-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Uncle Zzzen <[email protected]> writes:
> Lately I've discovered http://www.bitlbee.org/ and I feel a lot more > comfy with it. My question is, how secure is Bitlbee compared to > Jitsi or Pidgin? bitlbee appears to be a low-latency, connection-based technology and will therefore have the same security defects as any other low-latency technology, such as Tor. Low latency implies that an observer who can monitor both sides of the connection can swiftly detect that they are in communication, just by the packet timing and volume. To avoid this defect, security has to be message-based rather than connection-based, and the messages have to be encrypted and travel via a channel having high, random latency so that they get mixed with other such messages, thwarting traffic analysis. An example is the mixmaster anonymizing remailer network [1]. Tor documentation [2] is relevant here: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. [1] http://www.banana.mixmin.net/ [2] http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf - -- -- StealthMonger <[email protected]> Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:[email protected]?subject=send%20index.html Key: mailto:[email protected]?subject=send%20stealthmonger-key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/> iEYEARECAAYFAlDXchEACgkQDkU5rhlDCl7sQACgyD92iBtJD3XLREPb1OFmxGZc bXcAni+10N/j5y3PGR7QR90CqxkwYgLx =H0Cc -----END PGP SIGNATURE----- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
