Nitpicking over the threat model and "breaking Pond"

Question

Nitpicking over the threat model and "breaking Pond"

sycamoreone opened this issue 10 years ago · 0 comments

The Technical documentation states that

Pond assumes the existence of an overlay network that prevents a network attacker from learning which servers a user is connecting to. [...]
Since a global, passive attacker can deanonymise Tor, that attacker is capable of violating this assumption and breaking Pond.

This is unfortunately true but not actually a "break of Pond" according to the threat model, which allows that

A GPA can learn who is using Pond and where their home servers are located.

A GPA can learn when messages are sent to a non-home server and which server that is.