User: Password:
|
|
Subscribe / Log in / New account

Strongbox and Aaron Swartz (The New Yorker)

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 1:03 UTC (Fri) by jebba (✭ supporter ✭, #4439)
Parent article: Strongbox and Aaron Swartz (The New Yorker)

Am I missing something here? People are supposed to trust an anonymous submission system set up by the guy that turned in Manning?


(Log in to post comments)

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 1:34 UTC (Fri) by ewan (subscriber, #5533) [Link]

Are you confusing Aaron Swartz with Adrian Lamo?

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 1:57 UTC (Fri) by jebba (✭ supporter ✭, #4439) [Link]

No, I was confusing Lamo with Poulsen. Poulsen was the one who wrote Lamo's story. http://en.wikipedia.org/wiki/Kevin_Poulsen

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 2:08 UTC (Fri) by geofft (subscriber, #59789) [Link]

You're supposed to trust the code, not the guy who wrote it.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 2:27 UTC (Fri) by fest3er (guest, #60379) [Link]

That's a little like trusting a used car salesman. But who am I to talk? I still use reiserfs.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 2:28 UTC (Fri) by geofft (subscriber, #59789) [Link]

The used-car salesman relies on your inability to quickly evaluate the car and what's inside it. Free software and publicly-specified cryptography don't have that problem -- you can look at the source and see what it does.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 7:00 UTC (Fri) by tnoo (subscriber, #20427) [Link]

Still, how can I verify that an unmodified version, compiled from the same sources, is running on the remote server? And even if there is such a version running, how can I be sure that the traffic is not sniffed in between?

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 7:14 UTC (Fri) by geofft (subscriber, #59789) [Link]

A properly designed protocol for this purpose is not dependent on what runs on the remote server -- the cryptography and dissemination applied to your local data is sufficient to avoid attacks once the data leaves your computer.

I haven't audited this system, but it sounds like that was a design goal, and it's not a particularly difficult one. If you're going to use it, you'd be well-advised to make sure that this was in fact a design goal, and audit it to make sure it lives up (or find someone you trust to do so).

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 12:46 UTC (Fri) by ewan (subscriber, #5533) [Link]

You can't, of course. The Strongbox effort seems to be part code, plus a large chunk of PR to make it look attractive. That's not to say that there's a problem with it, more that even if the system is secure and well designed, it still needs the PR to actually get anyone to use it.

While the New Yorker promise to do various things, there's no real need to trust that they will; the key part is the first stage where you connect using Tor so they don't know where you're coming from. Everything else is really up to you. Clearly, there's nothing technical that can ever stop you submitting a picture of yourself with your name and address on, and the same principle applies to all submissions to a system like this - it's up to the submitter to avoid giving the New Yorker anything that could identify them, they shouldn't hand over identifying information and hope the other end keeps it secret.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 16:27 UTC (Fri) by dmarti (subscriber, #11625) [Link]

+1 Insightful. Of course, this system also depends on random people setting up Tor nodes and leaving them running. (Another item for the Stuff to Put On My Home Server When I Finally Get Around to It list.)

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 19:28 UTC (Fri) by johill (subscriber, #25196) [Link]

However, having a .onion service doesn't require any tor _exit_ nodes, which is a huge advantage here. Since there's not even an exit node needed, not even such nodes could do traffic analysis or similar. Also, if I remember correctly, intermediate nodes can't really know what you're talking to, except that it's the next node, but I don't think they can tell the difference between talking to a .onion service on the next node, using the next node as an exit node or simply as a forward. If the node they run has enough of bandwidth to be used as a relatively busy forward as well, traffic to their .onion address might essentially vanish.

I played with getting email (SMTP) to work within the tor space with .onion addresses years ago (about 7 I think), for this very reason. Of course, the email thing never took off because running such a service is difficult and hardly anyone runs their own SMTP anymore (now even less than back then, I'd say.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds