[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Introducing Torsion, hidden service IM with real-world ambition



Hi!

This sounds like an interesting project. I had some thoughts about how privacy
aware IM could look like. This was partly because of the recent popularity of
proprietary messaging apps on mobile phones. There seems to be a trend toward
replacing sms+phone calls with protocols which run on top of IP. It would be
nice if these protocols were decentral, privacy aware in implemented in FOSS.
I know, your project is about PCs, but it would be nice for an IM to support
both PCs and mobile devices.

Using a hidden service address as identifies for contacts seems like a good
start. But I think there are a few issues with this design:

1)
You are always announcing your online status. Also, others may be able to
measure changes in the latency of your internet connection. Depending on your
implementation they may even be able to measure your bandwidth.

This might have effects on your privacy. e.g.:
- If you have several identities, it might be possible to link them by the
timing they go on/offline.
- If there are other users/applications sharing your internet connection, the
changes in latency will be visible. These other users can deanonymise you.
- If you are mobile and moving, the changes in connectivity may have a
pattern. This pattern may be unique to e.g. a certain subway line. You are
now deanonymised and tracked.

It would be nice if there were a node which relays messages sent to you
without revealing anything mentioned above. However, it is probably hard to
avoid trusting that node...

2)
Can you be simultaneously online with the same "account" multiple devices
(e.g. pc+mobile device)? You have only one hidden service address and where
incoming messages are routed is up to chance.


That said, I guess it is still a nice design and it may be pretty hard to
address these issues.

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk