Obfuscated URLs?

Freemor freemor at gmail.com
Wed Jul 1 00:52:18 UTC 2009


On Tue, 30 Jun 2009 13:34:45 -0700 (PDT)
Martin Fick <mogulguy at yahoo.com> wrote:


> In my scenario, the point of hard coding the path is to 
> obfuscate the final URL, how could this be done 
> differently?  In this scenario, it requires all 3 nodes 
> to decrypt the final URL, one node by itself cannot, 
> this should provide the same protection that you get
> today by surfing with tor, should it not?

It should. But hidden services provide this functionality already. I do
understand the potential difficulties in setting up a hidden service.
But I think it would be easier to automate this aspect of Tor then to
write a new protocol. (some more thoughts on this below)


 
> I don't see why this is more open to abuse than the
> general tor network, could you explain your reasoning?

Agreed.. I'm a security minded IT guy and since drive-by-downloads are
the top vector for computer infection any time I hear "obvascated URL"
and "Untraceable" in the same paragraph the is a knee jerk reaction to
see the security implications.

> 
> As for use cases, I envision that as a simple whistle 
> blower or reporter, I would post my content on various 
[snip]

OK I now have a clearer idea of what you are wanting to do:
 
1). Simple anonymous publishing
2). Remove the single point of failure that a a hidden service may
represent
3). Plausable deniability by not having the information hosting tied
to you.

I think that this could be solved in a couple of different ways.

1). Someone sets up a hidden service that automatically re-directs to
the content hosted on non-Hidden sites the URL would probably end up
looking like:

http://blahblahblah.onion?3gYzX2(url_part)&egrtyebefrs(hashed password
part)

one could argue that there is still a single point of failure but if
it was popular enough I'm sure it could be hidden mirrored.

2.) GnuNet may be much better suited to what you are looking to do. It
already has a lot of these features (see http://gnunet.org ) Once you
inserted the information into GnuNet you could share the hash for it in
as many open sites as you wanted. As for making the content password
protected GnuPG would work wonders for this (prior to insertion of
course) 

Regards,
Freemor
  

-- 
freemor at gmail.com
freemor at yahoo.ca

This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090630/16be9be1/attachment.pgp>


More information about the tor-talk mailing list