Opened 13 months ago

Last modified 13 months ago

#31836 new enhancement

Idea for the realization of chats via the Tor network

Reported by: Researching girl Owned by:
Priority: Medium Milestone:
Component: Applications Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



If some Tor server operators also support a feature to receive messages from chat users in a chat group and then send them to the chat recipient in the chat group, I can imagine programming a client to do so.

1 - There should be a registry where you can create a chat group to get an anonymous group ID. If you have to visit a website whose address ends with ".onion", that would be fine too. But then a code would have to be downloaded before, which would encrypt the data for the registry completely by means of a password, which the caller enters, before it is sent to the registry. So that unwanted can see neither the ID, nor the name of the chat group, nor the description of the chat group.

2 - Once at least one chat user in the chat group logs in using a key received from the chat group creator, the registrar must encourage the selection of a Tor server that supports this chat communication. Always after a certain amount of time, you must switch to a different Tor server. This must happen from the registrar, the previous Tor server must not know the new Tor server. So the information must be sent directly from the registrar to all chat members, or encrypted in the usual way via the Tor server to be left. The clients of chat members who are not online at this moment will then be notified of the current Tor server as usual the next time they go online.

3 - All chat users in the chat group who are logged in must be sent the ID of the Tor server through which the chat communication is currently being transported.

4 - I will program the chat client so that before sending the text message, the message is encrypted using the key from the chat group creator. Only recipients who have this key can decrypt the message. So I will program the client so that after the receipt, before the message is displayed, it is decrypted again. Which of course only works if you have the right key. If you don't have the right key, you don't know the ID in the registry, you can't see which Tor server the communication is running on and you don't even see the chat users of the chat group.

5 - The chat group creator must set a secure password to create a chat group, which is used for encrypted communication between him and the registrar and authorizes him to administer and then upload a key that he gives to all chat users who are supposed to be able to see his chat group and communicate there.

6 - It is not necessary for the members of the chat group to be in the registry and it is much safer. Each member of the chat group authorizes himself each time with the key to log in. If the chat group creator wants to expel a member without sending a new key to all desired members of the chat group, he can enter it in the registry as "not authorized". If the now excluded chatter then logs on, he will not get the address of the current Tor server over which the communication is transported once more from the registry. However, if the user changes his or her user ID, this protection no longer applies. As a countermeasure, I can imagine that the chat group creator can request a new key via the registry, but the old key will continue to apply until the clients of all chat members have received the new key. The chat user to be excluded will be excluded.

Child Tickets

Change History (2)

comment:1 Changed 13 months ago by nickm

Component: Core TorApplications

Hi! This looks like more of a design proposal than a feature request or bug ticket. I'd suggest having a look at other systems that have tried to implement communications over Tor, including Pond and Ricochet - you might be able to take ideas from them, or you might find that one of them is close to doing what you want.

Generally that way I would proceed from there is to try to write up a complete protocol description, explaining all the messages, formats, and cryptography. That way you can get closer review on the system's security before you get too far into the implementation.

From your writing above, I can't tell whether you're proposing to do this with changes in Tor itself. I'd suggest that if possible you try to do it without, since adding features to Tor is generally tougher than writing an application that uses tor. If it can't be done without changes to Tor, that's interesting, and we should look at the question of what minimal set of Tor features would let it support this kind of application.

comment:2 Changed 13 months ago by Researching girl

Note: See TracTickets for help on using tickets.