> So then - what do you suggest to someone who wants to leak a document to > a press agency that has a GlobaLeaks interface? What do you suggest to > someone who wants to use a web email account that properly supports > HTTPS? What do you suggest to someone who wants location privacy from > their chat service? What do you suggest to someone who wants to buy > themselves time and not link their entire past to some event they think > might matter, thus attracting retroactive searches in the future? >
I would suggest him to wait to authorities until better software arrives :) > It is also why we have multiple implementations as well. There is a Java > version of Tor that is nearly ready for release and it will solve a > number of the C implementation concerns and exchange them for Java > related concerns. There are a few other Tor implementations in the wild, > each serving an interesting subset of users. Diversity is important. > > Still - having a bug in Tor as a client is a lot less likely than in > whatever application you'll use with Tor - web browsers come to mind > here but other chat clients, like Pidgin or Thunderbird, they also come > to mind. Didn't know about the java version. I agree, browsers and other clients are the prime attack surface. > >> 2) Network analysis: Tor is vulnerable to network analysis. FBI has made >> arrests to people that were specifically using TOR to hide their >> activities, and their use of network analysis to unmask them is documented >> (Jeremy Hammond, Stratfor case). >> > > What is public about Jeremy Hammond is worth reading. It suggests the > FBI has the lamest of all Network analysis techniques - a very simple > traffic confirmation attack. They appear to disconnect a person's > internet and then they ask their snitch if the person signs off from > their chat service. Yet it worked and the guy is in jail. It shows that you only need a single bit leak to get into trouble. And they were the police, the mafia may require less than one bit. > There are solutions - one of them is to run a second > machine reachable by (Stealth) Tor Hidden Service with your chat client > in gnu screen - login to that system, attach to the screen and chat away > - sometimes, you'll get disconnected but no one will see it. > > There are social issues that are more concerning though - if you > normally are quite chatty, only to stop chatting, they might suggest > that not speaking is confirmation, etc. So this issue issue, like any > solution, is partially a technical issue and partially a social issue. Maybe software can help in this regard, to protect you from yourself. >> Some months ago I tried to fix some shortcomings of Tor by wrapping it in >> a higher layer and using it for simple network-analysis resistant chat. >> The result was a protocol so slow that's almost unusable, if someone want >> to take a look at it it's here: https://github.com/alfred-gw/torirc >> > > This is awesome! > > I've git clone'd it. I'm going audit it and send you > feedback/patches/etc. Thanks for hacking on Tor related software! Thanks you. I'm thinking of making it work with the new tor python bindings. It's just an experiment, nothing serious. > my first thought is that you might consider making it use OTR for p2p > chats on the server - there is no good multi-party OTR implementation > yet, so at that point, I might just look at the mpOTR paper from > Goldberg et al. A number of us worked on a spec that is so far from done > that it isn't worth linking at the moment. Ahh that's an awesome idea. Will look into it. > > I feel OK about not having another layer of crypto on top of a Tor HS > but in your protocol's case, I'd encourage you to use Stealth Hidden > Services - so at least then the only people connecting are the ones who > are cryptographically authenticated in some manner. I used regular hidden services. Didn't know there were a stealthier ones. Will look into it. BTW, didn't like the fixed 1024 RSA key for hidden services. Hope it changes in the future. > > You will probably very much like Pond: > > https://github.com/agl/pond/ > > I use it daily. It is perhaps my favorite application, ever, for use > with Tor. Very good project. Fortunately I have no use for it yet, might steal some ideas from it. > >> I would like to see a tor configuration flag that sacrifices speed for >> anonymity. > > You're the first person, perhaps ever, to make that feature request > without it being in a mocking tone. At least, I think you're not mocking! :) > > All the best, > Jacob > Of course I'm not mocking you :) as some people already said, low-latency is comfortable but if you life is in danger, I'm sure you can wait a little longer for your messages to arrive :) Best regards, Alfred _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
