[messaging] Tor Hidden Services in (Cables, SMTorP, Pond)

Trevor Perrin trevp at trevp.net
Sat Jun 14 13:31:19 PDT 2014

Some e2e messaging protocols make use of Tor Hidden Services.  It's
interesting to think about what value this adds:

In Cables [1] and the (work-in-progress) SMTorP [2], recipients can
run their own Tor Hidden Service.  So if you're online, messages can
be delivered directly to you without needing a mailbox server.

The downside:
 - Tor Hidden Services are easier to de-anonymize than Tor clients, as
arbitrary traffic can be directed at them [3].
 - Traffic correlation between sender and receiver is easier than it
would be in a store-and-forward system.
 - The recipient is advertising their online / offline status to
anyone who knows their address.
 - Correlating sender traffic with the online/offline status of
potential recipients might be possible.  Consider an attacker who can
monitor the sender's traffic profile.  If the sender's traffic profile
suggests they are "polling" for a recipient until time T, then
delivering a message, that suggests the sender might be communicating
with a recipient whose hidden service came online shortly before time

So a store-and-forward system with many users sharing the same mailbox
server seems better.  This is how Pond works [4].  But Pond's mailbox
servers are *also* Hidden Servers.  This may have some benefits, but
it doesn't seem necessary:

For user anonymity, users can contact their mailbox server and their
recipients' mailbox servers over Tor; Hidden Services aren't needed.

For unlinkability of users with each other, the correlation of packet
timing and sizes between sender and recipient needs to be broken.  In
Pond, clients retrieve padded data from their mailbox server at a
roughly constant rate.  Hidden Services don't help with this.

Hidden Servers might make it harder to do correlation of traffic
between sending clients and recipient *servers*, by making the
recipient server hard to locate.  But if users choose servers run by
known parties, then this protection is lost.  A better solution would
probably be high-latency-variance relays (remailers, mix network)
between sending clients and recipient servers.

Hidden Servers probably also have value in protecting servers from
getting taken down, or their operators harassed.  They also allow the
server operator to claim that since the server can only be contacted
over Tor, it's impossible for server to know much about its clients -
this might help avoid getting drawn into legal investigations.

But it's interesting to note that Pond's dependence on Tor Hidden
Services is slight.


[1] http://dee.su/cables
[2] https://github.com/pagekite/Mailpile/wiki/SMTorP
[3] http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
[4] https://pond.imperialviolet.org/tech.html

More information about the Messaging mailing list