Opened 21 months ago

Last modified 8 months ago

#17510 new enhancement

Store aliases locally

Reported by: cypherpunks Owned by:
Priority: High Milestone:
Component: Applications/Tor Messenger Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The Tor Messenger is intended to help anonymize IM metadata. For contacts to remain anonymous, they must create accounts with usernames which are not associated with their known identities. This creates a usability problem because all of your contacts' usernames may be unrecognizable gibberish.

The natural response is to set an alias for your contacts so you can remember who they are. These aliases are stored server-side. This means that even if you do everything right, send messages only with both OTR and Tor, and pick a username that can't be traced back to you, your contacts could still easily and even accidentally reveal your identity to the server, which could be compromised or compelled to provide this data.

The Tor Messenger should add storage of contact aliases in the client and disable sending of those aliases to servers.

Child Tickets

Change History (7)

comment:1 Changed 21 months ago by sukhbir

  • Owner set to sukhbir
  • Status changed from new to assigned

comment:3 Changed 17 months ago by arlolra

  • Priority changed from Medium to High

Coy.im is implementing this feature.

That's great to see!

your contacts could still easily and even accidentally reveal your identity to the server, which could be compromised or compelled to provide this data

Right, but that applies equally if your contact isn't using Tor Messenger to begin with, of which we have no control. If you do, you might want them to use Ricochet instead of the protocols that Tor Messenger supports to avoid having a server in the middle to be compromised. Further, you probably don't want them setting an alias for you at all, less their machine be compromised.

However, Tor Messenger shouldn't be participating in this behaviour (and the unwitting part of it scares me), so I've raised the severity.

Tor Messenger already has local aliases and tags, which it stores in an sqlite db (and accesses via the serverAlias property, which is an unfortunate name). The XMPP prpl seems to have an additional rosterAlias which is the one it sends to the server. That needs to be disabled and this should all be audited further to make sure I got it right.

https://github.com/mozilla/releases-comm-central/blob/master/chat/protocols/xmpp/xmpp.jsm#L808

comment:4 Changed 9 months ago by arlolra

  • Keywords messenger metadata removed

comment:5 Changed 9 months ago by arlolra

  • Summary changed from Tor Messenger: store aliases locally to Store aliases locally

comment:6 Changed 8 months ago by arlolra

  • Owner sukhbir deleted

comment:7 Changed 8 months ago by arlolra

  • Status changed from assigned to new
Note: See TracTickets for help on using tickets.