Goals and threat model
Clone this wiki locally
Goals and Threat model
Tahrir will be released in several stages, each with successively more ambitious goals, and a more elaborate threat model.
1. Initial release (October 2013)
- Provide a censorship and disruption-resistent microblogging platform as an alternative to centralized services like Twitter.com and Facebook.com
- Make it difficult to determine the real identities of publishers
- Make it difficult to determine which users are reading which microblogs
- Scale up to thousands of published messages per day
- Limit bandwidth usage to less than 100 bytes per second (250 megabytes per month)
1.2 Threat Model
The adversary is assumed to be a government with control over some or all of the network infrastructure, which wishes to prevent people from sharing particular views and opinions. They are assumed to be primarily focussed on censorship of unencrypted TCP traffic, which they do through packet filtering, IP blacklists, DNS blacklists, and URL blacklists.
People who are definitively identified as publishing particular types of content may be subject to fines. The adversary may run a small number of Tahrir nodes (a Sybil attack), but is not expected to invest significant time and effort on Tahrir specifically due to its relative obscurity at this stage.
The adversary will not engage in deep-packet-analysis specifically tailored to detect Tahrir communications. The adversary will not punish individuals merely for using censorship circumvention technology like Tahrir.
1.3 Notable limitations
- The Tahrir software and an initial set of "seed nodes" will probably not be downloadable from a convenient centralized source due to DNS and IP blocking.
- Tahrir communications will be identifiable through stateful packet inspection given sufficient effort.
- A Sybil attack comprising a sufficiently large proportion of Tahrir nodes (perhaps 20%) may be able to determine the IP address of a publisher through statistical analysis over time