On 1 July 2013 05:04, Ben Laurie <b...@links.org> wrote: > On 1 July 2013 01:55, Jacob Appelbaum <ja...@appelbaum.net> wrote: >> So then - what do you suggest to someone who wants to leak a document to >> a press agency that has a GlobaLeaks interface? > > I would suggest: don't use GlobalLeaks, use anonymous remailers. > Bottom line: Tor is weak against powerful adversaries because it is > low latency. High latency mixes are a lot safer. > > GlobalLeaks should have an email API, IMO.
Having looked a lot at the current remailer network, and a bit at GlobaLeaks - I'm going to wade in and disagree here. (Although this thread has gotten woefully off topic after I've bumped it. =/) Ben: I love mix networks. I've been learning everything I can about them, and have been researching them voraciously for a couple years.[0] But IMO the theoretical gains of high latency *today* are weaker than the actual gains of low latency *today*. Virtually all remailer use is Mixmaster, not Mixminion. If you want to use anything but a CLI on Linux - you're talking Mixmaster. So I'm assuming you mean that. Mixmaster uses a very, very recognizable SMTP envelope, that often goes out with no TLS, let alone no PFS. There's also precious few people actually using it. And finally, if you look at the public attacks on remailers (the unfortunate bombing threats of last summer) and Tor (the Jeremy Hammond case) - you see that Feds are willing to go on fishing expeditions for remailers, but less so Tor. Tor was traffic confirmation, Remailers was fishing.[1] Compare to GlobaLeaks. Tor Hidden Service, Tor network. The two biggest threats are Traffic Correlation and the recent attacks on Hidden Services. Assume a Globally Passive Adversary logging all SMTP envelopes (because... they are. So don't assume, know.). Now assume a leak arrives over email. Light up all the nodes who sent a message via Mixmaster within a couple days, and you'll get at most, a couple hundred. Now dim all the lights who've never sent a mixmaster message before. You'll get a couple. That's enough to investigate them all using traditional methods. Now you *do* have to assume a GPA who's logging all Tor traffic. It's possible. Some would even say it's probable. But we've seen no evidence. Do the same light-up. You get a hundreds if not thousands of nodes. Too many to investigate traditionally. And to do Traffic Confirmation, you need to identify the Hidden Service. And there's the issue that it's not trivial to do traffic confirmation. Oh and there's also the little problem of sending anything over 10,236 bytes via Mixmaster splits the message into multiple messages that all emanate from your machine which makes it wildly probable some won't arrive, and also drastically makes you stand out the crazy person who's trying to send anything other than text through Mixmaster. I'm not saying GlobaLeaks+Tor is safe. I'm saying I think our current remailer network is wildly unsafe. (Now what I think about fixing it... that's a whole other story, for a whole other time.) -tom [1] https://crypto.is/blog http://defcon.org/html/defcon-21/dc-21-speakers.html#Ritter [1] If you don't like my last argument, fine, ignore it, and work with the others. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography