[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] High-latency hidden services



On 07/03/2014 04:16 PM, Seth David Schoen wrote:
> The Doctor writes:
> 
>> On 07/02/2014 04:18 PM, Helder Ribeiro wrote:
>>
>>> Apps like Pocket (http://getpocket.com/) work as a "read it later" 
>>> queue, downloading things for offline reading. While you're reading
>>> an offline article, you can also follow links and click to add them
>>> to your queue. They'll be fetched when you're online so you can
>>> read them later.
>>
>> I've been using the Firefox extension called Scrapbook
>> (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this
>> for a while now.  I've done some experiments with it (packet sniffing
>> at the firewall and on the machine in question), and from observation
>> it seems sufficiently proxy-compliant that it routes all traffic in
>> question through Tor when it downloads and stores a local copy of a
>> page.  Secondary opinions are, of course, welcome and encouraged.
> 
> That's great, but in the context of this thread I would want to imagine
> a future-generation version that does a much better job of hiding who
> is downloading which pages -- by high-latency mixing, like an
> anonymous remailer chain.

One can imagine a browser extension that introduced random delay at each
step of getting a page. Webservers tend to drop very slow clients, as
defense against slow-loris DoS, so the extension would need to learn the
limits for each site.

> The existing Tor network can't directly support this use case very
> well, except by acting as a transport.

The ability to switch circuits during the process of getting a page
would help greatly.

> Right now, people who are using toolks like Pocket or Scrapbook over Tor
> _aren't_ really getting the privacy benefits that in principle their
> not-needing-to-read-it-right-this-second could be offering.  That is,
> a global-enough adversary can sometimes notice that person X has just
> downloaded item Y for offline reading.  There's no reason that the
> adversary has to be able to do that.
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk