1. 20
  1.  

  2. 9

    So, I mainly talked about high-assurance security with folks like Clive Robinson and Thoth on Bruce Schneier’s blog for a while. We talked about physical separation, data diodes, etc. Most folks don’t use any of it. Then, Markus Ottela does a high-assurance design that cleverly uses physical separation and diodes to converts successful attacks from leaks into just DOS’s. A design that could have a NSA-resistant implementation. Then, he incorporated most of our feedback on things like transmission, timing channels into his further design decisions. Kept surprising us.

    Markus used Python since he wasn’t an experienced programmer. He didn’t know systems programming. What remained was for someone to implement the components in a safe, systems language on a secure OS. I figured on a low-cost mix of hobbyist boards, too, with receiver being a Pi to support most forms of media (incl video). The others could possibly be lower-cost ARM or even MCU boards.

    1. 3

      Am I wrong when stating that onion traffic is watched over more heavily than non-onion traffic? Honestly, it’s never the message itself that is watched but the metadata (or so they say). In my opinion, as long as they get your metadata, and it still seems reasonably possible, nothing has really changed.

      1. 2

        Very curiously this is worded almost exactly the same as a comment in a hacker news post about TFC a year ago:

        Am I wrong in stating that onion traffic is watched more heavily than non onion traffic? And honestly it’s never the message itself that is watched but the metadata, or so they say. So as long as they get your metadata, and it still seems reasonably possible, nothing has really changed.

        The point of TFC is to hide metadata about who you talk to, when, and how much. It doesn’t hide the fact you use Tor, but using Tor isn’t inherently bad. Everyone from government employees to activists, from dissidents to journalists use Tor. Everyone who cares about privacy online should use Tor and a millions of people do.

        1. 2

          The whole point of tor is to hide metadata.

          That said, yes, it’s watched very carefully. I’d be quite surprised if (in practice) the NSA couldn’t tell what was going on. I’d also be quite surprised if any of the minor intelligence agencies could tell, though, and the NSA are reticent to use any intel they get via secret means.

        2. 2

          Unfortunately, implemented in client side JavaScript.

          Hehe

          1. 1

            Client-side Python actually! :)

            1. 1

              What could go wrong :).9(

          2. 1

            How is this different than Tox?

            1. 1

              I think a better question is how is it the same? httpss://www.cs.helsinki.fi/u/oottela/wiki/readme/overview.png

              1. 1

                I didn’t look in detail but they both seem to be using the Tor network to anonymize their traffic. Given that Tox already exists for a while now, I wonder what the motivations are for this project.

                1. 2

                  Tox doesn’t anonymize, i.e. route via Tor by default, you need to install Tor separately, and manually edit the proxy settings to do that. You can mess up with your anonymity if you ever connect your Tox client to the network without Tor. Even then, Tox traffic will exit the Tor network via Tor exit node before connecting to the contact (who may or may not be using Tor).

                  In comparison, TFC uses v3 Onion Services: you can’t run it without Tor, the traffic never exits the Tor network, and you don’t need to make any changes to proxy settings, so you know every TFC contact is always using Tor. You can’t accidentally reveal your IP-address.

                  Given that Tox already exists for a while now, I wonder what the motivations are for this project.

                  I came up with the concept on spring 2012, and started the project on July 2013, around the same time Tox started. The focus of TFC wasn’t anonymity back then, nor was it a goal for Tox. Tox was about p2p communication. TFC’s main focus is endpoint security (protection when your networked endpoint is hacked) which Tox doesn’t address in any way. Consider reading the project Readme to see what the project’s about before questioning the motives.

                  1. 1

                    Thanks @maqp. I was under the impression that Tox was in fact routing through Tor and I am clearly mistaken. Thanks for clarifying my lazy comment.

            2. 1

              In my opinion, is not any more secure than using Wire (via a VPN if you really want to obscure your IP address further). What am I missing?