On 05/27/2013 05:41 PM, Tom Ritter wrote: > Is that important for Strongbox? I don't think Strongbox's threat model > needs the document upload server to *be* anonymous. Strongbox is run by > the New Yorker. If you want to find their upload server, just look at > all the IP ranges the New Yorker leases. Or subpoena them, or serve > them with a warrant. > > If you were talking about Wikileaks, I might agree - it might be > important for them for their servers to be anonymous. But then again, > it apparently *wasn't* because IIRC they never ran a document upload > service soley on a HS. (They may have run one, but everything was also > available on the general 'net, again, IIRC). > > I think for all (or most?) of the document leaking services we've seen > so far, the anonymity of the server isn't terribly important, it's the > security & anonymity of the sender that must be preserved at all costs. > In that regard, HS are still good, because as you said "sources are > forced to use Tor, [with] end-to-end crypto without relying on CAs". There are a couple of other reasons why even an org like the New Yorker might want their document upload server to be anonymous. If an attacker knows the IP of the upload server (and can make web requests directly to the IP, as opposed to the .onion) they can DDoS them without bringing down the Tor network. Also, if a government knows the IP of the upload server and it's in their jurisdiction, they could potentially raid the data center and seize the server. I agree, most of the time leak sites don't need as much anonymity from hidden services. -- Micah Lee @micahflee
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk