-
Notifications
You must be signed in to change notification settings - Fork 6
Threat Model
Hushlist is a tool for privately communicating in spite of a hostile network, in a censorship-resistant and metadata-minimizing way. For the various different kinds of users of Hush to know when and when they cannot safely use this tool, it is necessary to precisely describe the threat model in which Hushlist operates. This document lists Hushlist user assets at issue, and identifies threat sources that might compromise the user’s privacy by emanating various types of metadata.
Never use hushlist on the same physical computer or virtual machine with another user you do not trust. If that user can leverage a single CVE and get priveledge escalation, full loss of privacy could happen. Best to not ever let this easy-to-prevent situation to occur. Use hushlist on a private desktop or laptop computer, or a server that you have root on. Pratice the art of compartmentalizations and isolation at every level.
- can obtain full cyphertext of all network traffic, via direct methods or the various agreements that various security agencies have to access each others resources.
- can poison BGP routes
- can inject/poison any unencrypted/unauthenticated network traffic such as HTTP
code=speech + money=code => money=speech