On 08/13/2018 07:52 PM, panoramix.druida wrote: > Hi, is there a way to measure the level of anonymity on a system?
Sure. There's some literature. Check out <https://www.freehaven.net/papers.html>. > For example Signal es a very good keeping secret on communications, but is > very bad for anonymity as it need a real phone number to work. Using a real > phone number to communicate makes an association of all your chats with your > real identity. In many countries in latinamerica you need to give you > document id to get a phone number.[1] It is also a centralized service so > that the sysadmins and the people behind Signal can have a look at the > metadata if they want. Micah Lee's article has some good suggestions. And you can also use hosted SIMs. For example, https://speedyverify.com/. Before creating your messaging, social media, etc account, you login at SpeedyVerify, and start a chat with support. You tell them which SIM / mobile number you'll be using. Then you create the account, with mobile authentication. SpeedyVerify support will give you the authentication code. There's also an API, which can handle bulk authentication. I suspect that services like this facilitate bot networks and scamming on Twitter, Facebook, and so on. It's true that the SIM host sees your activation code. But that process isn't really secure, in any case. And I don't believe that it lets them hack your account, because it's a one-time code. And they don't know your password. It's also true that you must provide email and contact information to SpeedyVerify, including a telephone number. But they don't seem to verify that stuff, and they accept Bitcoin. > Ricochet is way better to protect anonymity. I don’t need a phone number, not > even a name, I just use the onion service hostname. With Richochet I am > anonymous all the time unless I identify myself. > > Email may not be as good as Signal for end to end encryption (even with pgp), > but it can be way better for anonymity. For instance, this email account was > created using Tor in Protonmail, and there are other mail providers that > allow me to this. If I always use Protonmail with Tor, it is very hard for > Protonmail to learn who am I and where I live, doing that with Signal is > harder. However with Ricochet is way easier. Well, there's a huge metadata issue with email. Using .onion webmail mitigates much of it. But everyone needs to watch their OPSEC, to avoid deanonymization. And why do you say that deanonymization is way easier with Ricochet? It's all via .onion instances. But I gather that Tor Project no longer actively supports the work. > Is there a way to measure the “level o anonymity”. I am very interested in > comparing email, chat and voip tools to find out witch tool is better for > anonymity. For instance in email is hard to be anonymouse to the server > provider and in Signal is even harder, however in Ricochet is very simple as > there is no service provider. > > [1] Actually you don’t need to use your real phone number, advance users can > do tricks. That is not for everyone. > https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk