[p2p-hackers] Whistle-blower site platform design
joss-p2phackers at pseudonymity.net
joss-p2phackers at pseudonymity.net
Wed Dec 22 16:29:13 PST 2010
Hi Len,
I think that it's worth re-emphasising what you say in your second
point: an idea like this is not going to succeed if it relies too
heavily on solving the fun technical problems. Creating a theoretically
nice leak submission/distribution system is definitely fun work, and I'd
love to come and play, but if it were to be truly applicable then there
is probably going to have to be serious compromise made in the
security/usability stakes.
(On that point: does Wikileaks' submission system rely on a Tor hidden
service, or is there one running that you can use if you jump through
the right hoops?)
A website seems necessarily the right model for access and submissions,
or at least for kicking off a submissions process. Computer = Internet =
web (and maybe email) for most people, and breaking that assumption is
counterproductive. No-one reading non-existent submissions isn't the goal.
A threat model for source protection is surely going to be sender
anonymity against the standard global passive attacker. How you
bootstrap that from a "click here to submit" button will be interesting.
As you point out, though, we aren't seeing a great deal of technical
attacks against source anonymity. While it's definitely a real threat,
I'd say it's lower on the list of priorities than the availability problems.
I think the more interesting problem, then, is in your third set of
points. The major issue seems to be distributed hosting, again accessed
without requiring users to jump through technical hoops. It seems to me
that the most significant problems that Wikileaks has had has been the
result of the DNS system allowing the pointer to the information to be
removed while the information remains. (Especially when you throw
BitTorrent into the mix.) At the same time, people rarely type in an
actual URL (see, for example, http://rww.to/a4egy9 ). The real-world net
censorship we see is akin to censoring a library by burning the catalogue.
The critical Eternity Service (and Freenet) issue of hosts being
ignorant of the data that they carry will be important in resisting more
legal attacks.
Corruption of the leaks via injection of false documents seems an
orthogonal problem, and I'm not sure how you'd automate that.
Anonymous access to the data seems to fit very neatly into Tor's
use-case, with the assumption that you mainly want a web interface. For
large chunks of data you might want something able to handle that kind
of load, and could probably tolerate higher latencies, but again you'd
probably want to start looking at building on a BitTorrent-style approach.
There are a lot more fun issues here, but I should sleep before I start
writing total gibberish.
Joss
_______________________________________________
p2p-hackers mailing list
p2p-hackers at lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list