[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Games Without Frontiers: Investigating Video Games as a Covert Channel
On 26 March 2015 at 14:37, Rishab Nithyanand <rishabn.uci@xxxxxxxxx> wrote:
> Please correct me if I'm misunderstanding you. I think you don't buy some
> subset of the following implicit (I believe to be reasonable) assumptions
> that we make:
No, you're entirely correct about that :)
> (1) There is no collusion between application developers and censors.
That right there is a fundamental mistake. There are numerous ways for
that collusion to happen, but I'll offer just three:
- A developer can be legally compelled to comply with surveillance.
The Lavabit saga, versus the many other vendors who _didn't_ say no,
is instructive in this regard.
- A developer can be infiltrated or hacked. See also: Gemalto.
- A developer can be incompetent. Leak keys (hello, pastebin!), leave
admin backdoors, incorrectly configure crypto, etc etc ad nauseam.
> (2) There is a secure application distribution medium that the censors
> cannot "hijack".
...if and only if it is implemented correctly. That, again, is a
dangerous assumption. It builds on the first assumption, so now we
Also, remember that compromised client software trumps perfect crypto.
And remember that it's not just your game client that could be
attacked, it's the entire operating stack: hardware, firmware, OS, and
It feels to me like anyone who's already under surveillance would
probably gain nothing at all from this exercise beyond a false sense
of security. Its benefit to anyone else, over and above using the
alternative existing tools, is a question I'd be interested to
> (3) Crypto attacks against authenticated, encrypted, and integrity
> protected channels are not possible.
...if and only if they are implemented correctly. Another assumption,
so now we're at assumption^3. And vulnerable to the same attack
vectors as your second assumption. Assume Tor is as resistant a comms
channel as we can manufacture today - it didn't save Ross Ulbricht.
Why? Because he made opsec mistakes _separate_ to the secure comms
I think the mistakes you're making here are broadly twofold:
1) You're assuming technology is implemented in a hypothetically
perfect manner. That's great in an academic thought-experiment, but
not in the real world.
2) You're underestimating both the vulnerable surface area of this
sort of project, and the capabilities of the potential adversaries.
And again, I don't think the paper is useless or uninteresting - I'm
not completely down on it :) I just don't think it's as effective as
you're pitching it to be. If nothing else. the obfuscation may raise
the bar a bit for an attacker. At worst, though, it may lull a user
into a false sense of security. We do, after all, know that the NSA is
attacking game networks, presumably because they have a sense that
their targets are using them to communicate. You're relying on
security through obscurity, but the obscurity is already under attack.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to