[messaging] fyi: metadata-eliminating tor-based chat program: Ricochet

Sean Comeau sean at ftlnetworks.ca
Mon Sep 22 05:26:30 PDT 2014

There is not much point in making this change to any TextSecure client until the websocket implementation is completely done on the server. Right now the only push mechanisms TextSecure-Server supports won't be easy to use with Tor.

Also, I wouldn't say that TextSecure has Pond's anti spam and privacy model at all. It could have something similar added, but unless you know something Open WhisperSystems hasn't made public, the means that federation might be made open are still undefined.

On Sep 22, 2014 1:55 PM, Mike Hearn <mike at plan99.net> wrote:
If you give up peer-to-peer you could have both parties connect to a
chat server via Tor.  But then the server can tell which pseudonyms
are talking (unless, I suppose, you start doing tricky things with
shared secrets like Pond/Petmail delivery tokens).

The Richochet design seems to have no real way to implement presence other than polling, and is generally using the Tor infrastructure in ways it wasn't designed for. Having a server outside of Tor that accepts connections via Tor erases the IP information it'd otherwise have, and then you can indeed use a Pond style scheme to remove the need to authenticate to the server before sending messages.

It seems like it'd have much better user experience, scalability and performance characteristics, without leaking much more information. Although the server is in a position to log things, so are the Tor HSDirs and the logs would look much the same. We just sort of assume they don't.

An interesting project would be to try and upgrade TextSecure to accept message submissions via Tor with a Pond-like group signature scheme, so the TextSecure servers can't know who is sending a message to a contact. Orchid can take a good 10-20 seconds to start up if the Tor consensus is stale but Android apps are in an ideal position to wake up at night and keep the local consensus warm, then it's only a few seconds - easily practical for async messaging. Additionally TextSecure already has a Pond-like privacy and spam model, along with a large userbase and maintainers who are UX focused.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140922/1653f71a/attachment.html>

More information about the Messaging mailing list