Slashdot Mirror
Tor Is Building an Anonymous Instant Messenger
An anonymous reader writes in with news about a new anonymous instant messenger client on the way from Tor. "Forget the $16 billion romance between Facebook and WhatsApp. There's a new messaging tool worth watching. Tor, the team behind the world's leading online anonymity service, is developing a new anonymous instant messenger client, according to documents produced at the Tor 2014 Winter Developers Meeting in Reykjavik, Iceland."
Now I'll be able to communicate with some random, anonymous Internet person.
Slashdot is doomed.
"National Security is the chief cause of national insecurity." - Celine's First Law
Tor? The 'dark net' who's largest nodes are run by the NSA doing traffic analysis? That Tor?
The one that brought down silkroad?
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
That hides the content of your communication, but it still shows that you're communicating, and with whom. So the "metadata" that the NSA and/or FB are interested in is still available...
Ostensibly using TOR hides the fact that you're the one communicating, and who you're communicating with... (Whether that's still true in practice is another question...)
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
http://en.wikipedia.org/wiki/Dorsai!
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
(By which I mean: you need both... OTR and TOR aim to protect you from different threats.)
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
Will need that too, to compete. Plus a useful directory.. And most average people want to talk to people they know, sort of blows staying anonymous on a large scale.
---- Booth was a patriot ----
Did you know EVERY IM service commonly in use requires your text messages to pass through their servers, before they reach the recipient?
One can debate 'commonly used', but regardless there are options to either avoid that, or endpoint encryption so it wont really matter if you do pass thru a 3rd party server along the way. One option is Jabber.
---- Booth was a patriot ----
Is this to replace Facebook's?
== Jez ==
Do you miss Firefox? Try Pale Moon.
Better yet: make them not recognize the crypto as crypto.
Tor users are being attacked by government agencies and those whom haven't followed the advice of the project are becoming victims of there own stupidity. It has nothing to do with Tor having backdoors in it. Neither the Tor Browser Bundle nor Tails were vulnerable to the attacks by governments agents for users who maintained there system and updated daily.
Now the freedom hosting bust may have been different. I don't think we know in regards to that bust how the guy in charge of freedom hosting got caught. What we do know in the case of freedom hosting is they were able to gain access to freedom hosting's servers and infect them with malicious code that targeted a vulnerability in firefox. That vulnerability was patched in the Tor browser bundle and the only reason some end-users of these hidden services may have been caught up in that is because they failed to follow the directions. They failed to maintain there security updates and specifically the Tor Browser Bundle. The most critical component.
More appropriately, some random, anonymous Internet entity will be able to communicate with you. Of course, the NSA will know who that entity is, so they are really only keeping their identity secret from you. Pretty much like all that spam email that you receive now.
I'm an American. I love this country and the freedoms that we used to have.
Thats why I send all my communications in binary as a box of donuts. To confuse people even more the donuts are 1s and the holes are 0s.
Okay, first off, the nature of instant messaging is such that you can't truly have an anonymous system. After all, while "the network" may not know Alice, Bob, and Carole, the three of them must know each other and be able to distinguish between them...otherwise you've simply got ChatRoulette and the purpose of IM is largely moot.
Retroshare provides fully decentralized IM, pseudo-email, and file transfers. It's a wonderful tool in this regard. It solves the problem of $IM_SERVICE keeping a record of your chats, because there isn't one. It solves the problem of packet sniffing, because it's all PGP based and thus there is no such thing as an unencrypted packet that enters or leaves the software. It solves the problem of needing a server, because everyone is a peer. All of the things that this Tor program seems to solve, has already been solved, and then some. "Well then,why doesn't everyone use it?" Well, the nature of Retroshare makes it difficult to gain critical mass. You have to understand, at some level, how PGP works - instead of a 'friend request' with that person's actual name, you get to share public keys to 'add' them. This is fine and dandy, but opens up a few new problems. First, even cutting-and-pasting something the size of a PGP key and then reciprocating it to the other person is going to cause the eyes of most people to glaze over. Second, you'll need to exchange keys somehow; if you're e-mailing keys back and forth, most people would say "...so just e-mail the damn message". This is where the file sharing half comes into play, since users can trade files directly without having to do much else. However, with Dropbox/Gdrive/1Drive/etc making transfers stupid simple, the practical application for Retroshare in the eyes of Facebook Chat and Whatsapp users starts to wane significantly when put up against "use an already-functional communication medium to do a PGP exchange that will facilitate another communication medium." Bonus points for Retroshare being a smidge petulant when it comes to port forwarding, and not having a mobile version for any platform.
Conversely, we have IRC. it's ancient, and the UI of mIRC doesn't jive well with the Instagram crowd, but anyone with some semblance of tech skills can run an IRC server. Set that up with SSL and your communications are encrypted, with nothing more than a generic handle to identify you with. The problem is that you'll need someone who can set up such a protected server, and by definition, you have a single point of failure. IRC's other failure (which may apply to Retroshare as well) vs Tor is that IRC does involve IP addresses, so you'll still need a proxy of some kind (or Tor itself) to obfuscate that little nugget.
Tor routing communications through other users as a part of the protocol is the one problem it solves. Secure transmission of text-based messages has been solved pretty well already, "Anonymous IM" is an oxymoron based on the fact that IM in itself usually assumes a prior relationship of some kind between the two parties, and even if it didn't, each user will need *some* sort of unique identifier to ensure that Alice gets messages meant for her, Bob gets his, and Carole gets hers.
TOR not only attract the watchers with black helicopters and black vans, it's said to be vulnerable to timing attacks esp. by those same entities with extremely large means. So why isn't this news about anonymous IM on a garlic routing network or something?, either switch to a new network or upgrade TOR and call it TOR 2.0 or TOR 1.1 or something but please, something has to be done.
I've often wondered why there aren't more apps that can encrypt your voice during a call.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Thinking back to the way the UK looked at all calls into Ireland, the private US telephone services kept call data for generations... to Snowdens GCHQ's Tempora http://en.wikipedia.org/wiki/T... news... if your message exits the UK, goes on a global trip and re enters the UK, putting the start and end ip together would not be hard work :)
Domestic spying is now "Benign Information Gathering"
The big software and telco firms seem to offer decrypt as a default to their own security services via a simple 'letter'. .com/open source efforts might work for keeping your message safe but the surrounding ip would stand out as to 'why'.
The small
Re why there aren't more apps that can encrypt your voice during a call?
Why where so few encryption machines offered with hardware safe from the NSA and GCHQ in the 1950-80's?
Standards and price.
So in 2014 using a big software or telco firms offerings or been tracked by the use of other open source applications.. is back to standards and price.
One time pad and "number stations" seem to be the only neat way around illegal domestic spying programs.
Domestic spying is now "Benign Information Gathering"
The real question, however, is why every user effectively engaged in P2P communication (like webchat, IM, or Skype), allows a man-in-the-middle attack to collect and process their personal data, when the ONLY useful aspect of the service is connecting the users together in the first place.
Apparently, because doing that is patented. No, really! Apple tried it with Facetime, and got sued by a troll*, VirnetX. Initially that's how Facetime worked, Apple's servers authenticated you and connecting you together, but then the 2 devices connected directly for the content of the video/call, not through Apple's servers. They lost a $368million verdict and they were forced to change it so everything has to get relayed through their servers.
*I don't know much else about the company, but in this case I call VirnetX a troll because a) they didn't invent it themselves, b) they don't practice the invention, and c) it's so fucking obvious even a Slashdot Anonymous Coward came up with it independently.
There is no "strong steganography", but if "not drawing attention" is the goal, that's probably your best bet.
Socialism: a lie told by totalitarians and believed by fools.
This is why I encrypt all my conversations and embed the message in the background noise of cat videos.
So that's why I want to kill all humans.
systemd is Roko's Basilisk.
This is similar to vole:
http://vole.cc/
https://github.com/vole/vole
No Navy intelligence wrote the original tor software they then open sourced it and gave it to the community. It is now run by the TOR project most of the members of which are regularly harassed and spied on by the US government. Jaccob Applebaum head developer had is flat broken into and computers tampered, another tor developer, Andrea Shepard, have had her computer she ordered via amazon "redirected" mid shipment to NSA facilities in Alexandria Virginia. TOR devs have been pressured by homeland and have told them to F*** off consistently. The there was the TORStinks ppt from the NSA that Ed Snowden releasedvshowing they cant crack TOR.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Its called I2P-Bote, a messaging system based on DHT. Its a part of I2P which is included in the TAILS distro along with Tor.
Once the I2P bittorrent clients experimented with DHT and succeeded, some people figured they could pull off a messenger that was truly decentralized.
And speaking of decentralization, Tor's underlying protocol and topology may not have enough of it to remain viable for too long. OTOH, I2P users contribute to routing bandwidth by default, and nodes recognize each others' contribution to bandwidth... Its a general-purpose P2P networking protocol for real.
More than anywhere else, this is not a problem geeks alone can solve. The perfect chat client is worthless if none of your friends use it. WhatsApp was huge because everyone used it - network effect.
So Tor - yes, definitely a good step. But you need a good client, ease-of-use is as important as cryptography, and details such as automatically finding your friends who also use it. Threema has a nice solution for that with their hashed address books.
So please look beyond the backend code.
Assorted stuff I do sometimes: Lemuria.org
You want security at the expense of usability? build layers!
A single system can be hacked, a single OS has bugs, a single app has backdoors, a single protocol has explots etc etc
Use LESS popular services in combination with layers of security. For instance; You can use the Tor Network to SSH into a proxy to tunnel chat with pidgin & OTR plugin. If you're even more paranoid assume your OS is already hacked, use some exotic image like Qubes, create temporary destructible VMs to carry information...there are options and many of them make basic functionality a nightmare.
If you really care that much about having your idle chitchat being "secure" you can always assume everything is being listened to. Good old fashion message encryption is probably much better than a special app.
I am quite happy there's more focus on security but let's be serious here, Tor is a target for snoops. they will find a way in because they already proved they can.
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
I was using red-phone on the Android for 'special' conversations. I am pretty sure you can encrypt XMPP voice chats too.
Of course that doesn't address both ends if you want to call another cell phone user that has nothing special installed.
---- Booth was a patriot ----
Its really hard to see how Apple lost when you have FTP as prior art, as just one example of doing it over the Internet.
Really its mind numbing that you can basically add 'on the Internet' and get a patent for something someone ELSE has already done.
They didn't event switched virtual circuits.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Honestly, unless you build it yourself, how do you know it's doing what it says it's doing? The client is on iOS or Android? Wasn't there a story this week about about a key logging exploit for iOS? It may not matter that it's secure if there's a better attack vector on a device. Personally, I would never take a claim for security seriously, you're better off using whatever flawed IM service is out there already and just treat every message as a public broadcast.
It would be better to call it "not traceable".
Here the meaning of "anonymous" being that NSA can't tie an actual identity to the peers of a chat (by using the already well tested Tor network), and that they can't eavesdrop into the conversation (by using the already well tested OTR standard).
i.e.: Bob1983 and Alice_696969 happily chat to each other about how much they dislike the current political situation in Kiev or brainstrom about better methods to circumvent the Chinese Great Firewall.
They might know each other on-line since a while, enough to trust each other to talk about such objects freely (they might or might not have already met in real life but at least they are not completely anonymous to each other. At minimum they are pseudonymous. That's important because the "socialist millionaire" protocol to weed out man in the middle attacks requires them to know each other at least a bit)
Thanks to Tor, none of the concerned government (or any of they allies) will be able to know if one of those holding these subversive discussion is actually a citizen inside the country.
Thanks to OTR, nobody beside the two chatter will be able to actually know the content of the chat.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Tor isn't the NSA.
But some Tor nodes have six figure monthly bandwidth bills, and the feds have used traffic analysis to bust some Tor users.
Nobody can prove the Tor nodes are operated by the NSA, but the NSA would need such nodes to do the traffic analysis they have been doing.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
It's also possible that those pieces of evidence were discovered _after_ some other, illegal methods were used.
Except that, in this case it wouldn't have required any *illegal* method (1) (2).
It would have required method which go against anything that is currently known in cryptography.
The cryptographic methods which form the basis of Tor are sound and unbroken as of yet.
Tor is sufficiently well designed to avoid bugs and exploits that might lead to leaks (Side-channels, etc.)
To actual crack Tor open, you need to beat modern cryptography.
And the NSA doesn't have a monopoly on brains, and modern research is (as always) standing on the shoulder of giant.
Public academic research has brains involved, and has access to previous research, just like the NSA.
Chance are, if researcher at the NSA find a way to break open modern cryptography, research in universities will end up discovering the same findings on their own too. If nobody in the academic field is suspecting any danger on modern cryptography, chance are that the NSA can't find way around it neither.
(That's why the Snowden revelations, although suprising for the general population, wheren't that much a surprise for the specialist in that fields: it's merely a confirmation for methods which were suspected for a while).
Traffic analysis can't help you to beat Tor, simply due to the latency of the network and the wide usage:
So okay, you want to monitor entry and exit nodes to match them. You got a positive hit on an exit node connecting to a known "enemy location" (an anti-government website), what next? Well, any of the entry node (not only those you're watching, but the other too) could have initiated the request, and that request hasn't been issued right now, but somewhen in the past, over a period corresponding of the typical latencies you see on Tor network.
So you need to be lucky that the entry node was one you're watching.
And you have to correlate your hit with *ALL THE TRAFFIC* from *ALL THE NODES YOU'RE WATCHING* over a *LONG DELAY IN THE PAST* (instead of exactly the same time). That's a metric fuck ton of data. Your important match is lost in a sea of noise. The 1 single contact to a subversive site is just lost under a sea of avarage users surfing porn and simply using Tor for the added anonymity and to circumvent restrictions.
You can't make a correlation, because there are simply too many orders of magnitude difference between the signal and all the noise to be able to make any significant and relevant statistics. Traffic Analysis can't help you get Tor down.
Until now, all attacks against Tor haven't been against its cryptographic basis, nor have been against its complex network. The attacks have been against stupid mistakes and blunders, like vulnerabilities inside the browser used to surf on tor (for exemple, an older unpatched firefox was used by some)
So intelligence services are able sometime to get some info out. But this isn't because of Tor itself (Tor didn't bring down Silk Road). It isn't because of Traffic Analysis either. It's because some users used an unpatched browser and got hacked, just like any other common driver-by attack.
Tor network can be trusted to keep secrets. Buggy software can't.
----
(1): Well except under weird legislation, where DCMA do apply and where breaking any form of encryption is illegal. So in the case of Silk Raod and USA, such methods might indeed have been illegal.
(2): "Illegal". Well mostly because you want to keep the first lead *secret* (either because it's illegal, or because it's a state secret). You know X is guilty, but you can't build a case because the method is illegal. So you keep watching the known guilty X, until he does other mistakes that reveal him and use these to build the legal case.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Where is a more recent credible assessment of adversary capabilities specifically to the TOR network?
The fact that NSA dosn't have a monopoly on brains. The fact that research is done by advancing previous research (and rarely appearing out of the blue), and universities have access to the same historical previous research that secret researcher hidden in the NSA do.
And despite this, none of the academics working on it has been able to demonstrate any actual failure of principles behind Tor.
There *is* a prestige incentive to be the first research group to demonstrate an actual good failure. But until now, such papers have been limited to though experiment (if you could monitor nearly every entry and exit node on the network, and suddenly the traffic was very low [all the porn, all the chinese simply using it to communicate outside the great firewall, etc. all suddenly disapeared], then maybe it would be feasible to find some suspects by using traffic analysis. But that's not actually the case in real life. You can thank PORN for that)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
That's actually their plan:
- Use Tor for network anonymity
- Use OTR for content protection.
And they also have a 3rd step:
- Use the open source InstantBird. It's opensource so it's possible to make it secure.
(basically, yet another chat system that relies on Pidgin's libPurple. Like Adium and co)
(except that one runs on mozilla's xul, so there some code share with firefox, the other software that is bundled next to tor in their bundle)
And probably (not mentioned yet but likely to happen):
- Deploy some Jabber/XMPP server running as a ".onion" tor-only darknet server.
So people have additional choices next to the classic XMPP (for Google or Facebook) etc.
(Note: as long as you use Tor and OTR, and that you use a separate Google or Facebook identity when chatting, they are perfectly secure enough too. Meaning that they are probably not absolutely secure, but on the other hand, thanks to Tor+OTR, there is no compromising information leaking through them).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The most obvious attack is control of a majority of the network, and of course correlations attacks which require access to many ISPs.
The *owning* itself might be achievable (and even that is going to be complicated because you need to own significantly more than other governments trying to achieve the same and non-governmental legitimate users)
*BUT* even then extracting any meanfingful data is complicated. The more people use tor for anything else beside what you're targetting, the higher the noise level among which you're searching for signal, and thus the lower significance of anything you might try to analyse.
Beyond some point, your better of using a random generator, that is going to give results as statistically significant as what analysis method give out.
Remember, whenever you use Tor to surf for porn, not only are you protecting a bit your privacy, but even more: you're helping intelligence service drown under too much to be able to analyse Tor.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]