[Freedombox-discuss] Freedombox threat model
ian at churchkey.org
ian at churchkey.org
Fri Jul 1 16:17:26 UTC 2011
On 06/30/2011 01:27 PM, Mike Warren wrote:
> I think one of the "gold nuggets" of information is the social graph
> itself: who you know and how much you communicate with these people,
> which is quite valuable even if the contents are encrypted. So, it
> would seem to make sense to me to use Tor for the "peer to peer"
> portions of the freedombox. That is, pushing updates to your friends
> should by default be routed via Tor.
You are very right here about the value of the social graph. For default
web traffic, where as previously discussed, I think using Tor will prove
a difficulty, maybe we should come up with some mechanism for
obfuscating social graph communication patterns as TrackMeNot does for
search engine profiling. Would simply setting freedomboxes up as Tor
relays work for that purpose?
This discussion has also convinced me that, while perhaps not the best
choice for default web traffic, Tor could be a very sensible default for
routing low bandwidth, highly latency tolerant traffic like email and IM.
Combined with previous suggestions, that would give us https-by default
web traffic, with active and transparent (to the user) search engine,
browser agent, and social graph obfuscating, and email and IM servers
that default to secure connections and routing through TOR.
That is a pretty strong foundation. Are there other low hanging fruit we
can add to the pool? Blogging through a tor hidden service, photo
sharing through Tahoe-LAFS, could we offer to accept garbage encrypted
messages from our contacts to make traffic pattern profiling harder?
What do people think?
-Ian
More information about the Freedombox-discuss
mailing list