Recently someone leaked enormous amount of docs (2.6 TiB) to the journalists [1]. It's still hard to do such thing even over plain old Internet. Highly possible that these docs were transfered on a physical hard drive despite doing so is really *risky*.
Anyways, in the framework of anonymous whistleblowing, i.e. SecureDrop and Tor specifically it's seems to be an interesting case. I'm wondering about the following aspects:
o Even if we use exit mode/non-anonymous onions (RSOS) is such leaking reliable? The primary issue here is time of transmission. It's much longer than any time period we have in Tor.
o What is going to happen with the connection after the HS republishes its descriptor? Long after? [This one is probably fine if we are not using IPs, but...]
o Most importantly, is transferring data on >1 TiB scale (or just transferring data for days) safe at all? At least the source should not change their location/RP/circuits. Or need to pack all this stuff into chunks and send them separately. It's not obvious how it can be done properly. So at what point the source should stop the transmission (size/time/etc)/change location or the guard/ pick new RP?
-- [1] http://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/ -- Happy hacking, Ivan Markin
NB: Sorry for breaking the threading. Replying to the right message.
dawuud:
Alice and Bob can share lots of files and they can do so with their Tor onion services. They should be able to exchange files without requiring them to be online at the same time. Are you sure you've choosen the right model for file sharing?
I haven't chosen any storage model. I'm just wondering about technical capabilities of Tor to act as _anonymous_ transport for this data. "Will one be anonymous when they transmit big amount of data?" "What the limits are?" "What step should the source take to be safe?"
If Alice and Bob share a confidential, authenticated communications channel then they can use that to exchange key material and secret connection information. That should be enough to bootstrap the exchange of large amounts of documents:
The Internet is not confidential. Surely the opposite.
Anyone who hacks the storage servers she is operating gets to see some interesting and useful metadata such as the size of the files and what time they are read; not nearly as bad as a total loss in confidentiality.
Yes, but there are much more adversaries. Any AS near the endpoints poses big threat.
No that's not necessarily correct; if the drives contain ciphertext and the key was not compromised then the situation would not be risky.
The source can easily fail by compromising fingerprints, chemical traces, serial number of the hard drive (with proprietary firmware!), place of origin and other 'physical' metadata. It's not "just ciphertext" in a vacuum.
-- Ivan Markin
On 04/03/2016 08:48 PM, Ivan Markin wrote:
Recently someone leaked enormous amount of docs (2.6 TiB) to the journalists [1]. It's still hard to do such thing even over plain old Internet. Highly possible that these docs were transfered on a physical hard drive despite doing so is really *risky*.
One technique would be to generate a torrent of the encrypted data, convince a community to seed, then distribute the magnetic link and the decryption key over SecureDrop.
Assuming that that they leaker figured out a way to securely transfer a hard drive, I suppose they could encrypt it with LUKS/dmcrypt, then send a SHA-256 sum and the decryption key over SecureDrop.
-
Ivan Markin -
Jesse V