[tor-dev] Encrypted PM site/hidden service

krugar tor-admin at krugar.de
Thu Jul 12 17:12:01 UTC 2012

take a look at https://anonbox.net/ for a similar service.

a few considerations: if you create an "app" that lives on a mobile
phone, are private keys stored on the phone? are they secured somehow
while the app is running / not running? which public keys will be stored
on the phone? will messages be stored on the phone?
will someone always know who sent a PM, or only if the sender so
chooses? how do you know how to reach someone on your service? are there
pseudonyms? how long to they last? what about key revocation?
what happens if the server is compromised somehow, will attackers be
able to look at the data and see who wrote messages to whom? for which
time period?

try to clearly define which privacy guarantees you try to achieve
against which type of attacker. the more precise you write this down,
the easier someone can help you spot weaknesses in your concept, and the
better for you and your users once the system is live.
http://dud.inf.tu-dresden.de/Anon_Terminology.shtml may help if you are
uncertain about wording.


Daniel Dennis:
> I have been brushing up on my crypto, security and studied/thought about
> how tor works and the hidden services although i don't know too much
> about this part.
> Anyways so i was thinking i'd make an app that allows people to leave
> other PMs using public keys. <---- I want to absolutely make sure no one
> has written or is writing code for anyone to leave anyone else PMs
> anonymously.
> The coding part i am not worried about. But the below is what I like to
> know.
> 1) Are there still pretty good attacks on hidden services when used by
> clients? If a user disconnects and connects everyday the hidden service
> can be found pretty easily? (study clients online, offline and
> availability of hidden service)
> Because i don't think decentralize model is a good idea if participants
> can be found i'm think i will need hosting.
> 2) Would anyone be willing to host a few static files for me and give me
> access to update said files?
> 3) Would anyone be willing to host my service on their server? I'd be
> using .NET/mono. I believe i can stick with .NET 3.5 (mono 2.6) if
> needed.
> 4) Can i use one hidden service but more then one port? I somehow got
> the impression i can only use 1 port per service but i havent looked
> into it. This means i'll need a hidden service for the static files and
> another for a central site.
> I haven't gone over the numbers but traditionally mono memory footprint
> is pretty good (i believe under 30mb) but i'll likely need a mysql
> server however i can stick with files if that is all i have available. 

More information about the tor-dev mailing list