[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Obfuscated URLs?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Max wrote:
> already in here:
> http://offsystem.sf.net <http://offsystem.sf.net/>

I've had a look at OFF system and I think I'd rather stick with Freenet
for such purposes.


> On Tue, Jun 30, 2009 at 8:47 PM, Martin Fick <mogulguy@xxxxxxxxx
> <mailto:mogulguy@xxxxxxxxx>> wrote:
> 
> 
>     Obfuscated URL Paths?
> 
>     Would it be possible to create a URL or some longer string that
>     describes a hidden path through the tor network to a specific
>     hidden URL and to implement a routing mechanism to access
>     documents (files) using this "Obfuscated URL"?
> 
>     I am fully aware of hidden services, and I am suggesting something
>     that I think is quite different.  I am suggesting a way to point
>     someone to a file on the normal non-hidden internet without
>     telling them where I am pointing to!
> 
>     I envision an onion encrypted URL along with the exact path through
>     tor (the three hops) also onion encrypted.  This would be similar
>     to the way a client normally wraps requests through tor, but the
>     wrapping would happen up front and then the wrapper would become
>     the "Obfuscated URL" which could be handed off to someone else
>     obfuscating both the path through tor and the final destination to
>     the person receiving the "Obfuscated URL".
> 
>     Obviously, this would not allow a user to chose their own route
>     through tor to maintain anonymity according to their standards,
>     so allowing them to route through 3 original nodes before using
>     the obfuscated URL inside the tor network might be necessary.
>     This I believe should be similar to the way accessing hidden
>     services works (3 hops in, 3 hops out).
> 
>     The hard part is that it seems like it would also be necessary
>     to layer a document fetching mechanism ontop of tor instead of
>     simply wrapping TCP to make this effective though?  If not,
>     obfuscating the URL from the fetcher is likely to be useless since
>     end point servers are likely to divulge their locations via most
>     protocols (headers...).  Would there be an easier way, to avoid
>     this disclosure than creating a new fetching protocol?  Perhaps,
>     by adding a built-in simple obfuscating proxying mechanism such
>     as polipo on the exit side?
> 
>     The intent of the Obfuscated URL would not necessarily be to
>     maintain long term obfuscation of the URL (could it?), but at
>     least to be the basis of a mechanism that would allow users to
>     publish hard to censor anonymous content without a hidden service.
>     Perhaps the user changes the hidden location every now and then
>     in case the real URL is eventually disclosed, but it the
>     obfuscation mechanism works for a long enough time, in some case,
>     this might be a lot easier and safer than using a hidden service
>     (easier to change the location, ability to use free web space
>     anonymously...).  Of course, I neglected to mention how the
>     user would publish their obfuscated URLs in the first place,
>     but that problem exists with onion URLs also?
> 
>     Any thoughts?  Crazy, useless, impossible...
> 
>     Cheers,
> 
>     -Martin
> 
> 
> 
> 
> 


- --
The best way to get past my spam filter is to sign or encrypt
your email to me.
My PGP KeyId: 0x84D46604
http://blogdoofus.com
http://tinfoilchef.com
http://www.domaincarryout.com
Un-official Freenet 0.5 alternative download
http://peculiarplace.com/freenet/
Mixminion Message Sender, Windows GUI Frontend for Mixminion
http://peculiarplace.com/mixminion-message-sender/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSkqpH3V+YnyE1GYEAQjuPAf+NxUCFiYNVuTkqID2A7Wyazu8gLi47+Uh
kwVMudAbnLXy/iJ/LmZ+bsWLvOsIGnO6O3NA2P7+QEVTP+geOFefu8/2DpHY2Kaz
ZHLglRT7licUQ2aFaQaJRx4xF2ics5BX8D93xZz+tMiJaKpCveCjQbHgcgOCTjsu
CdyTgjj5bFo5JflZfth+oCFQbB6+41EaG8RVA2Y4UWhF6FOFvzYBsUj3yvvdsh/9
NljIyhm8RZfP/FHQ+l9RE92foP44ff1lFhWJ/g32uqXOTtt7DK7bS7loS0SgEnFf
tmIUQiuLwMf7QL+IiktF1CCbWnVBEfk4JCQfkTcvOOWg7c1DDk79WA==
=95U7
-----END PGP SIGNATURE-----