[Freedombox-discuss] Freedombox threat model

erik.e.harmon at gmail.com erik.e.harmon at gmail.com
Fri Jul 1 17:09:38 UTC 2011 


"ian at churchkey.org" <ian at churchkey.org> wrote:

>On 06/30/2011 01:27 PM, Mike Warren wrote:
>> I think one of the "gold nuggets" of information is the social graph
>> itself: who you know and how much you communicate with these people,
>> which is quite valuable even if the contents are encrypted. So, it
>> would seem to make sense to me to use Tor for the "peer to peer"
>> portions of the freedombox. That is, pushing updates to your friends
>> should by default be routed via Tor.
>
>You are very right here about the value of the social graph. For
>default
>web traffic, where as previously discussed, I think using Tor will
>prove
>a difficulty, maybe we should come up with some mechanism for
>obfuscating social graph communication patterns as TrackMeNot does for
>search engine profiling. Would simply setting freedomboxes up as Tor
>relays work for that purpose?
>
>This discussion has also convinced me that, while perhaps not the best
>choice for default web traffic, Tor could be a very sensible default
>for
>routing low bandwidth, highly latency tolerant traffic like email and
>IM.
>
>Combined with previous suggestions, that would give us https-by default
>web traffic, with active and transparent (to the user) search engine,
>browser agent, and social graph obfuscating, and email and IM servers
>that default to secure connections and routing through TOR.
>
>That is a pretty strong foundation. Are there other low hanging fruit
>we
>can add to the pool? Blogging through a tor hidden service, photo
>sharing through Tahoe-LAFS, could we offer to accept garbage encrypted
>messages from our contacts to make traffic pattern profiling harder?
>What do people think?
>
>-Ian
>

Tor could actually solve a lot of problems here, I agree. Another thing is, the hidden server address of your server is a hash of your routing/crypto key, and so it could partially solve the initial contact routing problem. The routing and the name are inseparable, permanent and decentralized. The address is not all that readable, you still need to tie it to identity somehow, but it could be passed over a qr code tidily.

Erik


-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

More information about the Freedombox-discuss mailing list