Open taoeffect opened 8 years ago
How would one identify Ricochet traffic? Are you talking about traffic analysis in the general case? If so, that's a quite hard problem to solve, and may be impossible depending on the resources of the attacker.
This is in reference to a private conversation I had with @special.
The distinguishers I would've been referring to are:
As @JeremyRand says, traffic analysis is a really hard problem to solve, and Tor itself has taken almost no steps towards solving it in a general way. I don't think there's anything meaningful Ricochet could do without some sophisticated research demonstrating where the problems are and what defenses might actually work.
My preferred solutions would be for more general research to indicate a direction for tor itself to go towards solving traffic analysis problems, and for more people to use Ricochet for more reasons.
Is Ricochet becoming more fingerprintable considering on how Tor 0.3.5 defaults to using version 3 for Hidden Services which Ricochet doesn't support (https://github.com/ricochet-im/ricochet/issues/575)?
There are a couple of changes in the 0.3.5 that may affect compatibility. First, the default version for newly created onion services is now v3. Use the HiddenServiceVersion option if you want to override this. Second, some log messages related to bootstrapping have changed; if you use stem, you may need to update to the latest version so it will recognize them.
Apparently it's possible to distinguish Ricochet traffic from other Tor traffic, and that can lead to both anonymity and usability issues for the following reason:
By making Ricochet traffic appear like whatever the "average Tor traffic" is, it would be possible to both improve UX issues and prevent such an attack.