[messaging] App updates over Tor

Sun Jun 21 07:31:48 PDT 2020

> Most messengers provide only the illusion of security. They sacrifice 
> basic rules for the convenience of ordinary users without caring for 
> those who really need security.
>
> Really safe messenger MUST:
> - never updated remotely;
> - does not integrate with other services (for example, does not use 
> phone numbers or mail as an ID);
> - has powerful ID protection in its protocol;
> - provides plausible deniability of having contact in book.

What do you think about updates over Tor?

In particular: app developer provides update url that is same for 
everyone. Clients only do GET request on that url. And client can/should 
come via Tor to hide its ip/identity.

And updates are allowed when user clicks button, i.e. never without the 
confirmation. Downloaded bytes' hashes can be calculated and compared to 
known safe version's hash. Friends should provide assurance, hashes 
should be calculated and checked by program, showing only confirmations 
as info for user.

Anonymity of client leaves to attacker only in-discriminant 
bundestrojaner scenario.

Thoughts, concerns, UI suggestions?

> I tried to implement these requirements in my Torfone: 
> https://github.com/gegel/torfone
>
> The onion address is generated locally and uses as ID.
> Authentication is performed independently of Tor using own keys. The 
> IDs of  caller and callee are protected with PFS (by adding the SPEKE 
> protocol result to the hash of the signal's tDH). The session key is 
> output using a simple DH: tDH result is used only for authentication. 
> This makes it possible to receive calls from unauthenticated 
> subscribers (with the corresponding notification). During a call any 
> subscriber can add his or other contact to your address book, so you 
> can explain the presence of a compromising contact in it. Open source 
> makes it easy to check the protocol for leaks.

Wow. This sounds cool. But may I voice issue #2 again? Can you either 
give some script to setup environment for compilation, or give detailed 
doc. This whole concept of usability first of all touches us, devs :) , 
then we try helping users.

On the site I see mentioning of PGPFone. Is code related? Or, do you 
take conceptual inspiration?

Can you spell out architecture? It can be doodly doc file(s) for 
project, and cc-ed/ref-ed here. We'll appreciate that.

Do you have license there (like in each file)? Or do you want it to be a 
public domain? If later, you can say this explicitly, like djb did with 
nacl.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20200621/7cf1b42c/attachment.html>