Jump to content


Photo
- - - - -

Best instant messenger for privacy?


  • Please log in to reply
16 replies to this topic

#1 Swerve

Swerve

    Dangerous free thinker

  • Members
  • 809 posts
  • Country:
  • Gender:Male

Posted 17 February 2011 - 02:42 PM

Just wondering if anyone had any thoughts on which instant messenger is best to stop people getting your IP?

Trying to avoid the netstat -b which shows the IP of whom I'm talking with.

Any recommendations?

Merci beaucoup :)

#2 jeremy_

jeremy_

    HACK THE PLANET!

  • Members
  • 62 posts
  • Country:
  • Gender:Male
  • Location:Oklahoma

Posted 17 February 2011 - 03:19 PM

Torchat's gotcha covered. http://code.google.com/p/torchat/

Also, look at the Tor Browser Instant Messaging Bundle for use with traditional IM networks. http://www.torprojec...ownload.html.en

Edited by jeremy_, 17 February 2011 - 03:20 PM.


#3 sickreizin

sickreizin

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Gender:Male

Posted 20 February 2011 - 11:16 PM

Also keep in mind that Torchat, as of around six months ago was unmaintained and the person who wrote the code went AWOL. Could be that this is full of holes and there doesn't seem to be any peer review on it, as opposed to the Tor IM Bundle.

#4 5imp7y

5imp7y

    Hakker addict

  • Binrev Financier
  • 507 posts
  • Country:
  • Gender:Male
  • Location:PA again....

Posted 28 February 2011 - 09:17 AM

I used to use a program called trillion... dont know bout its security but why hide your IP? isnt that like the numbers on your mailbox?

#5 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 28 February 2011 - 09:47 PM

I used to use a program called trillion... dont know bout its security but why hide your IP? isnt that like the numbers on your mailbox?

which is why some people use PO boxes... not everyone wants to be open to the world, or for the spooks in room 641A to intercept their communications..

#6 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 14 April 2011 - 08:44 PM

Just wondering if anyone had any thoughts on which instant messenger is best to stop people getting your IP?

Trying to avoid the netstat -b which shows the IP of whom I'm talking with.

Any recommendations?

Merci beaucoup :)


I think I might be able to come up with a custom solution, but I'd be paranoid about existing clients. The reason is they weren't designed with anonymity in mind. Everything from the application layer code to the protocols themselves leak information in various ways. Security engineers call all of these covert channels and traditional software and OS's have tons of them. So, I'd say custom approach is the best until doing an exhaustive analysis of some existing approach. I'd take an established, trustworthy anonymous network scheme and layer a messaging system on top of it that leaks as little as possible.

On that note, Freenet is the best route for the transport layer. You would have to give up the "instant" part. Besides, the less latency there is during the session, the more traceable it is. Almost all good anonymity schemes that you can use from home increase latency and delays during the course of their operation. Tor or I2P could conceivably do something like "instant." This has two problems: Tor is getting more attacks every year; I2P is lacking a formal review by knowledgeable security guru's. So, you have Freenet or some custom protocol to work with. Freenet has an excellent design and I haven't hear of anyone being traced by beating its security in friend-to-friend mode. So, a Freenet messaging system whereby two parties continually update a file or forum with GPG signed messages would be ideal, but slower than you want. If you are willing to take on more risk, you could use I2P messenger. It's obscurity might prevent snoops from exploiting and tracing you, but obscurity is only so trustworthy. Avoid anything over Tor.

- Nick P,
schneier.com

#7 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 15 April 2011 - 09:04 PM

my two pennies:

msn wont reveal your IP address to the person you are chatting with unless you transfer a file.

That + pidgin for encryption works pretty good for privacy

#8 sickreizin

sickreizin

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Gender:Male

Posted 21 April 2011 - 03:36 AM

"Tor is getting more attacks every year; I2P is lacking a formal review by knowledgeable security guru's. So, you have Freenet or some custom protocol to work with."

More FUD about Tor, where is all this coming from? You could say the same thing about Firefox. People finding holes is good, it means the system is being made more secure. There's a lot of active security developers looking at the code, the design etc of Tor and the same can't be said for Freenet or especially I2P. This doesn't mean Tor is better, just that it's not any less trustable than anything else because security flaws were found it. Of those found, almost all of them have been fixed. A few remain, which Tor reminds you of when you download it and requires a very sophisticated adversaries to successfully pull off.

#9 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 21 April 2011 - 04:44 PM

"Tor is getting more attacks every year; I2P is lacking a formal review by knowledgeable security guru's. So, you have Freenet or some custom protocol to work with."

More FUD about Tor, where is all this coming from? You could say the same thing about Firefox. People finding holes is good, it means the system is being made more secure. There's a lot of active security developers looking at the code, the design etc of Tor and the same can't be said for Freenet or especially I2P. This doesn't mean Tor is better, just that it's not any less trustable than anything else because security flaws were found it. Of those found, almost all of them have been fixed. A few remain, which Tor reminds you of when you download it and requires a very sophisticated adversaries to successfully pull off.


The term FUD is usually reserved for claims that have no basis in fact and are purely fearmongering. My warnings are based on protocol analysis and attacks on Tor and similar networks that have been steadily published by security researchers for years, including the recent grab of over ten thousand IP addresses of Tor users. How is FUD again?

"people finding holes is good, it means the system is being made more secure"

Yeah, it's good if the system isn't in use by people who depend on the anonymity. We're not talking about software for keeping viruses from corrupting your system, whereby you can just restore from backup if it fails. We're talking about a scheme designed for many high stakes situations where well-funded, sophisticated attackers might trace the person trying to stay hidden. The results can be costly or fatal. Systems/protocols like this must be good enough from the get go without serious flaws. Such systems are called "high assurance" systems. There are higher assurance anonymity schemes and they are preferrable over solely depending on Tor.

"This doesn't mean Tor is better, just that it's not any less trustable than anything else because security flaws were found it."

That's false in this case. People often use Tor to hide their identity for a reason and one leak is all it takes to make them regret it. Tor's security issues provided a steady stream of opportunities for this to happen. Tor was (and is) flawed by DESIGN, while schemes like Freenet have a superior design. A good security scheme is architected with good design, implementation, and usage patterns. In Tor, we have a flawed design, a run-of-the-mill implementation, and it's hard to use apps in a secure manner with no leaks.

"A few [security issues] remain, which Tor reminds you of when you download it and requires a very sophisticated adversaries to successfully pull off. "

Why use a method with known, "remaining" security issues when alternatives without any known security issues exist? And with that said, I think I'm more than justified in warning people not to use Tor if they *really* need the anonymity. I'm just surprised your happily using a protocol that you know is flawed instead of a scheme w/out any known flaws.

One sensible reason is that you have little of importance to hide and you're willing to trade a certain amount of security for convenience. Many individuals needing a Tor-like solution can't make that tradeoff. I wrote my original post with them in mind, as I don't know what Swerve intends to hide.

#10 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 03 May 2011 - 11:06 PM

IM's actually something I haven't looked at at all. Aren't most IM sessions negotiated through a server so that the users aren't directly sending each other any sort of information? How is endpoint IP information leaked through instant messaging?

(I'm really looking for some kind of documentation on this sort of thing instead of a user explanation.)

#11 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 04 May 2011 - 01:25 AM

IM's actually something I haven't looked at at all. Aren't most IM sessions negotiated through a server so that the users aren't directly sending each other any sort of information? How is endpoint IP information leaked through instant messaging?

(I'm really looking for some kind of documentation on this sort of thing instead of a user explanation.)


It depends on the protocol. The purpose of IP is to ensure delivery of packets, but it can also be used at application layer for other purposes. If the application layer's unencrypted data contains this information, then it leaks identifying information. BitTorrent is an example of a protocol that wasn't really designed for anonymity. Many people started using BT clients over Tor, thinking Tor would anonymize the data. The way that the protocol leaks identifying info led to the source IP identification of at least ten thousand users, maybe more. The application and protocol mustn't leak identifying information or they can become the weakest link in the strongest anonymity scheme. If you're wanting to understand these things, start by Googling that paper. You might also want to look into academic papers on attacks on anonymity schemes.

#12 dinscurge

dinscurge

    "I Hack, therefore, I am"

  • Members
  • 938 posts
  • Country:
  • Gender:Male
  • Location:the bunker

Posted 04 May 2011 - 01:26 AM

yeah most any ive cared to look at, dont show ip, if at all just when you transfer bigger files which obviously you just dont accept :p. as its just ip, a proxy should be good enough.. if you want more secure communication as in the actual text, you can always ssh into a box and use write or something..

army_of_one, thoe you have valid points, id say 5imply also had some, just because they dont have any known bugs/leaks/w.e. doesnt mean they are better, it doesnt mean anything, "the absence of evidence isn't evidence of absence" atleast with tor you know/have proof they are working towards fixing the bugs, even forking firefox to help increase the speed of which said bugs could be fixed, the others just havent had any yet, maybe they will take forever to fix them, or maybe they wont at all, or maybe they will do it faster, we cant tell that right now, with tor theres atleast a track record so to speak.. they do look pretty interesting thoe :p.

#13 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 04 May 2011 - 04:20 PM


IM's actually something I haven't looked at at all. Aren't most IM sessions negotiated through a server so that the users aren't directly sending each other any sort of information? How is endpoint IP information leaked through instant messaging?

(I'm really looking for some kind of documentation on this sort of thing instead of a user explanation.)


It depends on the protocol. The purpose of IP is to ensure delivery of packets, but it can also be used at application layer for other purposes. If the application layer's unencrypted data contains this information, then it leaks identifying information. BitTorrent is an example of a protocol that wasn't really designed for anonymity. Many people started using BT clients over Tor, thinking Tor would anonymize the data. The way that the protocol leaks identifying info led to the source IP identification of at least ten thousand users, maybe more. The application and protocol mustn't leak identifying information or they can become the weakest link in the strongest anonymity scheme. If you're wanting to understand these things, start by Googling that paper. You might also want to look into academic papers on attacks on anonymity schemes.


Start by Google-ing which paper?

#14 sniper606

sniper606

    SCRiPT KiDDie

  • Members
  • 25 posts
  • Country:
  • Gender:Male
  • Location:606

Posted 04 May 2011 - 04:37 PM

Pidgin has an off the record messaging plugin that me and some friends use when we need to talk about sensitive things.

#15 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 04 May 2011 - 04:42 PM



IM's actually something I haven't looked at at all. Aren't most IM sessions negotiated through a server so that the users aren't directly sending each other any sort of information? How is endpoint IP information leaked through instant messaging?

(I'm really looking for some kind of documentation on this sort of thing instead of a user explanation.)


It depends on the protocol. The purpose of IP is to ensure delivery of packets, but it can also be used at application layer for other purposes. If the application layer's unencrypted data contains this information, then it leaks identifying information. BitTorrent is an example of a protocol that wasn't really designed for anonymity. Many people started using BT clients over Tor, thinking Tor would anonymize the data. The way that the protocol leaks identifying info led to the source IP identification of at least ten thousand users, maybe more. The application and protocol mustn't leak identifying information or they can become the weakest link in the strongest anonymity scheme. If you're wanting to understand these things, start by Googling that paper. You might also want to look into academic papers on attacks on anonymity schemes.


Start by Google-ing which paper?


This was the BitTorrent attack: http://arstechnica.c...tor-network.ars

The attack exploited a compromise in the operation of the protocol over Tor. The protocol was impossibly slow if all of it was forced over Tor, so they just tried to do the identifying portions over Tor. Malicious exit nodes were used to catch identifying pieces with the rest. The DHT mode was susceptible because it uses UDP, not TCP, and Tor doesn't support UDP. Are you starting to see the complexity involved in knowing whether a given protocol and Tor configuration will preserve anonymity? Compare the Tor "solution" to a dedicated proxy embedded PC connected to a far-away WiFi hotspot with a long-range cantenna, a LiveUSB RAM-based distro, a mac changer, and optionally Tor as an extra layer. Best to view Tor as just one component in an anonymity scheme. The physical device or IP connecting to it shouldn't be yours, just to be safe.

As for other attacks, most are DOS attacks. Here's one non-DOS attack and a link to research groups.

Attack on particular routing strategy w/ lab test (2007)
http://citeseerx.ist...p=rep1&type=pdf

Page with links to many anonymity R&D groups
https://www.torproje...esearch.html.en

#16 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 04 May 2011 - 04:44 PM

Pidgin has an off the record messaging plugin that me and some friends use when we need to talk about sensitive things.


That's nice for encrypted conversations, but the OP wanted anonymity-preserving communications. The rarity of Pidgin-OTR use alone makes their users stand out amongst other Internet traffic.

#17 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 04 May 2011 - 05:07 PM

yeah most any ive cared to look at, dont show ip, if at all just when you transfer bigger files which obviously you just dont accept :p. as its just ip, a proxy should be good enough.. if you want more secure communication as in the actual text, you can always ssh into a box and use write or something..

army_of_one, thoe you have valid points, id say 5imply also had some, just because they dont have any known bugs/leaks/w.e. doesnt mean they are better, it doesnt mean anything, "the absence of evidence isn't evidence of absence" atleast with tor you know/have proof they are working towards fixing the bugs, even forking firefox to help increase the speed of which said bugs could be fixed, the others just havent had any yet, maybe they will take forever to fix them, or maybe they wont at all, or maybe they will do it faster, we cant tell that right now, with tor theres atleast a track record so to speak.. they do look pretty interesting thoe :p.


See my reply again. The absence of known flaws isn't my main argument for their superiority. It's their superior design and Tor's higher risk, often-broken design. I've been thinking about building a high assurance implementation of Tor, Freenet or I2P. That they run on "certified insecure" (EAL4) systems is disturbing. Even a minimized OpenBSD appliance with careful configuration would be better than the existing approach. Most of my recent designs have been targeted for Green Hill's INTEGRITY & INTEGRITY-178B platforms. They seem to be the best in security, performance and hardware availability. I've also done some designs utilizing the remaining certified platforms from the old days: Aesec's GEMSOS, BAE Systems' XTS-400/STOP, and Boeing's SNS Server.

INTEGRITY Product Line
http://www.ghs.com/p.../integrity.html

INTEGRITY-178B & Middleware (passed toughest recent NSA evaluation)
http://www.ghs.com/p...ty-do-178b.html

Aesec's GEMSOS (got NSA's highest security rating ever, I think)
http://www.aesec.com/

XTS-400/STOP: last decendent of secure Unix os's
http://www.baesystem...sit_xts400.html

LOCK (implemented Type Enforcement & ran UNIX apps)
http://www.cryptosmi...om/archives/179

Boeing SNS Server (in evaluation under Common Criteria to EAL7, highest rating)
http://www.boeing.co...070621b_nr.html

I'm still evaluating design approaches. Problem is that high assurance projects require lots of specialized skill and money. I haven't decided the most cost effective approach. Might combine several as building blocks & just glue them together in a robust way.




BinRev is hosted by the great people at Lunarpages!