On 1 July 2013 12:32, Tom Ritter <t...@ritter.vg> wrote: > On 1 July 2013 05:04, Ben Laurie <b...@links.org> wrote: >> On 1 July 2013 01:55, Jacob Appelbaum <ja...@appelbaum.net> wrote: >>> So then - what do you suggest to someone who wants to leak a document to >>> a press agency that has a GlobaLeaks interface? >> >> I would suggest: don't use GlobalLeaks, use anonymous remailers. >> Bottom line: Tor is weak against powerful adversaries because it is >> low latency. High latency mixes are a lot safer. >> >> GlobalLeaks should have an email API, IMO. > > Having looked a lot at the current remailer network, and a bit at > GlobaLeaks - I'm going to wade in and disagree here. (Although this > thread has gotten woefully off topic after I've bumped it. =/) Ben: I > love mix networks. I've been learning everything I can about them, and > have been researching them voraciously for a couple years.[0] But IMO > the theoretical gains of high latency *today* are weaker than the > actual gains of low latency *today*. > > Virtually all remailer use is Mixmaster, not Mixminion. If you want > to use anything but a CLI on Linux - you're talking Mixmaster. So I'm > assuming you mean that. Mixmaster uses a very, very recognizable SMTP > envelope, that often goes out with no TLS, let alone no PFS. There's > also precious few people actually using it. And finally, if you look > at the public attacks on remailers (the unfortunate bombing threats of > last summer) and Tor (the Jeremy Hammond case) - you see that Feds are > willing to go on fishing expeditions for remailers, but less so Tor. > Tor was traffic confirmation, Remailers was fishing.[1] > > Compare to GlobaLeaks. Tor Hidden Service, Tor network. The two > biggest threats are Traffic Correlation and the recent attacks on > Hidden Services. > > Assume a Globally Passive Adversary logging all SMTP envelopes > (because... they are. So don't assume, know.). Now assume a leak > arrives over email. Light up all the nodes who sent a message via > Mixmaster within a couple days, and you'll get at most, a couple > hundred. Now dim all the lights who've never sent a mixmaster message > before. You'll get a couple. That's enough to investigate them all > using traditional methods. > > Now you *do* have to assume a GPA who's logging all Tor traffic. It's > possible. Some would even say it's probable. But we've seen no > evidence. Do the same light-up. You get a hundreds if not thousands > of nodes. Too many to investigate traditionally. And to do Traffic > Confirmation, you need to identify the Hidden Service. And there's > the issue that it's not trivial to do traffic confirmation. > > Oh and there's also the little problem of sending anything over 10,236 > bytes via Mixmaster splits the message into multiple messages that all > emanate from your machine which makes it wildly probable some won't > arrive, and also drastically makes you stand out the crazy person > who's trying to send anything other than text through Mixmaster. > > I'm not saying GlobaLeaks+Tor is safe. I'm saying I think our current > remailer network is wildly unsafe. (Now what I think about fixing > it... that's a whole other story, for a whole other time.)
You are probably right - remailers are not what they used to be. The more interesting point is high vs low latency. I really like the idea of having a high-latency option in Tor. It would still need to have a lot of users to actually be useful, though. But it seems there are various protocols that would be ore high-latency-friendly than HTTP - SMTP, of course, and XMPP spring to mind. > > -tom > > [1] https://crypto.is/blog > http://defcon.org/html/defcon-21/dc-21-speakers.html#Ritter > [1] If you don't like my last argument, fine, ignore it, and work with > the others. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography