Adversary model makes sense. I think security/privacy folk like reading up on them for a given project they might be curious about, perhaps consider putting this on the site?
> A global passive adversary would be able to pinpoint the origin of posts if they had access to the wire-level data if posts were sent in cleartext, but all the connections are encrypted with TLS, so that's impossible.
How about timing correlation attacks, etc.? (Basically, all the attack vectors Tor people should be afraid of?) Do the posts have timestamps attached to them? If yes, wouldn't a GPA (or, for that matter, a local ISP) be able to correlate certain node activity with posts?
> If you have left locally flagging own posts as such enabled (the default setting), it will identify the posts you have created. But if you explicitly disabled that option, even that does not incriminate you: your node is just another node that might have been touched by that post.
This seems like a very nice feature / piece of design, cool.
> The reason I have that 'own post' flag is that it is the only way I can show or notify the user about the replies he / she receives.
Have you considered abstracting this to 'subscribe to this post/thread and be notified of any replies' functionality? (anyone could subscribe to posts, then (presumably with read access / however it works.))
> The only reason I have protections against that kind of threat also is the possibility of people in less fortunate countries (where bar for seizure is low) getting their computers seized because of their exercise of free speech.
As far as I'm aware, there are indeed instances when people get their equipment seized, and upon detection of sensitive (to the regime/power/$thing) data, bad things may happen. That's why Tor is very careful about what it writes to disk, etc.
Overall, thanks for your work, I'll try and follow the news and maybe take a look at the code. Good luck!
> Adversary model makes sense. I think security/privacy folk like reading up on them for a given project they might be curious about, perhaps consider putting this on the site?
I probably should put this out, yes. I'm the only person to have ever worked on Aether, I'm the architect, the builder, the designer and the coder (lately trying to be also the cheerleader, too) so I have a long list of stuff to do at all times! Currently I'm working on getting Windows version to work (it's working, I just need to make it work without asking administrator privileges), then I need to have some stability improvements on synchronization process—there are some subtle bugs and sync process sometimes gets stuck at indeterminate intervals, so I absolutely have no idea what's going on. I need to test for this. The app recovers from such errors, but it shouldn't happen in the first place. I'll eventually come up to start writing blog posts.
> Have you considered abstracting this to 'subscribe to this post/thread and be notified of any replies' functionality? (anyone could subscribe to posts, then (presumably with read access / however it works.))
This might be a little bit too much for large threads, but it might be a good surrogate for missing reply notification functionality.
Thanks for the encouragement, I would love to hear what you think after you used it!
Adversary model makes sense. I think security/privacy folk like reading up on them for a given project they might be curious about, perhaps consider putting this on the site?
> A global passive adversary would be able to pinpoint the origin of posts if they had access to the wire-level data if posts were sent in cleartext, but all the connections are encrypted with TLS, so that's impossible.
How about timing correlation attacks, etc.? (Basically, all the attack vectors Tor people should be afraid of?) Do the posts have timestamps attached to them? If yes, wouldn't a GPA (or, for that matter, a local ISP) be able to correlate certain node activity with posts?
> If you have left locally flagging own posts as such enabled (the default setting), it will identify the posts you have created. But if you explicitly disabled that option, even that does not incriminate you: your node is just another node that might have been touched by that post.
This seems like a very nice feature / piece of design, cool.
> The reason I have that 'own post' flag is that it is the only way I can show or notify the user about the replies he / she receives.
Have you considered abstracting this to 'subscribe to this post/thread and be notified of any replies' functionality? (anyone could subscribe to posts, then (presumably with read access / however it works.))
> The only reason I have protections against that kind of threat also is the possibility of people in less fortunate countries (where bar for seizure is low) getting their computers seized because of their exercise of free speech.
As far as I'm aware, there are indeed instances when people get their equipment seized, and upon detection of sensitive (to the regime/power/$thing) data, bad things may happen. That's why Tor is very careful about what it writes to disk, etc.
Overall, thanks for your work, I'll try and follow the news and maybe take a look at the code. Good luck!