Comments (2)
I'll begin by addressing the concept before we discuss specific implementations. In general, I don't see many compelling benefits in using message relays as a standard practice: it reintroduces many of the problems of server-based IM and shifts trust rather than eliminating it. Trying to solve those leads into building a higher latency anonymity network on top of Tor, and that's a place I wouldn't go.
- A user's network might momentarily drop due to their ISP or VPN experiencing problems or a directed attack at them or their ISP/VPN. This is bad for anonymity as adversaries may use this to deanonymize the user.
I think it's helpful to split this attack into two variants: discovery and confirmation. Discovery would be using natural conditions (network instability, time of day) correlated with the peer's connectivity/latency to narrow down where they are, their guards, or their own connection. Confirmation is the ability to actively abuse a relay/router/clear internet target and observe the effect on your peer to validate your guesses.
Tor is naturally weak against the confirmation attack. Even in non-hidden-service usage, those attacks are very effective, especially on long-lived connections like IM. We can try to mitigate specific situations, but in many ways it's an inherent flaw of real-time communication.
I'd split the discovery attack into two categories: trusted attackers (your approved contacts) and untrusted attackers. It's most important to prevent an untrusted attacker from learning anything. Fortunately, that's something we can address with smarter treatment of hidden services and contact requests: as much as possible, I'd like to avoid exposing online state and latency to unapproved peers, at least in any useful detail.
A message relay can make it more difficult to conduct the discovery portion of this attack, but only when it completely obscures (at least within some grace period) your actual connection state. You also remain vulnerable to the same attack by (one of) your relay(s). The costs and complications are significant and the benefit is limited. A user who is very concerned about being deanonymized by their approved peers over time may be more comfortable with high-latency (email-like) services instead - where solving these problems is much more realistic.
We need more research on these topics, and how they apply to Tor and hidden services especially. There may be defenses we could use by throttling incoming circuits, introducing false latency, throttling reconnection, etc. We can't completely solve the situation, but I am certainly interested in how we can make attacks more obvious or more difficult.
2 . The user may wish to go offline for several hours (ex. school, work, sleep, etc) and still want to be able to receive messages without keeping their computer on.
This is the more compelling case for using (in some cases) message relays/servers. I'd be interested in discussing designs that would allow:
- Storage and retrieval of messages for your peers without being simultaneously online
- Without exposing, including over time, your relationships or any useful information about your communications
- With the ability to detect message loss and tampering by the server
- While maintaining the general principles and security model as they exist now
I think this could be addressed relatively simply with appropriate cryptography (Open WhisperSystems' work on asynchronous OTR is interesting) and without trusting message relay(s) with any useful information. That seems like an appropriate starting point for extending the design beyond simple peer-to-peer connections. And in the long term, with more research and understanding of the issues, it could build into helpful solutions for connectivity attacks.
What're your thoughts?
from ricochet.
There is a clear need to build a high-latency mixnet on top of Tor, but as @special said it remains a research topic. We're perhaps nearing the point where we can do it more-or-less right though.
If you want asynchronous messaging now, then you should use Pond : https://pond.imperialviolet.org/
from ricochet.
Related Issues (20)
- website certificate expired HOT 4
- combine ricochet addressing with signal protocol and SMP
- Ref. #278 - Application Crashes When Removing Contact HOT 5
- working apparmor profile for debian sid
- Ricochet won't launch on Ubuntu Mate 18.04 HOT 2
- Add contacts button not visible
- Please @special do something HOT 54
- Suggestion: Focus on the Service. Do not include Tor HOT 7
- Idea of a feature: Decentralized chat groups HOT 1
- Ricochet for android? HOT 2
- Is this project still alive? HOT 2
- Public ricochet ID location HOT 4
- Ricochet for iPhone ? HOT 3
- Cannot start on Manjaro
- ricochet.im is either hacked, or misconfigured. You might want to check your server settings.
- John's keys that signed the tarball on download's page seem to have expired HOT 1
- RetroShare 0.6.6 alternative to ricochet HOT 1
- Ricochet stops working in October 2021 HOT 12
- Website's SSL certificate expired 3 days ago
- A lot of warning message at GUI
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ricochet.