Sunsetting Tor Messenger

I believe there is a Usenet newsgroup, somewhere under alt.binaries, that's effectively a numbers station: it's just GPG-encrypted (but not signed) blobs with no titles. Anyone can post, anyone can listen, everyone has to download everything to figure out which things they can personally decrypt.

Sadly, googling related keywords doesn't seem to pull up the name of the newsgroup. I believe I read about it during a discussion on a Tor onion-site forum, on "why people keep getting caught doing illegal things on Tor, and what real OPSEC looks like."

That sounds a lot like BitMessage.

https://bitmessage.org/bitmessage.pdf

> something about Bloom Filters or PGP Signatures or something, I dunno

Would this not defeat the purpose? Once an individual was tied to a unique piece of data, they'd be tied to all data in the stream.

I think such a system would definitely require guaranteed expiration (impossible?). Or some sort of rotating keys or the metadata piece would still be uniquely identifying.

I like this idea, as a concept, but I have no idea how it would actually work in real life with bad actors who can and would download all messages as they appear.

I wonder if there's some way to enforce expiration?

I recall there was a proposal to use "chaffing" as an alternative to encryption; partly motivated by cryptographic signatures not being export controlled.

The basic idea is to split a message into very small pieces, say individual bytes or even bits. And the sign each bit, and iirc add a sequence number. Then you end up with a triple: sequence number, data, signature. Then you generate random triplets - and distribute the lot: the recipient orders by sequence number and keeps the bits with valid signatures.

I'm not sure about how ordering was achieved, but it was a clever idea.

Ah, here's Wired's coverage of the Ronald Rivest's idea in 98:

https://www.wired.com/1998/03/a-work-around-for-crypto-expor...

http://people.csail.mit.edu/rivest/pubs.html#Riv98a

It's not far from how Secure Scuttlebutt (SSB) works: https://www.scuttlebutt.nz/

You basically create a hash table over public identities (bucket = pubkey % n) with an n chosen such that you get a bunch of unrelated people in each bucket but not so many that peers are overwhelmed by the message load on their bucket. Messages can be as simple as ES-SS-DH (basically Noise_X), same properties as e.g. PGP, i.e. no forward secrecy, no KCI resistance.

(This is patented, or at least pending)

use hash(best block + sender id + recipient id + sequence number) then only the senders and receivers would be able to get the metadata... though recipient would need to “check” their whole contact list to pull the data... maybe this is where the bloom filter is?

I wish the page had screenshots. That's usually a good measure of how the software is maintained. Currently the page mentions that it's "experimental".

As far as I can see currently the only widely used, secure protocols are Matrix and XMPP with OMEMO.

> The latest version is 1.1.4 (November 5, 2016)

That doesn't look very promising.

Another great metadata free app like Ricochet is unMessage which has in addition audio support: https://github.com/AnemoneLabs/unmessage

I have been looking for info on why tor over tor is bad and would love to understand the technical reason why, can you share any links?

All I have been able to find is related to uncertainty is it is good or not

For what it's worth, they've provided a version that can use Tor for a while now. What's new is that the provide a portable version that ONLY uses Tor. Pretty handy!

Retroshare tries to do many things at the same time with few programmers, so I get a suspicion it is not doing any of them well

How does tor "find your friends" (stand in for dht)?

Is this some new feature of the protocol/network?

Retroshare is fantastic. I wish it would do less though, or at least make its UI more suited to newcomers. As it is, it is overwhelming and confusing.

Here are some links you may try,

https://via.hypothes.is/https://blog.torproject.org/sunsetti...

https://web.archive.org/web/https://blog.torproject.org/suns...

https://archive.fo/U8jHR

https://archive.is/U8jHR

https://archive.today/U8jHR

> Bonus points for installing and running Tor without elevated privileges.

Try https://github.com/TheTorProject/GetTorBrowser then use meek-amazon as a pluggable transport to get it working if your network censors Tor traffic.

Perhaps try running TAILS in a VM and connecting through bridges? Tor project's hidden service is at expyuzz4wqqyqhjn.onion

You certainly should not need elevated privileges for Tor Browser but I realize that accessing their download site in the first place is the issue. I'd post a magnet link but doubt that follows the rules here.

Please let us know how it goes, good luck!

I'm sure you know, but check with your sysadmin if that's ok. You don't want to trigger some kind of IDS/IPS and alarm people for no reason.

Is it a DNS block, change DNS to 8.8.8.8 (Google) or somesuch?

Matrix doesn’t protect metadata on the server currently - so you have to trust the admins that run the servers you are participating in. In the longer term we want to fix this (https://matrix.org/~matthew/2016-12-22%20Matrix%20Balancing%...) but we haven’t started on it yet.

As far as I remember you needed quite big servers if you wanted to "federate" with others, like join big chatroom because Matrix will try to replicate the history and keep it in sync. Is it still the case?

What metadata mitigations does matrix have (the point of Tor Messenger)? We already have a federated protocol called XMPP. Sometimes you are interested in not revealing who you are talking to.

>>> just like email.

That won't be enough for the average Tor Messenger user. Email's failings were the impetus behind both instant messaging and Tor. Users don't want/need federated models. Security aside, they want a convenient little app that will receive messages instantly while online but doesn't have to remain online 24/7.

Riot's encryption functionality is currently unfinished and not very user friendly, otherwise I'd agree.

Signal is great; except there's also tonnes of metadata.

If I'm trying to talk to someone anonymously, having to give them my phone number somewhat defeats that anonymity. Even having it installed is potentially dangerous; it scans your phone book and suggests other signal users (thereby outing you as a user in the first place).

What is your thought on WebRTC exposing user IP addresses?

https://www.ovpn.com/en/blog/webrtc-might-expose-your-ip-add...

http://www.drrichdentistry.com/contact-us < Let them know that they've mistakenly hired some blackhat seo people.

I tried it a while back but never really liked it. Clunky UI and the project in general seemed to have a lot of problems. The kickstarter project was basically a ripoff, the project management is (or at least was) scattered and basically non-existing.

I have much better experience with Matrix[1]/Riot[2].

Matrix is an open protocol with end-to-end encryption (still beta IIRC) and is federated (like IRC) rather than fully distributed.

Matrix is now a stable project with funding and riot has a future business plan to also continue develop.

1. https://matrix.org 2. https://riot.im

There's a lot of shady stuff surrounding Tox though see:

https://github.com/irungentoo/toxcore/issues/1379

Also:

https://blog.tox.im/2016/04/01/litigation/

I rather support KeyBase or Wire (Open Source back-end exists and I think the clients are open source too!) as an alternative. I'm leaning cleanly toward Wire, though everyone I've suggested KeyBase to enjoys it. I like the free storage of KeyBase... sue me.

Edit:

Wire Github: https://github.com/wireapp

Read that: https://github.com/TokTok/c-toxcore/issues/426

Note: The interesting part is not the vulnerability itself, that is relatively minor. The interesting part is where the tox developers explain that they don't really understand their code.