On 9 April 2015 at 10:09, Hans-Christoph Steiner <[email protected]> wrote: > Feedback welcome, I think this could help with iOS usability a lot without > leaking much extra information. I think it could also help make transferring > large files with ChatSecure on Android more usable as well.
As I understand it: Alice and Bob on the same XMPP Provider AB will use a zerobin instance run by Provider AB. No additional metadata leaks. Alice and Bob on separate XMPP Providers A and B will use a zerobin instance run by either Provider A or B. A or B will then learn the public IP of Bob or Alice which is new information. You could say that the initiator of the file transfer will use the provider of the recipient to be "gracious", and leak their own IP instead of requesting the recipient to leak theirs. And if Alice or Bob use an XMPP provider that does not run a zerobin instance (like google) they will leak their public IP to the provider that they do use. So it seems the priority of choice for the instance to use would be: - Zerobin Instance run by Provider of recipient - Zerobin Instance run by Provider of sender (if the recipient's provider doesn't run one) - Zerobin Instance run by a trusted third party (if no one's provider runs one) I don't imagine you have stats on the popularity of XMPP providers for ChatSecure? Also: I would audit zerobin and ensure there is no metadata that can leak via public crawling (such as number of transfers occurring, publicly indexable lists of files (although the "burn after downloading" seems to address that a bit.)) This is no different than the security of XMPP servers leaking information though via misconfiguration (such as chat rooms or logs being accidently left laying around.) -tom _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
