Playing with overlay networks
So let's say that a bunch of us have Tor onion servers. They're linked to each other via OnionCat with ip4ip6 tunnels. With IPv4 routing so each can hit the others. And with iptables rules (IPv4 and IPv6) to drop packets to/from everyone else running OnionCat. Maybe even HiddenServiceAuthorizeClient/HidServAuth to lock down access. What might we do with that? We might create an overlay Internet, I suppose. Given how long OnionCat has been around, there are probably a few of those. I doubt that OnionScan[0,1] would see the connections, given that there are no hyperlinks, and better, no unauthorized access. But more specifically, what? BitTorrent, for sure ;) LizardFS works, so we could have private and shared cloud storage, backed by globally redundant, erasure-coded storage. What about VPN services? Say, with two VPS linked via OnionCat. You hit VPN server as an onion service, and exit through one of many redundant VPS. We already have <https://i2vpn.eu/>. So maybe chain that with VPNs via onion services. What do y'all think? And what about Freenet or I2P on an OnionCat network? Or one of the P2P messaging apps? Or even old-school Mixmaster? Back to basics, would any of that help against global adversaries? It's very hard to evade observation of network edges. You can have lots of chaff, but then that itself can be a signature. [0] https://github.com/s-rah/onionscan [1] https://motherboard.vice.com/read/these-maps-show-what-the-dark-web-looks-li...
I think tor should not be used for anything of importance. What if tor allows code execution by design and it is heavily obfuscated? On Sat, Sep 03, 2016 at 07:56:33PM -0600, Mirimir wrote:
So let's say that a bunch of us have Tor onion servers. They're linked to each other via OnionCat with ip4ip6 tunnels. With IPv4 routing so each can hit the others. And with iptables rules (IPv4 and IPv6) to drop packets to/from everyone else running OnionCat. Maybe even HiddenServiceAuthorizeClient/HidServAuth to lock down access.
What might we do with that? We might create an overlay Internet, I suppose. Given how long OnionCat has been around, there are probably a few of those. I doubt that OnionScan[0,1] would see the connections, given that there are no hyperlinks, and better, no unauthorized access.
But more specifically, what? BitTorrent, for sure ;) LizardFS works, so we could have private and shared cloud storage, backed by globally redundant, erasure-coded storage.
What about VPN services? Say, with two VPS linked via OnionCat. You hit VPN server as an onion service, and exit through one of many redundant VPS. We already have <https://i2vpn.eu/>. So maybe chain that with VPNs via onion services. What do y'all think?
And what about Freenet or I2P on an OnionCat network? Or one of the P2P messaging apps? Or even old-school Mixmaster?
Back to basics, would any of that help against global adversaries? It's very hard to evade observation of network edges. You can have lots of chaff, but then that itself can be a signature.
[0] https://github.com/s-rah/onionscan [1] https://motherboard.vice.com/read/these-maps-show-what-the-dark-web-looks-li...
On 09/04/2016 12:07 AM, Georgi Guninski wrote:
I think tor should not be used for anything of importance.
Play isn't "important" ;)
What if tor allows code execution by design and it is heavily obfuscated?
OK, so then segregate tor process in separate gateway VM. That does increase cost substantially, because you need physical server for each node. But it's for sure workable.
On Sat, Sep 03, 2016 at 07:56:33PM -0600, Mirimir wrote:
So let's say that a bunch of us have Tor onion servers. They're linked to each other via OnionCat with ip4ip6 tunnels. With IPv4 routing so each can hit the others. And with iptables rules (IPv4 and IPv6) to drop packets to/from everyone else running OnionCat. Maybe even HiddenServiceAuthorizeClient/HidServAuth to lock down access.
What might we do with that? We might create an overlay Internet, I suppose. Given how long OnionCat has been around, there are probably a few of those. I doubt that OnionScan[0,1] would see the connections, given that there are no hyperlinks, and better, no unauthorized access.
But more specifically, what? BitTorrent, for sure ;) LizardFS works, so we could have private and shared cloud storage, backed by globally redundant, erasure-coded storage.
What about VPN services? Say, with two VPS linked via OnionCat. You hit VPN server as an onion service, and exit through one of many redundant VPS. We already have <https://i2vpn.eu/>. So maybe chain that with VPNs via onion services. What do y'all think?
And what about Freenet or I2P on an OnionCat network? Or one of the P2P messaging apps? Or even old-school Mixmaster?
Back to basics, would any of that help against global adversaries? It's very hard to evade observation of network edges. You can have lots of chaff, but then that itself can be a signature.
[0] https://github.com/s-rah/onionscan [1] https://motherboard.vice.com/read/these-maps-show-what-the-dark-web-looks-li...
participants (2)
-
Georgi Guninski -
Mirimir