matej.kovacic at owca.info
Fri Jan 17 08:27:56 EST 2014
> > Yup, an adversary wiretapping both parties can see that they're
> > communicating. But the parties' OSTN servers can see that _without_
> > wiretapping them.
Not necessarily. They can basically see their phone identity (some
random number), registration e-mail (could also be some fake address),
and IP address.
If NSA is wiretapping OSTN *server*, they can see IP addresses and
amount of data for all callers.
> > Sounds like a good solution, as long as the OSTN accounts are
> > registered and used always through Tor.
Yes. However, as I said, real-time VoIP conversations through Tor are
not really usable. Except voice messages through XMPP, which are
basically files recorded on one side, sent through XMPP/Tor and played
on the other.
But if this XMPP server has .onion address only, it is possible to
connect to it through Tor only.
> > the Tor->Alice direction of the Alice->Tor connection, and the
> > Tor->Bob direction of the Tor->Bob connection, could still be
> > correlated. And of course, circuit setup and teardown times are quite
> > revealing even if the circuits are fully padded.
Hmm, one solution would be to use some bidirectional file transfer
simultaneously. Or... maybe some padding could be implemented in ChatSecure?
More information about the Guardian-dev