Anonymity - great technology but hardly used
Message # 1
Date: Mon, 24 Oct 2005
To: practicalsecurity at hbarel.com
From: Hagai Bar-El
Subject: [PracticalSecurity] Anonymity - great technology but hardly used
Hello,
I wrote a short essay about anonymity and pseudonymity being technologies that are well advanced but seldom used.
Following are excerpts from the essay that can be found at: http://www.hbarel.com/Blog/entry0006.html
In spite of our having the ability to establish anonymous surfing, have untraceable digital cash tokens, and carry out anonymous payments, we don't really use these abilities, at large. If you are not in the security business you are not even likely to be aware of these technical abilities.
If I may take a shot at guessing the reason for the gap between what we know how to do and what we do, I would say it's due to the overall lack of interest of the stakeholders. Fact probably is, most people don't care that much about anonymity, and most of the ones who do, are not security geeks who appreciate the technology and thus trust it. So, we use what does not require mass adoption and do not use what does.
Anonymous browsing is easy, because it does not need an expensive infrastructure that requires a viable business model behind it; fortunately. A few anonymity supporters run TOR servers on their already-existent machines, anonymity-aware users run TOR clients and proxy their browsers through them, and the anonymity need is met. The onion routing technology that TOR is based on is used; not too often, but is used. The problem starts with systems that require a complex infrastructure to run, such as anonymous payment systems.
As much as some of us don't like to admit it, most consumers do not care about the credit card company compiling a profile of their money spending habits. Furthermore, of the ones who do, most are not security engineers and thus have no reason to trust anonymity schemes they don't see or feel intuitively (as one feels when paying with cash). The anonymous payment systems are left to be used primarily by the security-savvy guys who care; they do not form a mass market.
I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are deployed just to fulfill the wish of particular users then it may fail, because most users don't have that wish strong enough to pay for fulfilling it. An example for such an application (that requires anonymity by design) could be E-Voting, which, unfortunately, suffers from other difficulties. I am sure there are others, though.
Regards,
Hagai.
Message # 2
Date: Tue, 25 Oct 2005
From: lists
To: Hagai Bar-El
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
On 24 Oct 2005 23:31:34 +0200, Hagai Bar-El wrote:
I wrote a short essay about anonymity and pseudonymity being
technologies that are well advanced but seldom used.
If I may take a shot at guessing the reason for the gap between whatI think the answer is simple. In many cases, the markets are not there yet, and, in some cases, never will be. Technology is not an end, it is a means.
we know how to do and what we do, I would say it's due to the overall
lack of interest of the stakeholders. Fact probably is, most people
don't care that much about anonymity, and most of the ones who do,
are not security geeks who appreciate the technology and thus trust
it. So, we use what does not require mass adoption and do not use what
does.
For example, who cares about anonymous electronic cash and transactions built on it when you have regular cash and transactions built on it already deployed and working just fine? Cash can be exchanged for other cash. Cash can be laundered. Cash can be used to pay for things anonymously or pseudonymously. Etc. (Hell, if I don't want my credit card company to know something, I pay cash. In my mind, I am manipulating the profile the credit card company has of me, and these profiles essentially functions as a pseudonym.) Throw in credit cards, paypal-types, checks, money orders, etc. for online transactions, and the average person is all set. The situation may change (for example, if all cash is changed over to traceable electronic cash), but that day is not today (and who knows what other sorts of mechanism would crop up to compensate). (I know, I am blaspheming! This is just an example, afterall.)
As much as some of us don't like to admit it, most consumers do not(The credit system works fine with pseudonyms, as reputation is really what matters there. Credit cards themselves can function as pseudonyms.)
care about the credit card company compiling a profile of their money
spending habits.
Furthermore, of the ones who do, most are notPeople think in terms of meatspace while online. In other words, since they cannot necessarily see, feel, touch, hear, smell what they are interacting with, it does not seem real. As the knowledge of just how little your online activities are private continues to become more and more widespread, additional protections will be become more and more in demand. (This demand may not be for just standalone services, but, also, bundled services, such as pseudonymity services provided by your ISP as part of the bandwidth plan.)
security engineers and thus have no reason to trust anonymity schemes
they don't see or feel intuitively (as one feels when paying with
cash). The anonymous payment systems are left to be used primarily by
the security-savvy guys who care; they do not form a mass market.
While people may not understand how any of the anonymity or pseudonymity technologies work, they will still use the technologies. Reputation may play a big part in this regard, such as having a trusted name provide the services. Part of AOL's appeal is that it claims to protect people from the big bad Internet, and it provides proxies, email filtering, malware detection, etc. to do this for users and, in a sense, gives a light layer of pseudonymity.
Anonymous browsing is easy, because it does not need an expensiveTOR has caught on a bit because there is a demand for the service it provides.
infrastructure that requires a viable business model behind it;
fortunately. A few anonymity supporters run TOR servers on their
already-existent machines, anonymity-aware users run TOR clients and
proxy their browsers through them, and the anonymity need is met. The
onion routing technology that TOR is based on is used; not too often,
but is used. The problem starts with systems that require a complex
(snip)
People already want to hide some of their browsing, chat, and file sharing activity, but do not yet know how to do so effectively. They may clean their caches and histories, but they either do not realize this does not remove their footprint online (hard to do conceive in light of all these file sharing lawsuits) or just do not have the ability to do anything about their footprint online. If TOR had less noticeable degradation of network performance (so slow), were easier to use (or packaged in other service offerings), and was marketed by some mainstream outlets in a positive and instructive light, it would catch fire. (
owever, anonymity removes responsibility, and widespread usage of TOR could become its demise. Censorship and filtering seem the likely end result, unless pseudonymity is added.)
In other words, mass consumption of TOR has little to do with TOR being easy to deploy. That is relevant to whether people actually put it out there and keep it out there, especially as it grows in popularity. For end users, getting TOR out there has everything to do with TOR providing a simple on the surface, useful service that is relevant and beneficial to them today.
I believe that for anonymity and pseudonymity technologies to surviveI think markets will emerge for some of these technologies. And, as the technologies gain drivers, there will already be a great deal of background information, prototypes, etc. to simplify the roll out and adoption, since, as you stated, many people have been researching anonymity and pseudonymity for years now, and some have even built cool systems based on that research.
they have to be applied to applications that require them by design,
rather than to mass-market applications that can also do (cheaper)
without. If anonymity mechanisms are deployed just to fulfill the
wish of particular users then it may fail, because most users don't
have that wish strong enough to pay for fulfilling it.
-Andrew
Message # 3
Date: Tue, 25 Oct 2005
To: lists
From: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
Hi Andrew,
At 25/10/05 08:42, lists wrote:
People think in terms of meatspace while online. In other words, sinceYou bring up an important notion of "levels of trust in anonymity systems", which I did not address in the original post. Anonymity is Boolean in nature (at least by the eye of the beholder), hence: either I think that my identity is concealed or I don't think so.
they cannot necessarily see, feel, touch, hear, smell what they are
interacting with, it does not seem real. As the knowledge of just how
little your online activities are private continues to become more and
more widespread, additional protections will be become more and more in
demand. (This demand may not be for just standalone services, but, also,
bundled services, such as pseudonymity services provided by your ISP as
(snip)
However, various anonymity systems may have different levels of trust by users, which would lead to some people agreeing to use a system for their needs, while some don't.
When discussing bundled services giving anonymity such as ISP's bundling anonymity with their bandwidth plan we should determine not only if the proper specs are met, but also if the people who are considered to be the customers for anonymity will actually use this service. When it comes to anonymous browsing, it's hard to be optimistic. Service providers that offer an "anonymizing" proxy access service are not exactly lining up for IPOs even though they offer surfing anonymity in a very user-friendly outfit (much more convenient than TOR). Moreover, ISP's do give you some level of surfing anonymity today by using D
CP addresses, which is something we don't even count when discussing anonymous surfing. Simply put, we don't always trust the ISP or any other service provider.
Service-bundled anonymity is probably suitable for people who care about anonymity on one hand, but not too much, on the other.
If you rely on an anonymity service that is bundled with your bandwidth plan, you explicitly trust your ISP for not selling your surfing records to a spammer, and you implicitly trust the ISP's employees, the ISP's network security, etc. I am not trying to say that "outsourced anonymity services" are never worth it, but if we hope for more common use for anonymity to come from mass deployment through service providers then we should consider that some of the customers will find it non-useful.
In other words, mass consumption of TOR has little to do with TOR beingI agree. TOR is a good and convenient solution to an existent problem, and this is why it is being used. My point was that these people who like TOR can actually put it to use for modest costs. On the other hand, no matter how much these people may want anonymous monetary transactions, they cannot do it themselves. The latter requires an expensive infrastructure for which there is no business motivation, yet. Privacy-aware people, like you and I, are lucky with TOR because it can be deployed as a hobby. However, most other privacy mechanisms (such as for payment) require expenses that require a viable business model.
easy to deploy. That is relevant to whether people actually put it out
there and keep it out there, especially as it grows in popularity. For
end users, getting TOR out there has everything to do with TOR providing
a simple on the surface, useful service that is relevant and beneficial
to them today.
I think markets will emerge for some of these technologies. And, as theI sure hope so too. This will probably require many social changes that will make the masses appreciate privacy and anonymity enough to actually demand it and to prefer services that provide it. It's hard to see such good technology getting dust.
technologies gain drivers, there will already be a great deal of
background information, prototypes, etc. to simplify the roll out and
adoption, since, as you stated, many people have been researching
anonymity and pseudonymity for years now, and some have even built cool
systems based on that research.
Hagai.
Message # 4
Date: Tue, 25 Oct 2005
From: Yoav
To: Hagai Bar-El
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Mon, 24 Oct 2005, Hagai Bar-El wrote:
The problem starts with systems that require a complexThe problem with anonymous payment systems is that the financial system dislikes them. Many ventures tried to provide some form of anonymous currency. It usually works until it reaches critical mass and attracts the attention of the authorities. At this point, they block the path between the anon system and the rest of the financial system, thus making it useless. For a financial system to be relied upon, it must be backed by someone powerful (i.e. a large bank that has a huge vault full of gold). As long as the anonymous system doesn't have that power, it must be attached to the traditional system, and as soon as the link between the two systems is blocked, the anonymous system dies (or becomes only usable for small-volume business where the stakes are not too high). A similar situation exists for banking systems that support anonymity. Some countries have strong financial privacy laws, and are sometimes used for laundering money. In most cases, these countries are forced to comply with the international financial systems, because the international system blocks its access otherwise. The notable exception is Swiss, because it has its own strong banking system which does not rely on other systems.
infrastructure to run, such as anonymous payment systems.
Even in the Swiss case, the system had to comply with some US regulations for accounts belonging to Americans or trading in US stock markets.
Therefore, financial anonymity is not a technical problem but a political one. The technical aspects have been mostly solved, but we need someone strong to back it up. I doubt if anyone will, because such system will attract a lot of criminals and will soon lose its connection with the traditional system. We'll end up with "normal-money" and "thieves-money", and "thieves-money" will only be accepted if a large bank will be willing to back it up.
If the governments had their way, even cash wouldn't be anonymous. In fact, the EU is playing with adding RFID to bills.
As much as some of us don't like to admit it, most consumers do notActually, there is a group of people who do care enough to spend the effort and use strong anonymity. Unfortunately, these people give anonymity a bad name by abusing it. I'm talking about pedophiles and other lowlifes. If you've been following FreeNet's evolution, you can clearly see how it happens. The system provides filesharing with very strong anonymity and plausible deniability but is extremely slow and cumbersome. Takes you days to get a file. Low-stake users like copyright violators are not scared enough (yet) to require that much anonymity, but for a pedophile the stakes are higher so he's willing to spend the extra effort and time.
care about the credit card company compiling a profile of their money
spending habits. Furthermore, of the ones who do, most are not
security engineers and thus have no reason to trust anonymity schemes
they don't see or feel intuitively (as one feels when paying with
cash). The anonymous payment systems are left to be used primarily by
the security-savvy guys who care; they do not form a mass market.
As the sytem becomes more infested with this, it loses its legitimacy in the eyes of the public. Many servers are shut down by admins who don't want to harbor criminals, and eventually only privacy-fanatics and criminals keep the network going.
I guess the only way to avoid this pitfall is by integrating anonymity into systems in a way that keeps the system from being less convenient than other similar systems that don't offer anonymity. If this is impssible, we may have to wait until people get scared enough to want this infrastructure. Luckily, RIAA/MPAA are doing it for us. If they prosecute enough users, users will eventually agree to participate in the anon infrastructure to enjoy prosecution-free filesharing.
;-)
I believe that for anonymity and pseudonymity technologies to surviveE-voting is something I wouldn't touch with a 10ft pole. It has a bad public image as it is and linking anonymity to it will not do us good.
they have to be applied to applications that require them by design,
rather than to mass-market applications that can also do (cheaper)
without. If anonymity mechanisms are deployed just to fulfill the
wish of particular users then it may fail, because most users don't
have that wish strong enough to pay for fulfilling it. An example for
such an application (that requires anonymity by design) could be
(snip)
I think the killer-app will be filesharing due prosecution. Its something that enough people want and consider legit, and on the other hand, powerful organizations try to fight it (this improve the platform's immunity system). In order for general anonymity to ride this wave, someone has to write a filesharing platform which isn't limited for filesharing. As it grows popular, the filesharing users will bring the network to its critical mass and niche uses will be able to hide in it as well.
On a different note, Andrew mentioned the topic usualy referred to as 'reputation systems'. I also think many applications will require long-standing identity with reputations like the ones ebay uses, or slashdot's karma thing. However, I don't think it has to be built into the anonymity platform. Instead, there should be a pgp-based reputation system that works over the anon platform. A user will always be able to start a new identity but many users will prefer to do business with a user that has reputation. Its not a trivial system but as far as the anon platform is concerned, it just an application. I think reputation should be done per-application rather than at the platform level.
Regards,Bye,
Hagai.
Yoav
Message # 5
Date: Wed, 26 Oct 2005
From: lists
To: Yoav
Cc: practicalsecurity at hbarel.com, Hagai Bar-El
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
On 25 Oct 2005 16:09:57 +0200, Yoav wrote:
On Mon, 24 Oct 2005, Hagai Bar-El wrote:
The problem starts with systems that require a complex
infrastructure to run, such as anonymous payment systems.
The problem with anonymous payment systems is that the financial system...
dislikes them. Many ventures tried to provide some form of anonymous
currency. It usually works until it reaches critical mass and attracts
the attention of the authorities. At this point, they block the path
between the anon system and the rest of the financial system, thus making
it useless. For a financial system to be relied upon, it must be backed
by someone powerful (i.e. a large bank that has a huge vault full of
(snip)
Therefore, financial anonymity is not a technical problem but aAn anonymous payment system will need the acceptance of a critical mass of businesses, institutions, people, etc. such that it becomes useful for trade. Powerful entities, such as the financial community or big business, would be a strong incentive for adoption of the system, but a large number of little guys might be effective as well. A powerful entity might be able to make or break such a system with, say, a large control of the commodities (or force) backing a currency and/or with a strong reputation, but fighting strong market forces is not easy.
political one.
However, in order for any of this to happen, there needs to be strong economic incentives for mass adoption of such a system, such as micropayments, easy automation, ultra fast and cheap transactions, etc.
that facilitate easier trade and a new wave of markets. Anonymity is not necessarily going to be one of those big incentives, unless circumstances change quite a bit from what they are today (as my simple example in a previous post was meant to illustrate).
If the governments had their way, even cash wouldn't be anonymous. InTrue. And, governments can use force to eliminate systems they do not like to some degree. But, people often find a way to circumvent such controls, and trade will always go on. Eliminate cash as useful for anonymous payments, and other means will quickly pop up in its place.
fact, the EU is playing with adding RFID to bills.
Actually, there is a group of people who do care enough to spend the
effort and use strong anonymity. Unfortunately, these people give
anonymity a bad name by abusing it.
As the sytem becomes more infested with this, it loses its legitimacy inAnonymity has a limited role. Pseudonymity is where most value comes from, and it is doing quite well. Reputation matters.
the eyes of the public. Many servers are shut down by admins who don't
want to harbor criminals, and eventually only privacy-fanatics and
criminals keep the network going.
On a different note, Andrew mentioned the topic usualy referred to asThat is true. An anonymity layer could function as a base class, and pseudonymity services could be built on top. I think widespread deployment of an anonymity layer will result in it being almost completely wrapped with pseudonymity layers. (Perhaps I should think of TOR in this light.)
'reputation systems'. I also think many applications will require
long-standing identity with reputations like the ones ebay uses, or
slashdot's karma thing. However, I don't think it has to be built into
the anonymity platform.
-Andrew
Message # 6
Date: Wed, 26 Oct 2005
From: lists
To: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: [PracticalSecurity] [Re: Anonymity - great technology but hardly
-------- Original Message --------
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
Message # 7
Date: Wed, 26 Oct 2005
From: lists
To: Hagai Bar-El
Hey Hagai,
On 25 Oct 2005 16:09:57 +0200, Hagai Bar-El wrote:
You bring up an important notion of "levels of trust in anonymityThe level of trust in an anonymity system is different than the degree of anonymity provided by that system, but neither is boolean. I always view my identity as concealed to some degree, and there are trade-offs to be made. Like other systems, anonymity systems have strengths and weaknesses.
systems", which I did not address in the original post. Anonymity is
Boolean in nature (at least by the eye of the beholder), hence: either I
think that my identity is concealed or I don't think so. However,
various anonymity systems may have different levels of trust by users,
which would lead to some people agreeing to use a system for their
needs, while some don't.
If you rely on an anonymity service that is bundled with your bandwidthLikely, but not definitely. Say an ISP shipped a TOR client with default configuration (and other related software packages) in its software bundle. By using that TOR client, you have a degree of protection from your ISP monitoring your activities.
plan, you explicitly trust your ISP for not selling your surfing records
to a spammer, and you implicitly trust the ISP's employees, the ISP's
network security, etc.
I agree. TOR is a good and convenient solution to an existent problem,True, it's economics.
and this is why it is being used. My point was that these people who
like TOR can actually put it to use for modest costs. On the other hand,
no matter how much these people may want anonymous monetary
transactions, they cannot do it themselves. The latter requires an
expensive infrastructure for which there is no business motivation, yet.
Privacy-aware people, like you and I, are lucky with TOR because it can
(snip)
-Andrew
Message # 8
Date: Wed, 26 Oct 2005
To: PracticalSecurity at hbarel.com
From: "Travis H."
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are two problems with this; one, getting enough random data, and two, distinguishing the padding from the real data in a computationally efficient manner on the remote side without giving away anything to someone analyzing your traffic. I guess both problems could be solved
by using synchronized PRNGs on both ends to generate the chaff. The two sides getting desynchronzied would be problematic. Please CC me with any ideas you might have on doing something like this, perhaps it will become useful again one day.
On packet-switched networks, running full speed all the time is not very efficient nor is it very friendly to your neighbors. Again, if you have any ideas on how to deal with this, email me.
Many of the anonymity protocols require multiple participants, and thus are subject to what economists call "network externalities". The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. In this case, the fact that the HR person (a third party to the transaction) is using it forces me to buy it from Microsoft. Similarly, the more people use digital cash, the more likely I am to decide to use it. The more Tor nodes we have, the more high speed and close nodes there will be, and the more enjoyable the experience will be (assuming Tor is smart enough to use the close, fast nodes). For more information on network externalities, see the book "Information Rules", available from Amazon for just over $4.
Everyone working in IT or interested in computers should read that book.
Another issue involves the ease of use when switching between a [slower] anonymous service and a fast non-anonymous service. I have a tool called metaprox on my website (see URL in sig) that allows you to choose what proxies you use on a domain-by-domain basis. Something like this is essential if you want to be consistent about accessing certain sites only through an anonymous proxy. Short of that, perhaps a Firefox plug-in that allows you to select proxies with a single click would be useful.
It would be nice if the protocols allowed you to specify a chain of proxies, but unfortunately HTTP only allows you to specify the next hop, not a chain of hops. Perhaps someone could come up with an encapsulation method and cooperative proxy server that is more like the old cpunk remailers, using nested encrypted "envelopes" in the body of the request. Perhaps crowds or Tor already does this, I don't know.
Where anonymizing facilities fail are fairly obvious to anyone who has used them, listed in descending order of importance: ease of configuration (initial setup cost) ease of use
locator services for peers or servers
network effects (not enough people using it) efficient use of resources (see quote in sig about why this is the least important)
There are some technical concerns limiting their security: resistance to traffic analysis or trojaned software ad-hoc systems for crypto key updates or revocation
I think one way to encourage adoption is to amortize the cost of setup over a group of people. For example, everyone who reads this could set up a hardened co-loc box and install all the relevant software, then charge their friends a small fee to use it. An ISP could make these services available to their customers. An ASP could make them available to customers over the web. People could start creating open-source Live! CD distributions* with all the software clients installed and preconfigured (or configured easily through a wizard-like set of menus invoked automatically at bootup). With Live!
CDs in particular, you'd have a bit of a problem with generating crypto keys since the RNG fires up in the same state for everyone, but perhaps you could seed it by hashing the contents of a disk drive, or the contents of memory-mapped hardware ROMs (e.g. ethernet MAC address), network traffic, and/or with seed state persisted on a removable USB drive.
[*] See http://www.frozentech.com/content/livecd.php
I don't see a distro specifically for anonymity; if you have friends who want to create Yet Another Linux Distro, perhaps they could fill this niche. Two alternatives suggest themselves; a client distro for end-users and a server distro for people with a machine that's not doing anything. You'd just pop in the CD and it announces its availability to various locator services to act as a Tor, mixmaster, or whatever node. Again, keep me informed if anyone starts work on this.
--
http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Message # 9
Date: Wed, 26 Oct 2005
To: PracticalSecurity at hbarel.com
From: "Jörn" Schmidt
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
--- "Travis H."
[snip]
Another issue involves the ease of use when switching between a > [slower] anonymous service and a fast non-anonymous service. I have > aYou can already do the latter with SwitchProxy (http://www.roundtwo.com/product/switchproxy). Basically, it's a Firefox extension that saves you the trouble of going into the 'preferences' dialogue everytime you want to switch from one proxy to another (or go from using a proxy to not using one, that is).
tool called metaprox on my website (see URL in sig) that allows you > to
choose what proxies you use on a domain-by-domain basis. Something > like this is essential if you want to be consistent about accessing > certain sites only through an anonymous proxy. Short of that, > perhaps
(snip)
It works like a charm with tor and a local proxy.
It also has a "Anonymizer mode", which cycles through a list of proxies in an attempt to give you some kind of pseudo-anonymity (which I guess is good enough for many people).
Jörn
Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Message # 10
Date: Wed, 26 Oct 2005
To: Yoav
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
Cc: practicalsecurity at hbarel.com
Hello Yoav,
At 25/10/05 21:25, Yoav wrote:
I think the killer-app will be filesharing due prosecution. Its somethingI agree with your point. My next startup could be one that offers good anonymity for file sharing.
that enough people want and consider legit, and on the other hand,
powerful organizations try to fight it (this improve the platform's
immunity system). In order for general anonymity to ride this wave,
someone has to write a filesharing platform which isn't limited for
filesharing. As it grows popular, the filesharing users will bring the
network to its critical mass and niche uses will be able to hide in it as
well.
Thing is, I witnessed a thread on another mailing list in which it was pointed out (briefly) that anonymity protocols today, such as TOR, suffer from strong bandwidth penalty. This is true.
Using TOR for one session will show anyone how much annoyance anonymity protection can cause.
Given the low up-link speed most home users have, a well-anonymized file sharing system could be impractical for now.
I let in a posts by Travis H. and Jörn Schmidt which discuss this issue, even though it's a bit off-topic for this mailing list.
On a different note, Andrew mentioned the topic usualy referred to asI agree that reputation should be implemented above the platform level. I think it makes more sense by being more effectively linked to the world problem it tries to solve (which is naturally at a higher level than the platform).
'reputation systems'. I also think many applications will require
long-standing identity with reputations like the ones ebay uses, or
slashdot's karma thing. However, I don't think it has to be built into
the anonymity platform. Instead, there should be a pgp-based reputation
system that works over the anon platform. A user will always be able to
start a new identity but many users will prefer to do business with a user
(snip)
Anonymity should be solved as a platform issue (at least when discussing network-access anonymity), while reputation is an
application-level property and should thus be handled separately by the particular applications involved. It is natural to expect various applications to handle their own reputation systems in a way that they do not depend on each other (although I can imagine applications "consulting" each other according to some well-defined policy).
Hagai.
Message # 11
Date: Wed, 26 Oct 2005
From: Yoav
To: "Travis H."
Cc: PracticalSecurity at hbarel.com
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, 26 Oct 2005, Travis H. wrote:
Part of the problem is using a packet-switched network; if we hadI remember implementing something like that many years ago, based on an algorithm developed by Ron Rivest:
circuit-based, then thwarting traffic analysis is easy; you just fill
the link with random garbage when not transmitting packets. I
considered doing this with SLIP back before broadband (back when my
friend was my ISP). There are two problems with this; one, getting
enough random data, and two, distinguishing the padding from the real
data in a computationally efficient manner on the remote side without
(snip)
http://theory.lcs.mit.edu/~rivest/chaffing-980701.txt
Maybe this is what you're looking for ?
btw, in some implementations of onion-routing, a similar approach is taken. However, the tradeoff between link-efficiency and chaffing is a bit problematic when you have to traverse so many hops along the route.
In onion-routing, even the non-chaff data has to be sent to some bogus hops after the target receives them. Otherwise, analyzing the traffic (or the size of the onion's envelope) can tell an attacker (or the one-before-last hop) that the next hop is the real target. Thats why the envelope has a random-sized core, and often forwards the traffic to a random number of additional hops to hide the fact that the packet has reached its final destination. While this is not data-chaffing, it has a similar effect on traffic-analysis.
On packet-switched networks, running full speed all the time is notIt has been discussed in great detail in the navy's onion-routing mailing list back in 1997/1998 when the idea was first presented. I can't seem to find this discussion now, but I recall it was quoted in some Tor-related publications which you can probably find.
very efficient nor is it very friendly to your neighbors. Again, if
you have any ideas on how to deal with this, email me.
Many of the anonymity protocols require multiple participants, andOpenOffice/Gnumeric do the work for me. :)
thus are subject to what economists call "network externalities". The
best example I can think of is Microsoft Office file formats. I don't
buy MS Office because it's the best software at creating documents,
but I have to buy it because the person in HR insists on making our
timecards in Excel format. In this case, the fact that the HR person
(a third party to the transaction) is using it forces me to buy it
from Microsoft.
Similarly, the more people use digital cash, the moreTor is smart enough NOT to do that. It is generally a bad idea to prefer locality when it comes to anonymity. In fact, the recommendation is to configure your chain so that it'll go through countries that don't cooperate well, so that whoever tries to get cooperations of admins along the way will have a harder time doing so.
likely I am to decide to use it. The more Tor nodes we have, the more
high speed and close nodes there will be, and the more enjoyable the
experience will be (assuming Tor is smart enough to use the close,
fast nodes).
If your need is just a casual anonymity with no real adversary in sight, you can always configure chains with N=1, leave only nearby nodes in your list of hosts, and you'll get a rather fast operation. I wouldn't recommend doing so. :)
It would be nice if the protocols allowed you to specify a chain ofThe Tor envelope is an onion-routing envelope so you can probably configure it to do that. I've never tried though.
proxies, but unfortunately HTTP only allows you to specify the next
hop, not a chain of hops. Perhaps someone could come up with an
encapsulation method and cooperative proxy server that is more like
the old cpunk remailers, using nested encrypted "envelopes" in the
body of the request. Perhaps crowds or Tor already does this, I don't
know.
As for Crowds, I'm pretty sure you can't. The whole idea in Crowds was that there's no envelope to analyze, and the decision (whether to forward the packet to its final destination or to traverse another hop) is randomly made at each hop. I think the only thing you can specify is the requested probability for this decision. In theory, nothing prevents a connection-request to endlessly traverse the crowds network. Its just not very probably, but if a ship based on the magnificant Improbability-Drive passes by, its quite likely that new connections will hang. ;)
Where anonymizing facilities fail are fairly obvious to anyone who hasI think another important item is missing:
used them, listed in descending order of importance:
ease of configuration (initial setup cost)
ease of use
locator services for peers or servers
network effects (not enough people using it)
efficient use of resources (see quote in sig about why this is the
least important)
Immunity to side-band issues. For example, its useless to use any web anonymizer if your web browser sends your email address as the passwd to anon ftp sites, sends cookies which were created earlier without the anonymizer in place, or runs java applets and allows them to create direct connections or transmit arbitrary data. Even worse - even if your browser is properly configured and all your TCP 80/443 traffic goes through the anonymizer, there's still the DNS issue. Analyzing the DNS traffic can often associate the client with a specific request.
To prevent that, the anonymity system must include some service that covers ALL network aspects, strips all the identifying data, and passes ALL requests through the anonymizer. For web traffic, privoxy does a fairy good job when combined with an anonymizer.
There are some technical concerns limiting their security:ok, maybe this includes the above but I'm not sure so I'll leave it here anyway.
resistance to traffic analysis or trojaned software
People could start creatingOn many modern platforms, /dev/random gets enough entropy from designated noise-registers. On others, a script can keep the system busy in a way that generates a lot of random noise which /dev/random typically collects.
open-source Live! CD distributions* with all the software clients
installed and preconfigured (or configured easily through a
wizard-like set of menus invoked automatically at bootup). With Live!
CDs in particular, you'd have a bit of a problem with generating
crypto keys since the RNG fires up in the same state for everyone, but
perhaps you could seed it by hashing the contents of a disk drive, or
the contents of memory-mapped hardware ROMs (e.g. ethernet MAC
(snip)
For example, even on seemingly-identical systems, running a large "find -exec" operation that accesses files on a local disk seems to generate radically-different disk-timing measurements. On an embedded box with no physical storage and no user-interface, its a bit trickier (unless the ethernet is noisy enough to measure interrupt-timing and get some entropy.
Anyway, seeding a PRNG is a bit beyond our scope here.
[*] See http://www.frozentech.com/content/livecd.phpUnfortunately, Knoppix-STD (which was the most likely candidate for this) doesn't seem to include these tools. However, its fairly easy to customize knoppix to do that, and if some persistent-storage (such as a USB storage device or a local disk) is available, /dev/random state and generated keys can be easily stored as the unionfs's writable backend.
I don't see a distro specifically for anonymity; if you have friends
who want to create Yet Another Linux Distro, perhaps they could fill
this niche. Two alternatives suggest themselves; a client distro for
end-users and a server distro for people with a machine that's not
doing anything. You'd just pop in the CD and it announces its
availability to various locator services to act as a Tor, mixmaster,
(snip)
Knoppix already does that, so its just a matter of doing the right apt-get operations and remastering the image. I don't have the time to do that, but since I did a lot of LiveCD customizations in the past, I can help whoever wishes to create something like that.
Cheers,
Yoav
Message # 12
Date: Wed, 26 Oct 2005
From: Yoav
To: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, 26 Oct 2005, Hagai Bar-El wrote:
Given the low up-link speed most home users have,Not necessarily. If the system is configurable and each client can specify how many hops it wants to use and at what probability, it can be made anonymous enough for most users, with a reasonable performance penalty. High-risk users and general paranoids will be able to increase this parameter and get better security in exchange for poorer performance.
a well-anonymized file sharing system could be impractical for now.
In many countries (such as Canada), it'll prevent cases from even getting to court because the ISP will not be allowed to reveal the user's true identity if there's a reasonable probability that the user is an "innocent bystander". For example, if you calibrate the system to use the next hop at a uniform probability of 0.51, it means that the IP doing the filesharing is more likely to be a bystander than a criminal, in which case the laws in some countries will prevent the ISP from even revealing the user's identity. On the other hand, about half the time, the user will actually get the same performance as he would without anonymity, and the rest of the time, he'll have some degradation which is still reasonable in most cases. Of course, standard IANAL disclaimer applies.
Yoav
Message # 13
Date: Thu, 27 Oct 2005
To: Yoav
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used
Cc: practicalsecurity at hbarel.com
Hi Yoav,
At 26/10/05 23:40, Yoav wrote:
On Wed, 26 Oct 2005, Hagai Bar-El wrote:I like the idea, but here I believe we mix anonymity with non-traceability (at least from the legal perspective).
Given the low up-link speed most home users have,Not necessarily. If the system is configurable and each client can
a well-anonymized file sharing system could be impractical for now.
specify how many hops it wants to use and at what probability, it can be
made anonymous enough for most users, with a reasonable performance
penalty. High-risk users and general paranoids will be able to increase
this parameter and get better security in exchange for poorer performance.
In many countries (such as Canada), it'll prevent cases from even getting
to court because the ISP will not be allowed to reveal the user's true
(snip)
Indeed, in many cases, the motivation for requiring anonymity would be to prevent tracing you back in a way that you can be found liable for your connections in court. However, in many other cases the motivation of anonymity is anonymity per se, hence: preventing anyone (such as the file uploader) from identifying you as the source of the connection. When this is the case, using your approach will mean that the destination server will know in 50% of the times who you are (he may or may not have a convenient way of checking out if he is right or wrong). Also, even if you hit the 50% chance for protection, in 50% of these cases he has only one entity to bribe so to get your identity.
aving anonymity that is based on one entity (at most) is not considered good enough. Of course, you may set it higher, but then again you have the performance thing...
Hagai.