<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none"></style> </head> <body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;"> <p>That's true, the TextSecure server always knows who the sender and recipient are, regardless. Adding Tor to the sender side would only deny the server knowledge of the sender's IP address. Thanks to the use of proprietary push messaging systems it already lacks the recipient's IP address unless an attachment is involved.<br> </p> <p><br> </p> <p>As far as spam goes, TextSecure does contact intersection. The server will confirm the registration status of many thousands of potential users at a time, for any authenticated user. As the address space for phone numbers is small, and big chunks of that space can be ruled out with well known telephone numbering plans (eg. safe to assume that +1212555xxxx is unused). I believe it is currently feasible to accurately enumerate the users on the official WhisperSystems server, and then spam them. The only thing preventing this from being more than a theoretical problem is the lack of mainstream adoption, and thus profit motive.<br> </p> <p><br> </p> <p>The server could enforce a lower limit on the number of contacts a client may send during a directory sync, but that might break some clients who have synched their address books with really well used Exchange or gmail accounts. Adding some other form of identifier such as email addresses would help, and surely that must happen to support non-telephony devices, but even that doesn't make TextSecure any more resistant to spam than email.<br> </p> <p><br> </p> <p>Anyway, I think may be getting too off topic here.<br> </p> <p> <br> </p> <div style="color: rgb(33, 33, 33);"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> mh.in.england@gmail.com <mh.in.england@gmail.com> on behalf of Mike Hearn <mike@plan99.net><br> <b>Sent:</b> Monday, September 22, 2014 5:39 AM<br> <b>To:</b> Sean Comeau<br> <b>Cc:</b> Trevor Perrin; messaging<br> <b>Subject:</b> Re: [messaging] fyi: metadata-eliminating tor-based chat program: Ricochet</font> <div> </div> </div> <div> <div dir="ltr"> <div class="gmail_extra"> <div class="gmail_quote"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex"> <div> <p dir="ltr">There is not much point in making this change to any TextSecure client until the websocket implementation is completely done on the server. Right now the only push mechanisms TextSecure-Server supports won't be easy to use with Tor.</p> </div> </blockquote> <div>There's no need to replace the push side, I'd think. If the send side is via Tor then the receiving side doesn't have to be. After all, even with ring signature authentication the TextSecure servers still need to know which recipient to route the message to. </div> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex"> <div> <p dir="ltr">Also, I wouldn't say that TextSecure has Pond's anti spam and privacy model at all. It could have something similar added, but unless you know something Open WhisperSystems hasn't made public, the means that federation might be made open are still undefined.</p> </div> </blockquote> <div>What I meant is, you cannot message someone via TS unless they've given you their phone number, which is usually a private-ish sort of credential. So they don't have the same complicated anti-spam issues that comes from accepting messages from any random person who crawls the web and finds a widely published address.</div> </div> </div> </div> </div> </div> </body> </html>