On Mon, Jun 22, 2015 at 4:35 AM, Jeff Burdges <[email protected]> wrote: > > There is a contextual miss-statement when they quote that Pond does not > protect against a global passive adversary. Pond does not protect > against a global adversary who also hacks the Pond server, but that's a > given in context.
I think their statement is accurate, and the protection here is stronger than Pond in a few ways: For one thing, Pond allows users to have different mailbox servers. Without hacking any servers, a GPA could correlate Tor entry traffic (from users) with Tor exit traffic (messages arriving at recipient mailbox servers) to infer which users are sending messages to which mailbox servers. Second, hacking (or being) a Pond mailbox server allows traffic confirmation by monitoring the Tor entry traffic of particular users, and looking for correlations as that user fetches her messages. This doesn't require "global" monitoring, just the ability to monitor hypothesized users. Third, even without traffic monitoring, Pond servers could correlate message arrival times between different mailboxes, which might be able to link users who frequently exchange bursts of messages, or are subscribed to the same mailing lists, etc. [You also wrote]: > If I read correctly, there are dialing rounds only every 20 min or > whatever, so dialing might only be 100k overhead amortized to the > conversation rounds. No, their example has 2 MB/min for dialing, i.e. 4000x more bandwidth for dialing than sending messages. See section 7.4. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
