Just hoping for some feedback and discussion about an idea i've had at the back of my mind...
TLDR; Tor/i2p replacement for next-gen anonymous web & mobile apps. Rich clients. Dumb cloud.Technologies such as Tor and I2P are unquestionably awesome and can save lives. But for the casual user, who is just concerned about their privacy (lower threat model), and wants to make use of hidden services, having to download extra software is a bit of a pain.
Instead of navigating to an Onion site, wouldn't it be nicer to just execute an open-source 'SilkStreet' chrome/firefox web app?
Could some communications infrastructure (some simple API) be built which would allow users to:
- Send a message to the world (Publish)
- Send a message to another (DM)
Just having these 2 simple primitives to allow one to publish and inter-communicate, freely and anonymously, via web technologies, would be very useful.
Advantages:
- The complexity happens at the client side, where the code can be audited easily and trusted.
- The communications protocol, supported by distrusted central entities, would be simple. The scope for harm caused by malicious servers is limited.
So my question is, can you envisage some protocol for achieving this, when:
- All users of the system are restricted to running in-browser apps - HTML5/Javascript
- We have one central server, S, who could be malicious, who examines the content of all messages
- S provides a store-and-forward service.
- Each user maintains a persistant connection with S
- To Publish or DM, a user must send the message to S, who will subsequently forward it on to the final destination
- Each user will have a key pair (Pub,Priv)
- A user's Pub key also acts as an endpoint for addressing direct messages
I was thinking that through a clever application of cryptography, this ought to be entirely possible.
We could model a strongly connected graph of users, over the underlying centralized topology. Where we must assume that at every edge, S has a wiretap, reading and possibly injecting messages!
Could we 'launder' a message, with layered encryption, so that instead of Alice talking directly to Bob. She constructs a layered (tor-like) message that gets relayed through multiple users before reaching Bob? Thus hiding the author and recipient of a message? Each time a message is relayed, it appears completely different to S who cannot directly relate it to previous messages.
But S could perform timing attacks....
I will write a more coherent proposed solution tomorrow!