[tor-talk] High-latency hidden services (was: Re: Secure Hidden Service
Seth David Schoen
schoen at eff.org
Thu Jul 3 22:16:52 UTC 2014
The Doctor writes:
> On 07/02/2014 04:18 PM, Helder Ribeiro wrote:
>
> > Apps like Pocket (http://getpocket.com/) work as a "read it later"
> > queue, downloading things for offline reading. While you're reading
> > an offline article, you can also follow links and click to add them
> > to your queue. They'll be fetched when you're online so you can
> > read them later.
>
> I've been using the Firefox extension called Scrapbook
> (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this
> for a while now. I've done some experiments with it (packet sniffing
> at the firewall and on the machine in question), and from observation
> it seems sufficiently proxy-compliant that it routes all traffic in
> question through Tor when it downloads and stores a local copy of a
> page. Secondary opinions are, of course, welcome and encouraged.
That's great, but in the context of this thread I would want to imagine
a future-generation version that does a much better job of hiding who
is downloading which pages -- by high-latency mixing, like an
anonymous remailer chain.
The existing Tor network can't directly support this use case very
well, except by acting as a transport.
Right now, people who are using toolks like Pocket or Scrapbook over Tor
_aren't_ really getting the privacy benefits that in principle their
not-needing-to-read-it-right-this-second could be offering. That is,
a global-enough adversary can sometimes notice that person X has just
downloaded item Y for offline reading. There's no reason that the
adversary has to be able to do that.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the tor-talk
mailing list