[tor-talk] High-latency hidden services (was: Re: Secure Hidden Service

Seth David Schoen schoen at eff.org
Thu Jul 3 22:16:52 UTC 2014


The Doctor writes:

> On 07/02/2014 04:18 PM, Helder Ribeiro wrote:
> 
> > Apps like Pocket (http://getpocket.com/) work as a "read it later" 
> > queue, downloading things for offline reading. While you're reading
> > an offline article, you can also follow links and click to add them
> > to your queue. They'll be fetched when you're online so you can
> > read them later.
> 
> I've been using the Firefox extension called Scrapbook
> (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this
> for a while now.  I've done some experiments with it (packet sniffing
> at the firewall and on the machine in question), and from observation
> it seems sufficiently proxy-compliant that it routes all traffic in
> question through Tor when it downloads and stores a local copy of a
> page.  Secondary opinions are, of course, welcome and encouraged.

That's great, but in the context of this thread I would want to imagine
a future-generation version that does a much better job of hiding who
is downloading which pages -- by high-latency mixing, like an
anonymous remailer chain.

The existing Tor network can't directly support this use case very
well, except by acting as a transport.

Right now, people who are using toolks like Pocket or Scrapbook over Tor
_aren't_ really getting the privacy benefits that in principle their
not-needing-to-read-it-right-this-second could be offering.  That is,
a global-enough adversary can sometimes notice that person X has just
downloaded item Y for offline reading.  There's no reason that the
adversary has to be able to do that.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107


More information about the tor-talk mailing list