Published: 2022-06-03

An Extended Reply Regarding Auditing Anonymity Networks

This is an extended reply to: which itself is a reply to Auditing Anonymous Networking Software.

Integration - Mitigating Higher Level Issues

New anonymity networks really need to consider the security of higher level applications using them, in addition to the security of the networks themselves.

See also all of

As an illustrated example: Onion services are a cool technology that were (and in many cases still are) plagued by a variety of issues e.g.:

Some of these issues could have been mitigated at a lower level, either within the Tor process itself or in some kind of distributed client software featuring specially designed, and misuse-resistant, APIs.

Some starting questions:

Design to Development

How new ideas get evaluated and implemented is a critical part of the security lifecycle. While much of it comes down to people, the processes those people follow must be audited and, where possible, automated.

Code reviews, integration tests, fuzzing, continuous integration all generated artifacts that can be used to spot issues long before they become vulnerabilities.

Some starting questions:

Development to Distribution

Development is hard, distribution is harder. Some starting questions:

See: Github Issue: Wrong hashes (from

A Final Question: Documenting Risks

How are risks documented, tracked and accepted/mitigated? Some risks are impossible to full mitigate, but what mitigations exist can be written down and referenced when making decisions. Technologies and attackers change and evolve; it is vital that this kind of information be available for review in the future.

e.g. we have the Cwtch Security Handbook for this.

About This Site

This is a site where I dump essays, ideas, thoughts, math and anything else that doesn’t fit into another format, or isn’t yet ready for a longer paper. Beware: Ideas may be half thought through and/or full of errors. Hic sunt dracones.

Recent Articles

2023-03-30Retrospective: Winter of Pipelines
2022-12-31Change, Control, Habits, and Productivity
2022-10-05Exploit Disclosure: Turning Thunderbird into a Decryption Oracle
2022-06-03An Extended Reply Regarding Auditing Anonymity Networks
2022-05-14Ideas for a better IDE
2022-04-25Federation is still the Worst of All Worlds
2022-03-21A brief introduction to insecurity buttons
2022-02-28A Queer Kind of Hope
2022-01-16Private and Decentralized Human Readable Names with Fuzzy Message Detection and Delay Towers
2021-11-27Writing a Fuzzer for Nes Games
2021-11-08Defining (De)Centralization in a Useful Way (The thing you are supposed to be decentralizing is power)
2021-11-02Extending Fuzzy Message Detection to Groups
2021-09-09Rough Cut: Oblivious Transfer
2021-08-30Building a Home-made Hydrogen Line Telescope
2021-08-19NeuralHash, Semantics, Collisions and You (or When is a Cat a Dog?)
2021-08-16Revisiting First Impressions: Apple, Parameters and Fuzzy Threshold PSI
2021-08-12A Closer Look at Fuzzy Threshold PSI (ftPSI-AD)
2021-08-10Obfuscated Apples