[clug] Wickr and previous privacy discussion

Thu Mar 19 20:01:19 MDT 2015

The one big problem I have with TextSecure and Red Phone is the need for a google play account, which I don't have and never expect to have. Whisper Systems are looking into removing this need but it is not a high priority for them.

John. 

---- jm wrote ----

> Quickly read those links (so I may have skimmed over something). I don't
> see who it stops this problem, using the usual Alice, Bob, Charlie personas,
> 
>  * Alice sends 200 messages to Bob
>  * Bob sends 190 message to Alice
>  * Alice sends 5 messages to Charlie
>  * Charlie send 6 messages to Alice
>  * Bob and Charlie do not sent any messages to each other.
> 
> From this I can conclude the there is a strong involvement between Alice
> and Bob, a weak one between Alice and Charlie, and it's likely that Bob
> and Charlie barely know each other is at all. I can create this social
> graph with out ever looking at subject lines or the contents of the
> messages. All I need to know is the end points. Further, given
> timestamps and information about external evens I can speculate about
> what they may have been talking about. For example, if there's always a
> cricket game on when there's a large number of messages exchanged
> between Alice and Bob I can conclude to a large percentage that they are
> cricket fans and I may even be able to discern which team they support.
> 
> As the source and destination must be used to route the messages this
> information is incredibly difficult to hide without using servers to
> proxy the messages. Though even this may not be enough if there is not a
> large amount of traffic in the system as if a message enters the system
> and then a short while later a message leaves the system you could draw
> the conclusion that these two messages are related and likely to be the
> same message being forward to it's final destination.
> 
> Don't get me wrong Whisper Systems is doing good work, but I'd like to
> read more about the high level architecture before worrying about
> directories and message encryption.
> 
> Also, I looked through some of the other blog posts this looks like the
> best hope for putting this technology into as many people as possible:
> https://whispersystems.org/blog/whatsapp/
> 
> Jeff.
> 
> On 20/03/2015 10:19 am, Hal Ashburner wrote:
> > http://support.whispersystems.org/customer/portal/questions/6050357-what-exploitable-metadata-is-associated-with-redphone-and-textsecure-communications
> >
> > https://whispersystems.org/blog/contact-discovery/
> >
> >
> >
> > On 20 March 2015 at 09:43, jm <jeffm at ghostgun.com> wrote:
> >> Let me try that again I meant to hit spell and hit send instead :-(. Not
> >> enough caffeine this morning or too much?
> >>
> >> On 20/03/2015 2:01 am, James Ring wrote:
> >>> On Wed, Mar 18, 2015 at 9:33 PM, Hal Ashburner <hal at ashburner.info> wrote:
> >>>> I use TextSecure and recommend using it as the default sms app on
> >>>> Android. I recommend my ios using friends use signal, which is the
> >>>> compatible ios app.
> >>> Does this actually protect you against metadata collection? Sure
> >>> message content is scrambled, but not the headers.
> >>>
> >>>
> >> Yes, what you're trying to protect against is traffic analysis. The only
> >> way to do this is to have a messaging app that will send random messages
> >> to random users to cloud the waters. This would have to be don't in a
> >> manner which would remove statistically meaningful information from
> >> distribution of messages send and received by users of the system, ie
> >> flatten the distribution curves for user-to-user messaging. This would
> >> be easier to do when combined with onion routing across multiple
> >> separate legal jurisdictions and entities.
> >>
> >> Jeff.
> >>
> >> --
> >> linux mailing list
> >> linux at lists.samba.org
> >> https://lists.samba.org/mailman/listinfo/linux
> 
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux