[NZLUG] Privacy server
tomislav.skunca at gmail.com
Tue Jun 18 16:39:48 NZST 2013
On Tue, 18 Jun 2013 14:58:12 David McNab wrote:
> This would need a lot of thought to cover as many attack scenarios as
> One major thought is that one should *expect to* receive subpoenas from
> Police and GCSB within a day of the site going live, and be forced to
> install arbitrary backdoor logging and MITM software.
> Attackers such as government agencies can discover much through logging IP
> addresses, times and data transfer volumes. In combination with out-of-band
> events (eg cellphone calls, texts, vehicle locations, bank transactions),
> this can leak a surprising amount of information.
For me, the goal wouldn't be to dodge legitimate police requests for data. The
point would be to provide protection from dragnets and all-in packet sniffing.
Also, if the encryption is client side and there's no server-side decryption
then it's up to the law agencies to get the keys from their targets. Anything
else is looking for trouble.
> One major countermeasure is to mandate that clients transact a certain
> level of random "chaff" traffic, which the server is unable to distinguish
> from legitimate payload. Also, strongly discouraging users from "connecting
> and using as needed", to mitigage timing attacks.
Big effort to implement right, small payoff. Not worth it IMO.
> Thought also needs to go in to the situation of compromised clients.
> Information has to turn into plaintext at some point. (Detective-Sergeant
> Smith inserts USB drive into user's machine and double-clicks on a program
> file, then says "Oh my, look at those pictures on your disk. You wouldn't
> want anyone finding out about those now, would you? Listen, we could use
> your help...").
> Good systems for study include Freenet (www.freenetproject.org), I2P (
> www.i2p2.de) and Tor (www.torproject.org).
If an endpoint is compromised, only the data on that endpoint (and its'
conversations with third parties) will be compromised. We shouldn't even try
to defend against rubber-hose attacks. Again, not worth the effort.
More information about the NZLUG