[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Projects? (in anticipation of the TPP deal?)



 
This post is mostly inspired by Tor Messenger.
With all the news about TPP and privacy issues I
am wondering if any anyone here planning to create
more software for privacy issues?

One weakness about Tor Messenger is the server can
collect metadata. I wrote a doc and prototype that
overcome this but it works with sending messages
not so much with instant messages. In short it's
design for mail and allows lag to hide when the
message was written/originally sent. A user is
expected to have many keys so the recipient is
hard to guess. The idea was to allow a user to
write a message, encrypt it for a recipient,
encode it as BASE64 or a png image and delivered
it to a server either directly or by using a
popular site as a proxy such as fb, reddit, imgur
etc. The idea was if I didn't/couldn't use tor
(maybe I'm at a hotel or a place with aggressive
filtering) but can use a popular site supporting
https I can write a private message and send it to
a server using their social media account. The
server picks it up and deliver to a friend who may
use another popular https site. Same idea in
reverse the server can give me daily bulk messages
in an image. I had a prototype written in node but
this can easily be done in c and .NET if desired.

IDK if anyone here is interested in sending
messages like that. I think instant messaging is
doable over tor if we made a protocol that
supports unregistered users. Two users can find
eachother by creating a shared secret that expires
every X days (30, 90 it doesn't matter) and using
it to generate a hash like
sha256(share_secret||hours_since_epoch). The
server would than connect two people who use the
same hash and the two users would authenticate
eachother.

Between the high and random latency messages/email
and Tor Messenger with a protocol like the above
we'd have pretty good privacy with hard to
connect/associate metadata. I'm pretty sick of
email through tor. For example I was using
hotmail/outlook to write this message but they
told me I have to include my phone number if I
want to send this message. I tried 5 different
providers and my signup was rejected either
because tor was blacklisted or because their
javascript had a fight with the tor
browser/ghostery/noscript. I think we should have
a PM/email system for tor users and possibly do my
idea above with social media as a proxy if it
isn't against their TOS.

Is anyone interested in doing either? Does anyone
else have ideas/concerns we might want to create
something to address? In the past I thought tor
messenger is a good idea but I didn't think anyone
was working on a project like this (I'm glad I'm
wrong)

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk