[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymity on mobile devices

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Anonymity on mobile devices
From: Matthew Thorne <Mlthorne@xxxxxxxxx>
Date: Tue, 20 Sep 2005 15:58:34 -0300
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 20 Sep 2005 14:59:08 -0400
In-reply-to: <43304AC3.8080303@web.de>
References: <432C3DFC.6080607@web.de> <432FE455.3050704@web.de> <5c4c375e0509200731432da7c2@mail.gmail.com> <43304AC3.8080303@web.de>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Christian Beil wrote:

Thanks for your contribution, Matt. I agree with you, but may I ask why exactly the wireless connection (from the mobile device to the the provider) is the biggest weakness? We wanted to apply Tor directly on the mobile device, but there were two problems: 1. the device can't handle the many heavy cryptographic operations 2. the OR list is quite big and cost the user more than 1 euro each time To improve our gateway architecture, I was thinking of the following (partial) solutions for these problems: 1. the mobile client negotiates a key with one OR which he wishes as exit node, he encrypts a single onion skin for this OR and sends the cell/skin to the gateway, the gateway adds the additional onion skins and sends the cell, therefore the gateway doesn't know the final destination 2. therfore the client needs the OR list, which could be stored on the device permanently; each time the client connects to the gateway he loads just the status of the ORs and perhaps some updates to the OR list (new onion routers)
Cheers!
Christian

I like the idea of the gateway further not knowing the final product, but more useful would be if you could find some way to reverse the process or add a link so that the gateway wouldn 't know who the origin was. I know that this is just adding more trouble to the processing plate. I would be interested in hearing what kind of hand shake you are thinking about doing if not public key. I know that there are some good other one's, but none that are quite on the same level of security. Or perhaps the device could handle just the one public key exchange with out overloading. If you don't have any good idea's, I have some ideas that could be usefull to you. kind of depends on what specifically you are guarding against though. In effect: What are you trying to hide? Your actions, Your Identity/Location, or some combination of both? As to your question: Wireless is always going to be a security risk because we have yet to invent perfect encryption. It makes it almost imposible to get rid of risk and there is always risk while your enemies are able to freely collect your private information at will and without your knowledge.

curiosity, what costs the user more than 1 euro each time?....
or in other words
what does this  sentence mean...

<2. the OR list is quite big and cost the user more than 1 euro each time>


-=Matt=-

Follow-Ups:
- Re: Anonymity on mobile devices
  - From: Christian Beil

References:
- Anonymity on mobile devices
  - From: Christian Beil
- Re: Anonymity on mobile devices
  - From: Christian Beil
- Re: Anonymity on mobile devices
  - From: Matt Thorne
- Re: Anonymity on mobile devices
  - From: Christian Beil

Prev by Author: Re: Abuse resistant anonymous publishing - Proposed solution to the Wikipedia issue.
Next by Author: Re: Have some consideration for users...
Previous by thread: Re: Anonymity on mobile devices
Next by thread: Re: Anonymity on mobile devices
Index(es):
- Author
- Thread