLogs=true
-ProtectHostname=true
-
-LimitNOFILE=65535
-LimitNPROC=512
-
-StandardOutput=journal
-StandardError=journal
-SyslogIdentifier=fog
[Install]
WantedBy=multi-user.target
```
-### 7. Set permissions and start
+**Replace:**
+- `YOUR_ONION.onion` with your Tor hidden service address
+- `yourname` with your chosen node name (e.g., alice, bob, relay1)
+
+### Start Service
```bash
-chown fog:fog -R /var/lib/fog
-systemctl daemon-reload
-systemctl enable fog
-systemctl start fog
+sudo systemctl daemon-reload
+sudo systemctl enable fog
+sudo systemctl start fog
+
+# Check status
+sudo systemctl status fog
+
+# Watch logs
+sudo journalctl -u fog -f
```
-### 8. Verify
+---
+
+## 📨 Usage
+
+### Send Anonymous Email
```bash
-systemctl status fog
-journalctl -u fog -f
+{
+ echo "EHLO client"
+ echo "MAIL FROM:<sender@example.com>"
+ echo "RCPT TO:<recipient@destination.com>"
+ echo "DATA"
+ echo "From: Anonymous User <user@example.com>"
+ echo "To: recipient@destination.com"
+ echo "Subject: Anonymous message via fog"
+ echo ""
+ echo "This message was sent through the fog network."
+ echo "."
+ echo "QUIT"
+} | nc 127.0.0.1 2525
```
-You should see:
-```
-[FOG] Starting v2.0.1
-[PKI] Loaded 4 nodes from /var/lib/fog/nodes.json
-[HEALTH] Checking 3 nodes
-[HEALTH] node1 OK
-[HEALTH] node2 OK
-[HEALTH] node3 OK
-[HEALTH] Done. 3 nodes healthy
+### Post to Usenet Anonymously
+
+```bash
+{
+ echo "EHLO client"
+ echo "MAIL FROM:<poster@example.com>"
+ echo "RCPT TO:<mail2news@mail2news.tcpreset.net>"
+ echo "DATA"
+ echo "From: Anonymous Poster <poster@example.com>"
+ echo "Newsgroups: alt.test"
+ echo "Subject: Test post via fog"
+ echo ""
+ echo "This post was submitted anonymously through fog network."
+ echo "."
+ echo "QUIT"
+} | nc 127.0.0.1 2525
```
-## Network Setup
+**At the exit node, headers are automatically sanitized:**
+- `From:` → `Anonymous <anonymous@exitnode.fog>`
+- `Message-ID:` → `<random_hex@exitnode.fog>`
+- All identifying headers removed (X-Mailer, Reply-To, etc.)
+
+---
-### Combining nodes.json
+## ⚙️ Configuration
-Each operator exports their node info, then all nodes are combined into a single `nodes.json`:
+### Command Line Flags
-```json
-{
- "version": "2.0.1",
- "updated": "2025-12-01T00:00:00Z",
- "nodes": [
- {
- "node_id": "8342eaab81017d33...",
- "public_key": "pyva1yu+5SDFb7UzyB3ZhNtpoCEHaU/IewsDOBvg6n8=",
- "address": "ej5dj774rkmfxvo3jexcmyotkq6bwgmr45dmwrbmk366lcvalnrgolad.onion:9999",
- "name": "node1",
- "version": "2.0.1"
- },
- {
- "node_id": "340c546059a8c322...",
- "public_key": "Ult6z/aOvrzB0+149wIDjuCSFVo8xF067yp/MFQLaHM=",
- "address": "iycr4wfrdzieogdfeo7uxrj77w2vjlrhlrv3jg2ve62oe5aceqsqu7ad.onion:9999",
- "name": "node2",
- "version": "2.0.1"
- },
- {
- "node_id": "c386967674709d76...",
- "public_key": "mYeEtBhNUPQ4QTTUH0b3ngOSbvjK8ctR7kAz09cjb3g=",
- "address": "66ehoz4ir6beuovmgt4gbpdfpmy43iuouj36dylqvkwgyp2dwpcbvjqd.onion:9999",
- "name": "node3",
- "version": "2.0.1"
- },
- {
- "node_id": "ebc04620851a8a9b...",
- "public_key": "z0iNumJks/5aZ1+Zys0NUwVk5VzYdEfyL//a6J5miwE=",
- "address": "ejdrw3ka2mjhvsuz7uxjnzjircsdpoiu3a33g2xoywlafqetptjpqryd.onion:9999",
- "name": "node4",
- "version": "2.0.1"
- }
- ]
-}
+| Flag | Default | Description |
+|------|---------|-------------|
+| `-name` | required | Your .onion address |
+| `-short-name` | required | Short node name (for logs) |
+| `-smtp` | 127.0.0.1:2525 | SMTP listen address |
+| `-node` | 127.0.0.1:9999 | Sphinx node listen address |
+| `-pki-file` | required | Path to nodes.json |
+| `-data-dir` | fog-data | Data directory for queue database |
+| `-sphinx` | false | Enable Sphinx routing |
+| `-delay` | false | Enable delay pool |
+| `-min-delay` | 1h | Minimum message delay |
+| `-max-delay` | 24h | Maximum message delay |
+| `-delay-strategy` | exponential | Delay strategy: exponential, constant, poisson |
+| `-debug` | false | Enable debug logging |
+
+### Delay Strategies
+
+**Exponential (Recommended):**
+- More short delays, fewer long delays
+- Natural traffic pattern
+- Best for high-volume nodes
+
+**Constant:**
+- Uniform random delays
+- Predictable average latency
+- Good for testing
+
+**Poisson:**
+- Models natural arrival processes
+- Best for research/analysis
+
+### Example Configurations
+
+**High Anonymity (24h delays):**
+```bash
+-delay -min-delay 6h -max-delay 24h -delay-strategy exponential
```
-Copy the same `nodes.json` to all nodes and restart.
+**Medium Latency (6h delays):**
+```bash
+-delay -min-delay 1h -max-delay 6h -delay-strategy constant
+```
-## Usage
+**Low Latency (no delays):**
+```bash
+-sphinx
+# (omit -delay flag)
+```
+
+---
+
+## 🔍 Monitoring
-### Send email via SMTP
+### Check Queue Status
```bash
-# Connect to any fog node
-telnet 127.0.0.1 2525
-
-EHLO client
-MAIL FROM:<anonymous@fog.local>
-RCPT TO:<recipient@example.com>
-DATA
-Subject: Test message
-
-Hello from fog mixnet!
-.
-QUIT
+# View queue size
+sqlite3 /var/lib/fog/data/messages.db \
+ "SELECT COUNT(*) as total FROM message_queue;"
+
+# View ready messages
+sqlite3 /var/lib/fog/data/messages.db \
+ "SELECT COUNT(*) FROM message_queue WHERE send_after <= strftime('%s','now');"
+
+# View queue details
+sqlite3 /var/lib/fog/data/messages.db \
+ "SELECT id, from_addr, to_addr,
+ datetime(send_after, 'unixepoch') as send_time
+ FROM message_queue
+ ORDER BY send_after LIMIT 10;"
```
-### Send via Tor (remote)
+### Monitor Logs
```bash
-torify telnet YOUR_ONION.onion 2525
+# All fog activity
+sudo journalctl -u fog -f
+
+# Pool activity only
+sudo journalctl -u fog -f | grep POOL
+
+# Statistics only
+sudo journalctl -u fog -f | grep STATS
+
+# Header sanitization
+sudo journalctl -u fog -f | grep SANITIZE
```
-### Post to Usenet
+### Statistics Output
+
+```
+[STATS] Up:2h30m R:45 S:42 F:3 | Sphinx:40 Direct:2 | Mix R:120 F:115 | Q:23 D:156 | Healthy:4
+```
+
+- **R**: Messages received
+- **S**: Messages sent
+- **F**: Failed deliveries
+- **Sphinx**: Messages sent via Sphinx routing
+- **Direct**: Messages sent directly (no Sphinx)
+- **Mix R/F**: Mixed received/forwarded
+- **Q**: Messages queued in delay pool
+- **D**: Total delayed messages delivered
+- **Healthy**: Number of healthy nodes in network
+
+---
+
+## 🌐 Network Information
+
+### Current fog Network
+
+The fog network currently consists of 5 nodes across Europe:
+
+| Node | Location | Operator | Status |
+|------|----------|----------|--------|
+| kvara | 🇮🇹 Italy | - | ✅ Active |
+| dries | 🇫🇷 France | - | ✅ Active |
+| mct8 | 🇩🇪 Germany | - | ✅ Active |
+| news | 🇺🇸 USA | - | ✅ Active |
+| pietro | 🇮🇹 Italy | - | ✅ Active |
+
+**Join us!** Run your own node and strengthen the network's resilience.
+
+### Minimum Network Requirements
+
+- **3 nodes minimum** for Sphinx routing (3-hop paths)
+- **5+ nodes recommended** for proper anonymity set
+- **Geographic diversity** improves security
+
+---
+
+## 🔧 Troubleshooting
+
+### Service won't start
+
+**Error: "No such file or directory" for /var/lib/fog/data**
```bash
-telnet 127.0.0.1 2525
-
-EHLO client
-MAIL FROM:<anonymous@fog.local>
-RCPT TO:<mail2news@dizum.com>
-DATA
-From: Anonymous <anon@fog.local>
-Newsgroups: misc.test
-Subject: Test post via fog
-Date: Mon, 01 Dec 2025 12:00:00 +0000
-Message-ID: <unique-id@fog.local>
-
-Test message posted via fog mixnet.
-.
-QUIT
+sudo mkdir -p /var/lib/fog/data
+sudo chown fog:fog /var/lib/fog/data
+sudo chmod 700 /var/lib/fog/data
+sudo systemctl restart fog
```
-## Command Line Options
+**Error: "PKI file not found"**
+
+```bash
+# Make sure nodes.json exists
+ls -l /var/lib/fog/nodes.json
+# If missing, generate or obtain from network
+sudo -u fog /var/lib/fog/fog -name YOUR.onion -short-name name -export-node-info
+sudo cp nodes.json /var/lib/fog/
```
-Usage: fog [options]
-
-Options:
- -name string Hostname (.onion address)
- -short-name string Short name for logs (e.g., node1)
- -smtp string SMTP listen address (default "127.0.0.1:2525")
- -node string Node listen address (default "127.0.0.1:9999")
- -sphinx Enable Sphinx mixnet routing
- -pki-file string Path to nodes.json
- -data-dir string Data directory (default "./fog-data")
- -debug Enable debug logging
- -export-node-info Export node info for nodes.json
- -version Show version
+
+### Messages not being delivered
+
+**Check Tor connectivity:**
+```bash
+# Test Tor is running
+curl --socks5-hostname 127.0.0.1:9050 https://check.torproject.org/api/ip
+
+# Check fog can reach other nodes
+sudo journalctl -u fog | grep HEALTH
```
-## Ports
+**Check Sphinx routing:**
+```bash
+# Verify enough healthy nodes
+sudo journalctl -u fog | grep "nodes healthy"
-| Port | Protocol | Purpose |
-|------|----------|---------|
-| 2525 | SMTP | Client email submission |
-| 9999 | Sphinx | Inter-node packet routing |
+# Should show: "[HEALTH] Done. 4 nodes healthy" (or more)
+```
-## Security Considerations
+### Queue not processing
-### Threat Model
+**Check scheduler:**
+```bash
+sudo journalctl -u fog | grep "Scheduler started"
-fog protects against:
+# Should show: "[POOL] Scheduler started (check every 1m0s)"
+```
-| Threat | Protection |
-|--------|------------|
-| Traffic Analysis | Fixed-size packets, cover traffic, batching |
-| Timing Attacks | Randomized delays, constant-time operations |
-| Replay Attacks | Message-ID cache with 24h expiration |
-| Node Compromise | Forward secrecy via ephemeral keys |
-| Size Correlation | Adaptive padding to fixed buckets |
-| Partial Network Observation | 3-hop mixnet provides unlinkability |
-| Global Adversary | Multi-hop routing breaks end-to-end correlation |
-| Metadata Analysis | No persistent metadata retention |
+**Check for ready messages:**
+```bash
+sqlite3 /var/lib/fog/data/messages.db \
+ "SELECT * FROM message_queue WHERE send_after <= strftime('%s','now');"
+```
+
+---
-### Limitations
+## 🤝 Contributing
-- Minimum 3 nodes required for Sphinx routing
-- Exit node sees unencrypted message (use PGP for E2E)
-- All nodes must share the same `nodes.json`
-- Tor is a hard dependency
+### Run a Node
-## Troubleshooting
+The best way to contribute is to run your own fog node! Requirements:
-### "0 nodes healthy"
+- Debian/Ubuntu server with static IP or dynamic DNS
+- Tor hidden service
+- Reliable uptime (>95% recommended)
+- Bandwidth: ~100GB/month for relay node
-1. Check if `nodes.json` has all nodes
-2. Verify file permissions: `chown fog:fog /var/lib/fog/nodes.json`
-3. Check Tor connectivity: `torify curl http://node.onion:9999`
+**Get started:** Follow the Quick Start guide above and contact us to join the network.
-### "PKI Load failed: permission denied"
+### Development
```bash
-chown fog:fog /var/lib/fog/nodes.json
-chmod 600 /var/lib/fog/nodes.json
+# Clone repository
+git clone https://github.com/yourusername/fog.git
+cd fog
+
+# Run tests
+go test ./...
+
+# Build
+go build -tags="sqlite_omit_load_extension" -o fog fog.go
+
+# Run locally
+./fog -name test.onion -short-name test -smtp 127.0.0.1:2525 -debug
```
-### SMTP connection refused
+### Submit Issues
+
+Found a bug? Have a feature request? [Open an issue](https://github.com/yourusername/fog/issues)
+
+### Security Vulnerabilities
-1. Check if fog is running: `systemctl status fog`
-2. Verify port binding: `ss -tlnp | grep 2525`
-3. Check Tor hidden service: `cat /var/lib/tor/fog/hostname`
+**Do not open public issues for security vulnerabilities.**
-## Cryptographic Libraries
+Contact: security@fog.network (PGP key available)
-- `golang.org/x/crypto/curve25519` - ECDH key agreement
-- `golang.org/x/crypto/hkdf` - HKDF-SHA256 key derivation
-- `golang.org/x/net/proxy` - Tor SOCKS5 proxy
-- `crypto/aes` + `crypto/cipher` - AES-256-GCM encryption
-- `crypto/hmac` + `crypto/sha256` - HMAC authentication
-- `crypto/rand` - Cryptographically secure randomness
+---
+
+## 📚 Documentation
-## References
+- **[CHANGELOG.md](CHANGELOG.md)** - Version history and release notes
+- **[ARCHITECTURE.md](ARCHITECTURE.md)** - Technical design and protocol specification
+- **[SECURITY.md](SECURITY.md)** - Security model and threat analysis
+- **[API.md](API.md)** - SMTP protocol and message format
-- [Sphinx: A Compact and Provably Secure Mix Format](https://cypherpunks.ca/~iang/pubs/Sphinx_Oakland09.pdf) - Danezis & Goldberg, IEEE S&P 2009
-- [Tor Project](https://www.torproject.org/)
-- [RFC 5321 - SMTP](https://tools.ietf.org/html/rfc5321)
-- [RFC 5536 - Netnews Article Format](https://tools.ietf.org/html/rfc5536)
+---
-## License
+## 🎓 How It Works
-MIT License
+### Sphinx Mixnet Overview
-## Contributing
+```
+Client → Entry Node → Middle Node → Exit Node → Destination
+ (Hop 1) (Hop 2) (Hop 3)
+```
-1. Fork the repository
-2. Create feature branch
-3. Submit pull request
+**Each hop:**
+1. Decrypts one layer of encryption
+2. Cannot see final destination (onion routing)
+3. Adds random delay before forwarding
+4. Batches with other messages for mixing
-## Disclaimer
+**At exit node:**
+1. Final decryption reveals cleartext message
+2. Headers are sanitized (From, Message-ID, Date randomized)
+3. All identifying metadata removed
+4. Delivered to final destination
-This software is provided for educational and research purposes. Users are responsible for complying with applicable laws in their jurisdiction. The authors are not responsible for misuse.
+**Security properties:**
+- No single node knows both sender and recipient
+- Forward secrecy: past messages safe if node compromised
+- Timing attacks mitigated by random delays + batching
+- Traffic analysis resisted by fixed packet sizes + mixing
---
-**fog** - *When privacy is not optional*
+## 📖 License
+
+MIT License - see [LICENSE](LICENSE) file for details.
+
+---
+
+## 🙏 Acknowledgments
+
+- **Sphinx Mix Network**: Based on the Sphinx protocol by George Danezis and Ian Goldberg
+- **Tor Project**: For anonymous networking infrastructure
+- **Go Community**: For excellent cryptography libraries
+
+---
+
+## 📞 Contact
+
+- **Website**: https://fog.network
+- **Email**: info@fog.network
+- **IRC**: #fog on Libera.Chat
+- **Usenet**: alt.privacy.fog
+
+---
+
+## ⚠️ Disclaimer
+
+fog is designed for legal, privacy-preserving communications. Users are responsible for compliance with applicable laws. The fog network operators do not endorse or condone illegal activity.
+
+**Exit node operators**: Be aware that running an exit node means your IP/server may be associated with traffic you did not originate. Consider legal implications in your jurisdiction.
+
+---
+
+<div align="center">
+
+**🌫️ Join the fog network today and reclaim your digital privacy! 🌫️**
+[![Download](https://img.shields.io/badge/Download-Latest-brightgreen.svg)](https://github.com/yourusername/fog/releases)
+[![Donate](https://img.shields.io/badge/Donate-Bitcoin-orange.svg)](https://fog.network/donate)
+</div>