[messaging] fyi: metadata-eliminating tor-based chat program: Ricochet
Trevor Perrin
trevp at trevp.net
Fri Sep 19 17:03:33 PDT 2014
On Fri, Sep 19, 2014 at 1:38 PM, Tim Bray <tbray at textuality.com> wrote:
> A number of things about this one made me kind of uneasy. The clichéd tone
> of the article “high-school dropout trumps NSA!” The complete absence of
> input from anyone who wasn’t a project insider, and the dissing of
> competitors who are actually shipping working software.
Seems like a critique of the journalism, not the project.
The project looks like a simple-ish chat protocol using Tor Hidden
Services for peer-to-peer connections. I think it relies on Tor HS
for encryption and server-auth, and adds some fairly simple
client-auth.
There's a slew of new apps using the model of "Tor Hidden Services for
peer-to-peer connections". We had a thread about that for email-like
messaging, e.g.
https://moderncrypto.org/mail-archive/messaging/2014/000434.html
https://moderncrypto.org/mail-archive/messaging/2014/000447.html
The advantage of this model is that your metadata isn't seen by a
server. A less obvious disadvantage is that, compared to proposals
where both parties use Tor as clients to communicate via some server,
users might be exposed to things like:
- hacking / DoS targeted at your Hidden Service
- deanonymizing users via Hidden Service attacks
- deanonymizing users via monitoring HS uptimes
- linking users via monitoring Alice's HS uptime, and correlating it
with Bob's polling to see if Alice is up
I also don't know how well Tor HS would scale to large numbers of
people using it this way. But that would be a good question for a HS
expert (do we have one?)
Trevor
More information about the Messaging
mailing list