Can one use Signal via Tor? If so, a URL would be useful.
But one can use Session (a fork of Signal) over Lokinet (an onion routing network, which is similar to Tor).
Even the updated version of Signal merely relays stuff through a proxy. That is, there's just one hop, and that's trivial to deanonymize. With Lokinet, there are multiple hops, so adversaries must compromise multiple nodes.
Also, Session requires no PII for account creation. That's great for anonymity, but there's no built-in authentication. So users must authenticate contacts in meatspace or via other communication channels.
Lokinet seem to claim (https://medium.com/@LokiNetwork/lokinet-b8f738fefe7a) that their network is more resistant to sybil attacks by introducing different incentives (an internal cryptocurrency) and not having a central authority (which TOR does have, and which users have to trust). It's unclear how this helps against a wealthy adversary determined to control the network via its own nodes.
As I understand it, there's a slowly increasing supply of Loki, a private cryptocurrency. Basically, service nodes earn Loki for caching messages, and relaying traffic. I gather that's analogous to mining in Bitcoin etc.
Creating a new service node requires a providing a stake in Loki, which I believe currently costs on the order of $5000. And the only source is Loki held by existing service nodes. So arguably, as the creation rate for new service nodes increases, the price of the requisite Loki stake increases, perhaps supra linearly, or even exponentially.
There's also the issue that service nodes that behave maliciously lose all of their Loki, both the initial stake, and anything that they've earned.
I don't know specifics, however. So I don't know just how high the bar is for malicious service nodes.
Thanks, I'll look into it. It seems like a subtle distinction. That is, "cooperat[ing] with other compromised nodes" seems like a flavor of malicious activity.
I get that the Tor Project has banned relays for numerous reasons. The tor-relays list is a good (albeit incomplete) source for reports, discussion and decisions.
But one can use Session (a fork of Signal) over Lokinet (an onion routing network, which is similar to Tor).
Even the updated version of Signal merely relays stuff through a proxy. That is, there's just one hop, and that's trivial to deanonymize. With Lokinet, there are multiple hops, so adversaries must compromise multiple nodes.
Also, Session requires no PII for account creation. That's great for anonymity, but there's no built-in authentication. So users must authenticate contacts in meatspace or via other communication channels.