On Tue, Jun 30, 2009 at 8:47 PM, Martin Fick
<mogulguy@xxxxxxxxx> wrote:
Obfuscated URL Paths?
Would it be possible to create a URL or some longer string that
describes a hidden path through the tor network to a specific
hidden URL and to implement a routing mechanism to access
documents (files) using this "Obfuscated URL"?
I am fully aware of hidden services, and I am suggesting something
that I think is quite different. I am suggesting a way to point
someone to a file on the normal non-hidden internet without
telling them where I am pointing to!
I envision an onion encrypted URL along with the exact path through
tor (the three hops) also onion encrypted. This would be similar
to the way a client normally wraps requests through tor, but the
wrapping would happen up front and then the wrapper would become
the "Obfuscated URL" which could be handed off to someone else
obfuscating both the path through tor and the final destination to
the person receiving the "Obfuscated URL".
Obviously, this would not allow a user to chose their own route
through tor to maintain anonymity according to their standards,
so allowing them to route through 3 original nodes before using
the obfuscated URL inside the tor network might be necessary.
This I believe should be similar to the way accessing hidden
services works (3 hops in, 3 hops out).
The hard part is that it seems like it would also be necessary
to layer a document fetching mechanism ontop of tor instead of
simply wrapping TCP to make this effective though? If not,
obfuscating the URL from the fetcher is likely to be useless since
end point servers are likely to divulge their locations via most
protocols (headers...). Would there be an easier way, to avoid
this disclosure than creating a new fetching protocol? Perhaps,
by adding a built-in simple obfuscating proxying mechanism such
as polipo on the exit side?
The intent of the Obfuscated URL would not necessarily be to
maintain long term obfuscation of the URL (could it?), but at
least to be the basis of a mechanism that would allow users to
publish hard to censor anonymous content without a hidden service.
Perhaps the user changes the hidden location every now and then
in case the real URL is eventually disclosed, but it the
obfuscation mechanism works for a long enough time, in some case,
this might be a lot easier and safer than using a hidden service
(easier to change the location, ability to use free web space
anonymously...). Of course, I neglected to mention how the
user would publish their obfuscated URLs in the first place,
but that problem exists with onion URLs also?
Any thoughts? Crazy, useless, impossible...
Cheers,
-Martin