[messaging] fyi: metadata-eliminating tor-based chat program: Ricochet

Mike Hearn mike at plan99.net
Mon Sep 22 04:54:54 PDT 2014

> If you give up peer-to-peer you could have both parties connect to a
> chat server via Tor.  But then the server can tell which pseudonyms
> are talking (unless, I suppose, you start doing tricky things with
> shared secrets like Pond/Petmail delivery tokens).

The Richochet design seems to have no real way to implement presence other
than polling, and is generally using the Tor infrastructure in ways it
wasn't designed for. Having a server outside of Tor that accepts
connections via Tor erases the IP information it'd otherwise have, and then
you can indeed use a Pond style scheme to remove the need to authenticate
to the server before sending messages.

It seems like it'd have much better user experience, scalability and
performance characteristics, without leaking much more information.
Although the server is in a position to log things, so are the Tor HSDirs
and the logs would look much the same. We just sort of assume they don't.

An interesting project would be to try and upgrade TextSecure to accept
message submissions via Tor with a Pond-like group signature scheme, so the
TextSecure servers can't know who is sending a message to a contact. Orchid
can take a good 10-20 seconds to start up if the Tor consensus is stale but
Android apps are in an ideal position to wake up at night and keep the
local consensus warm, then it's only a few seconds - easily practical for
async messaging. Additionally TextSecure already has a Pond-like privacy
and spam model, along with a large userbase and maintainers who are UX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140922/865adae5/attachment.html>

More information about the Messaging mailing list