18pfsmt, that's an interesting question. Do you have any specific examples you can point us to?
When I think about a network drawn atop of say WebRTC connections, it's possible for a message to travel realtime via hops from person A to person B via persons C, D & E even though persons A & B have no direct connection, obfuscating the path and connection information that lawl alluded to with STUN/TURN/ICE servers.
A similar situation exists for offline messaging polling between data storage where we could obfuscate that transaction via another user's client (i.e get person C to poll for messages from Person B to Person A offline).
I'm not sure if this is what you had imagined or if you were thinking of something else?
Not sure if it's helpful for your specific case, but that's pretty much what Tox is doing. They have a DHT and to 'avoid' leaking connection information they implemented onion routing[0]
> Tox generates a temporary public/private key pair used to make connections to peers in the DHT. Onion routing is used to store and locate Tox IDs, to make it more difficult to, for example, associate Alice and Bob together by who they are looking for in the network.
Again, I'm not sure if that'd be all that helpful in a case where e.g. Azure sees all the edits, I think timing attacks are pretty simple when you see the entire network. But then again, I'm not an expert and I also have no clue how your software works, so i don't want to go out on a limb.
Yes, that's similar to what I had in mind. Have you all looked at https://en.wikipedia.org/wiki/Zerocoin ? My understanding is that Zerocoin eventually developed their own protocol/ blockchain, but originally they operated a mixing service on top of Bitcoin.
I admit to being out of my element on this, so I may not be phrasing things correctly, but reading through this discussion it seemed like there would be lots of public metadata for a would-be attacker to work with.
Indeed if one was observing the entire network, they might be able to piece together useful metadata as you both suggest. The kind of thing you might do with a NarusInsight. Tox and Zerocoin have done some interesting work towards this end and it's definitely something for us to consider going forward.
Thank you lawl & 18pfsmt for highlighting protection of metadata vs. content. At this time protecting content seems like the minimum bar by which one should measure, with metadata protection being the ultimate goal without sacrificing performance or convenience.
I totally get security/privacy vs. usability. I'm not trying to shoot you down btw. I just think we need to openly talk about these trade-offs or rather, make them clear to people who care about them (me).
Signal for example is great when it comes to confidentiality and actually easy enough to use so my mom messages me on signal, not so great when it comes to not leaking metadata. Nobody else I know uses Tox. But I know that when I use Signal it's a trade-off I'm fine with, but I'm aware of it.
Absolutely agree with you. Transparency in a messaging platform is important (it's sort of captured in EFFs criteria for a messenger too as regards open sourcing and inspection--not sure if you saw their recent 4 part series on messaging or earlier piece on all available messaging tools).
Your comments and 18pfsmts got me thinking about metadata from a different angle than I had been considering prior--that of a state actor's capability to observe the entire network. Your comments never came across as negative.