[liberationtech] New idea: Encrypt everything. was: Anonymity Smackdown: NSA vs. Tor

Guido Witmond guido at witmond.nl
Thu Aug 8 00:52:19 PDT 2013 

On 08-08-13 03:31, Jonathan Wilkes wrote:
> On 08/07/2013 03:46 PM, Guido Witmond wrote:
>> On 07-08-13 20:47, Jonathan Wilkes wrote:
>>> how exactly would you check to make sure something like this 
>>> scenario isn't happening?

>> Hmm, That would be easy. Place some false flag mails about
>> terrorist attacks and check for raised alerts... :-)
> 
> Wouldn't that be difficult?  When cross-referenced with the greater 
> social graph built from all available sources those false flag mails 
> would look like stumps.  They wouldn't connect up with cellphone
> metadata, social network activity, people under targeted
> surveillance, etc.

Your're right It's difficult. I think that placing false flags
successfully makes you the monster you are trying to defeat. It would
feed the terror threat to the 'normal people'.

I don't have a solution that problem. I defer that to Tor. They are
smarter than me on this topic. :-)


However, I am serious about encrypting everything. It serves two purposes:

1. if Tors anonymity routing gets bypassed, your message *content* is
still protected by the end-to-end cryptography.

2. as everything is encrypted, Tor traffic doesn't stand out.


Here is my new idea:

For this second thing, it would be neat to have a web server that would
serve both its own content and onion routing requests *at the same port*.

It's not a hidden service. On the contrary. It can be connected directly
(https only) for those who want and don't mind about hiding their end
point.

It can be reached via the tor network for those who do want to hide
their origin.

At the same time it participates in the onion routing protocol, bridge,
middle or exit node. We configure this website/Tornode to only route
onion packets to port 443. That would eliminate most abuse-prone traffic
and let me use my OVH-node as website/exit node without much risk of
them shutting it down.

It also makes it more difficult to block Tor nodes at the network level.
It would require a judge to order you to reject onion routing at your site.

Downside: There might be certain timing attacks that would make it more
easy to determine onion routes. That's left as an exercise for the Tor
developers. ;-)

I'd love to see comments, objections, questions. Flames to /dev/null.


Guido.

More information about the liberationtech mailing list