A zero knowledge store and forward fediverse proxy

I’ve been thinking a lot lately about this. I think there is significant demand but a few technical hurdles are preventing me from planning how to build it.

What I imagine is a service that people can sign up for, where they can have a fediverse handle like example@catchydomain.example, but that in reality just points to a proxy. None of the connections know the true origin/destination of the messages, only the proxy. So the real data is permenantly stored at say a local raspberry pi, and perhaps the only thing the proxy knows is the example.onion or example.i2p address to send posts to.

The zero knowledge part doesn’t seem quite achievable yet because AP seems to assume the “server” will hold the key and there is no true E2EE yet. But we can at least start with a zero-log setup that is similar to modern VPN services in terms of privacy.

What do y’all think? Is there demand for something like this? Are there ways of handling E2EE that I’m not aware of?

2 Likes

Hi,
I won’t answer about the demand for such service but I can give few pointers about how it could be implemented. All this description sounds to me like what is referred to as “Secure/Anonymous messaging” in the computer security literature. This is a very nice branch of work which started in the 90s and gained an important popularity during the past two decades thanks to TOR. However, there exist many new schemes that avoid TOR limitations using novel cryptographic primitives. I can give you few pointers but not that there are two branches of work: Anonymous broadcasting (i.e. one-to-many) and Secure messaging (i.e. one-to-one). I am currently surveying all the anonymous broadcasting literature but I am aware of the main milestones of Secure Messaging. The choice can also vary depending on the number of servers involved in the anonymization (e.g. thousands like in TOR or just a few). Depending on your needs, I can point at few interesting papers!

For example, Express (Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy | USENIX) has a system of anonymous mailbox where anyone can write anonymously but the (unique) reader is not anonymous. Still the content is encrypted so the only leak is the owner of a mailbox so it is impossible to link this receiver to a sender. This system only requires two servers to handle this mailbox system.

1 Like

If it makes secure private messaging easier to use, I support it. E2EE is on the Mastodon horizon. As for the zero knowledge thing there’s nothing stopping the server from knowing a second pubkey owned by the example.onion you mention and the message being encrypted before put on the wire for AP connection to this proxy. I suppose that’s requires more work by the sender.

The solutions I mention are not particularly easier but mostly, more secure. TOR is a very good tool but it has some limits even from a security point of view and the recent solutions try to address them while still aiming at high scalability. Note that their anonymization does not rely on a proxy chain as TOR but I won’t go into that details here except if you want to dig into it. Also I am not totally clear about how AP works and how these new systems could be plug on it.

In the recent solutions, the work on the sender side should not be particularly large. From a sender perspective, the cost should not be visible. However, the servers may have some extra work to do but you need only few servers to ensure your anonymization.

1 Like

What is wrong with Tor hidden servers? I haven’t really kept up on this stuff the last few years. Is I2P ok? Are there newer ones?

I speak from a purely scientific point of view and I am totally unaware of the details of TOR hidden servers or I2P. Consider my insights only for their scientific aspects and not for the technical details, I am a PhD student who have recently surveyed the field of anonymous messaging so I am essentially aware of the scientific considerations and ignore all the practical matters :sweat_smile:

I was simply discussing TOR from a high-level point of view. It is a powerful solution but it remains a historical weakness: the possibility of a “global adversary”. If a large entity (e.g. state or company) is able to observe a large enough part of the network, it is able to trace the packets. For example, both OVH and Hertzner each host 400 relay nodes out of 7K relays in the world (Relay Search). One may say that by choosing geographically distributed nodes, you reduce the probability of the de-anonymization but there is still a risk.

I wanted to point out that alternatives exist in the scientific literature. Obviously TOR is a battle-tested solution compared to these recent systems. If you think TOR completely address your problem and that its weaknesses are acceptable for your use case, you should go for it. For example, we may discuss some edge cases such as whistle-blowers where the possible de-anonymization might be problematic (this last sentence is a pure supposition because I am not an expert in these practical issues and I cite it because it is often a motivation in the Anonymous Messaging literature).