|
|
|
|
|
|
by angry_octet
4371 days ago
|
|
|
If all Post correspondents used SecureDrop to submit their stories that would be a start. One would have to assume that all the traffic going to the server is logged by the NSA and anyone else who can manage it. If the traffic volume is low then timing correlation with even a large pool of suspects is simple. An active attacker can differentiate between the SSL connection from a web browser and one from a tor node, so the background SSL traffic to the Post would not provide cover. I think it could be improved by using a mix network (eg mixminion) accessed over tor, rather than just tor. Unfortunately the mixmaster/mixminion networks are currently too small to provide meaningful complexity. Large scale adoption by, eg, newspapers, is not technically hard and would significantly complicate the adversary problem. I'd love to see more discussion of bitmessage and Pond (https://pond.imperialviolet.org/) cf http://www.syverson.org/ |
|
|