[NZLUG] Privacy server

David McNab david at conscious.co.nz
Tue Jun 18 14:58:12 NZST 2013

This would need a lot of thought to cover as many attack scenarios as

One major thought is that one should *expect to* receive subpoenas from
Police and GCSB within a day of the site going live, and be forced to
install arbitrary backdoor logging and MITM software.

Attackers such as government agencies can discover much through logging IP
addresses, times and data transfer volumes. In combination with out-of-band
events (eg cellphone calls, texts, vehicle locations, bank transactions),
this can leak a surprising amount of information.

One major countermeasure is to mandate that clients transact a certain
level of random "chaff" traffic, which the server is unable to distinguish
from legitimate payload. Also, strongly discouraging users from "connecting
and using as needed", to mitigage timing attacks.

Thought also needs to go in to the situation of compromised clients.
Information has to turn into plaintext at some point. (Detective-Sergeant
Smith inserts USB drive into user's machine and double-clicks on a program
file, then says "Oh my, look at those pictures on your disk. You wouldn't
want anyone finding out about those now, would you? Listen, we could use
your help...").

Good systems for study include Freenet (www.freenetproject.org), I2P (
www.i2p2.de) and Tor (www.torproject.org).


On Tue, Jun 18, 2013 at 2:37 PM, Jim Cheetham <jim at gonzul.net> wrote:

> Following up from Nevyn's recent thoughts about a local email server
> for people to use ...
> I would be interested in having a local server/service that was
> intended to help protect my privacy. Many things need a central
> 'always-on' server portion, and part of the problem we have with
> online services is that we don't/can't trust the servers themselves.
> I'm thinking of something more paranoid than usual.
> So perhaps we should start with a server that can be trusted, and
> build on top of that. I know that we tend to look at technical
> solutions first, but lets go the other way :-
> * A group of people willing to contribute money (obviously the more
> people, the lower the sums involved)
> * A group of people willing to contribute time (not just sysadmins,
> but probably mostly)
> * A legal entity with an unchangeable purpose (a trust?) to own the
> resources
> * A constitution that describes how administrators are verified,
> chosen & removed
> * An identity-verification standard for members (perhaps using cacert.org)
> On the technical front, I'd look for something like :
> * Dedicated hardware in a secured location (or multiple locations)
> * Encrypted boot disk? TRESOR kernel patch? Perhaps an out-of-band
> management device?
> * Free Software or Open Source Software only, from sources that are
> responsive to security issues
> * Mandatory client-side encryption; try to detect & reject any
> accidental plain-text
> * No logging of client connections
> There are a lot of options, depending on how far you set the
> paranoid-meter, and how far you set the hostproof-meter. And some
> interesting ideas around using existing protocols in unusual ways
> (like mailinator, for example).
> Is anyone interested in helping to get something like this up and running?
> -jim
> _______________________________________________
> NZLUG mailing list
> NZLUG at lists.nzoss.org.nz
> http://lists.nzoss.org.nz/mailman/listinfo/nzlug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nzoss.org.nz/pipermail/nzlug/attachments/20130618/071fe9ae/attachment.html>

More information about the NZLUG mailing list