This post is mostly inspired by Tor Messenger. With all the news about TPP and privacy issues I am wondering if any anyone here planning to create more software for privacy issues?
One weakness about Tor Messenger is the server can collect metadata. I wrote a doc and prototype that overcome this but it works with sending messages not so much with instant messages. In short it's design for mail and allows lag to hide when the message was written/originally sent. A user is expected to have many keys so the recipient is hard to guess. The idea was to allow a user to write a message, encrypt it for a recipient, encode it as BASE64 or a png image and delivered it to a server either directly or by using a popular site as a proxy such as fb, reddit, imgur etc. The idea was if I didn't/couldn't use tor (maybe I'm at a hotel or a place with aggressive filtering) but can use a popular site supporting https I can write a private message and send it to a server using their social media account. The server picks it up and deliver to a friend who may use another popular https site. Same idea in reverse the server can give me daily bulk messages in an image. I had a prototype written in node but this can easily be done in c and .NET if desired. IDK if anyone here is interested in sending messages like that. I think instant messaging is doable over tor if we made a protocol that supports unregistered users. Two users can find eachother by creating a shared secret that expires every X days (30, 90 it doesn't matter) and using it to generate a hash like sha256(share_secret||hours_since_epoch). The server would than connect two people who use the same hash and the two users would authenticate eachother. Between the high and random latency messages/email and Tor Messenger with a protocol like the above we'd have pretty good privacy with hard to connect/associate metadata. I'm pretty sick of email through tor. For example I was using hotmail/outlook to write this message but they told me I have to include my phone number if I want to send this message. I tried 5 different providers and my signup was rejected either because tor was blacklisted or because their javascript had a fight with the tor browser/ghostery/noscript. I think we should have a PM/email system for tor users and possibly do my idea above with social media as a proxy if it isn't against their TOS. Is anyone interested in doing either? Does anyone else have ideas/concerns we might want to create something to address? In the past I thought tor messenger is a good idea but I didn't think anyone was working on a project like this (I'm glad I'm wrong) -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
