[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and P2P (Hidden SMS)

Hash: SHA512

On 26/09/12 10:06, Nathan Freitas wrote:

>> After implementing the torchat protocol and seeing how bad it
>> is, but how nice the idea is, I started thinking it would be cool
>> to have a more general protocol for P2P use through hidden
>> services.
> This is something we have definitely been considering as a feature
> or add-on to Orbot - essentially mobile-to-mobile file sharing, 
> messaging/voice messaging via hidden services.
> While we don't need a very complex p2p design (in short, we are
> mostly just talking about simple HTTP servers running on each
> device, behind a hidden service .onion), I am concerned in the long
> run about scalability and reliability of this. It is not unheard of
> for apps that work well and do something cool to suddently have 1M+
> users, and already are nearing half that with Orbot.

I've had an idea for a while for a killer service for Orbot, but
haven't begun to start implementing it yet. I use an application
called TextSecure to send encrypted SMS. It hides the message that I'm
sending, but it doesn't hide who I'm talking to and when, which is
just as important.

If Orbot on my phone and my friends phone were both running hidden
services. Then they could both make a "direct" connection to each
other, and transmit SMS/BBM/Kik/WhatsApp style messages directly over
the Tor network between phones. The messages would automatically be
encrypted and the fact that either of us are even sending or receiving
messages, let alone who with, would be hidden.

This is not the same as using XMPP over Tor. XMPP requires a trusted
third party server to handle the relaying. This is P2P direct
communication using hidden services. It's not real-time IM chat. It's
SMS style chat (with acceptable delays), and the simplicity of the
user interface should reflect this. It would look very similar to the
native SMS app.

When one phone connects to another, it "knows" that the device it's
connecting to is running the hidden service that it is trying to send
a message to. However, the other phone, (the one running the hidden
service), has no idea who is connecting to it. So I think it would be
a good idea when sending a message that the phone connects to a hidden
service and says, "Hi. There's a message waiting for you at
xxxxx.onion. You can retrieve it using this long unique random code:
yyy". And then the recipient phone connects back to that onion address
to retrieve the message, supplying the unique code. That way, both
phones know the onion address of the person they're talking to.

Alternatively (this would be faster), in the original connection, it
could send the actual SMS content along with the "confirmation code",
and the message could appear to the recipient as "Unconfirmed Sender"
until the recipient phone successfully connects back to the sender
onion address to confirm that it sent it.

It could even allow multiple identities, with a different onion
address for each one.

Basically, it would provide encrypted, hidden, "SMS". In many
countries, the police can obtain information about who is SMS'ing who
without a warrant, they just need a warrant to view the content of
those messages. This would solve that problem.

Ideally, it would also use encryption to store the messages on the
phone side in case the phone is compromised. TextSecure uses EC public
key crypto for this. It takes incoming messages that aren't encrypted,
and encrypts them with the public key. You then use your private key
to decrypt them later. I believe the Guardian Project created a
library for encrypted sqlite databases which could come in handy there

- -- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4

tor-talk mailing list