[guardian-dev] zerobin as possible temp store for ChatSecure iOS

Hans-Christoph Steiner hans at at.or.at
Thu Apr 9 11:09:37 EDT 2015 

Chris Ballinger and I were discussing the most private possible methods to
transmit data on ChatSecure iOS that will work in the background.  Basically,
iOS does not let normal apps operate in the background, but provides a service
to do HTTP uploads and downloads in the background.  For many users, using a
direct HTTPS file transfer that sends an end-to-end encrypted file is private
enough, and the usability gain over OTRDATA on iOS would be then worthwhile.

This can be implemented using OTR TLV8 with a specific TLV8 bytecode to
represent this kind of transfer.  Signal uses something like this, but with
Amazon S3 as the store. I just found out about Zerobin from BastienLQ on
#fdroid.  I think it can provide the perfect store for a system like this.  It
is Free Software with an instance available here:
https://www.zerobin.net/
http://zerobinqmdqd236y.onion/

* client encrypts so only encrypted data is stored on the server
* each paste/file can automatically expire
* "Burn after reading" for a one time download

Here is more info on zerobin:
http://sebsauvage.net/wiki/doku.php?id=php:zerobin

Here's a rough idea of how the file transfer idea would work for ChatSecure
iOS using zerobin:

* zerobin provided by XMPP server
* sender generates AES key and encrypts file
* sender uploads encrypted file to zerobin using background service
   * optionally, the URL is uploaded in foreground via Tor/.onion
* sender sends AES key and zerobin URL in an OTR TLV8
* next time receiver is online, it receives the TLV8
* the AES key and URL is stored in SQLCipher
* the URL is downloaded via the background service
   * optionally, the URL is downloaded in foreground via Tor/.onion
* once the file is downloaded, the AES key is fetched from SQLCipher

On Android, there is a lot more flexibility with this.  For example, the
Android app can upload and download in the background via Tor/.onion.  So if
the Android apps are always transfering via Tor while iOS apps do it directly,
then there is no metadata link related to that file transfer visible by the
server.

Feedback welcome, I think this could help with iOS usability a lot without
leaking much extra information. I think it could also help make transferring
large files with ChatSecure on Android more usable as well.

.hc

More information about the guardian-dev mailing list