[NZLUG] Privacy server

Tom Skunca tomislav.skunca at gmail.com
Tue Jun 18 16:39:48 NZST 2013


On Tue, 18 Jun 2013 14:58:12 David McNab wrote:
> This would need a lot of thought to cover as many attack scenarios as
> possible.
> 
> One major thought is that one should *expect to* receive subpoenas from
> Police and GCSB within a day of the site going live, and be forced to
> install arbitrary backdoor logging and MITM software.
> 
> Attackers such as government agencies can discover much through logging IP
> addresses, times and data transfer volumes. In combination with out-of-band
> events (eg cellphone calls, texts, vehicle locations, bank transactions),
> this can leak a surprising amount of information.
 
For me, the goal wouldn't be to dodge legitimate police requests for data. The 
point would be to provide protection from dragnets and all-in packet sniffing. 
Also, if the encryption is client side and there's no server-side decryption 
then it's up to the law agencies to get the keys from their targets. Anything 
else is looking for trouble.

> One major countermeasure is to mandate that clients transact a certain
> level of random "chaff" traffic, which the server is unable to distinguish
> from legitimate payload. Also, strongly discouraging users from "connecting
> and using as needed", to mitigage timing attacks.
> 

Big effort to implement right, small payoff. Not worth it IMO.

> Thought also needs to go in to the situation of compromised clients.
> Information has to turn into plaintext at some point. (Detective-Sergeant
> Smith inserts USB drive into user's machine and double-clicks on a program
> file, then says "Oh my, look at those pictures on your disk. You wouldn't
> want anyone finding out about those now, would you? Listen, we could use
> your help...").
> 
> Good systems for study include Freenet (www.freenetproject.org), I2P (
> www.i2p2.de) and Tor (www.torproject.org).
> 
> Cheers
> David

If an endpoint is compromised, only the data on that endpoint (and its' 
conversations with third parties) will be compromised. We shouldn't even try 
to defend against rubber-hose attacks. Again, not worth the effort.


More information about the NZLUG mailing list