Re: A new system for anonymity on the web
Adam Back, <aba@dcs.ex.ac.uk>, writes:
Hal Finney <hal@rain.org> writes:
Theoretically, at least for long downloads, passing through multiple slow links shouldn't slow down the transmission,
I'm not sure that this is so. [...] When Alice and Bob are online, consider that they are actually using their bandwidth most of the time. I know I do; if I'm not using it I hang up, with pay per second phone lines, you're likely to.
Actually here in the U.S. most people have access to unmetered Internet access these days. Local and national ISP's are almost always that way, and AOL offers that option now as well. I find that I tend to browse in "flurries", paging around a bit, then settling down to read for a while. But you're right, I did not consider the interference among multiple paths running through a jondo. That issue applies to the higher speed links as well. If average path length is n, then on average there will be about n paths going through each jondo (assuming all "home" jondos have set up paths). So the question will be whether the average person uses more than 1/n of the bandwidth available during the time he is connected. This will no doubt depend on the pricing model for Internet service, as you suggest.
just increase the latency. I don't have a very clear picture about how long it would take to snake in and out of a bunch of people's modem lines en route to the web server.
I'm sure it's going to increase the latency too. My ping times are 200ms from the PPP link alone (ie pinging the PPP server machine itself). Add to this that the members of the jondo / crowds pool may not be on the same ISP, and you've got the additional overheads of whatever latency is added by the cumulative latency between each of the hops in the chain.
Yes, latency would be cumulative, and I just tested mine and found it was 160-220 ms, about the same as what you saw. So running through say 5 jondos at the end of modem paths would add about a second of latency. I think this would be fine if it only happened once per web page, but almost intolerable if it was once per tiny picture.
I wonder if you could improve the security of this by trading off against some additional bandwidth consumption for the ISP. Say have split the jondo in half, with two cooperating half-Jondos acting as a single virtual jondo in such a way that someone with root access on one machine but not the other, can't extract any useful information by spying on that half of the jondo.
This is an intriguing idea. Secure multiparty calculation protocols allow calculations to be made such that neither machine would have access to all the data. It is an interesting question how this could be applied to the anonymous communication problem. In this specific case, if the Crowds system were enhanced so that end-to-end encryption was used (which seems very practical and useful), you could run a jondo on your PC whose only function was to link to the jondo on the ISP and then set up the additional path through the jondo net. The path between your local PC jondo and the end one in the path would be encrypted, so even root on the local ISP could not see the contents of what you send down the jondo path. He might still be able to see when you were sending and when not, but he couldn't tell where it was going. Hal
Hal Finney <hal@rain.org> writes:
Adam Back, <aba@dcs.ex.ac.uk>, writes:
When Alice and Bob are online, consider that they are actually using their bandwidth most of the time. I know I do; if I'm not using it I hang up, with pay per second phone lines, you're likely to.
Actually here in the U.S. most people have access to unmetered Internet access these days. Local and national ISP's are almost always that way,
Yes I know, and I'm envious :-) My web viewing habits suffered badly when I was no longer able to use univ equipment to play on a T1 all day instead of write a thesis. I suffered withdrawl symptoms.
So the question will be whether the average person uses more than 1/n of the bandwidth available during the time he is connected. This will no doubt depend on the pricing model for Internet service, as you suggest.
You can't just average it though and get a true picture. It will cause degradation of the peak available bandwidth out of your modem. You metioned browsing in flurries. If your flurry coincided with someone else's, you'd get a major slow down. If someone downloads a big file, for 15 mins, you're stuck at half speed for that interval. You'll notice this stuff when you're browsing the web and it will be annoying as hell! Your actual available bandwidth will fluctuate between 1/n and 1 where n is the no. of hops as people change their bandwidth consumption. The eternity server model allows anonymous browsing within the eternity virtual web space. To the extent that you trust the eternity server if you have an eternity server running in your shell account (provided that the webserver is apache). If it's coming out of the server's cache you're ok, if it's coming from a newspool on a disk local to the server, you're ok. Other than that you'll see the accesses going out to dejanews or altavista. But you can't cache all of usenet some of the most hot stuff which you may not want to be associated with is the sort of thing eternity is designed for. Later versions of eternity perhaps can set up pipenets between eternity servers and exchange cache contents, charge to keep data in caches, and so form their own anonymous distributed database rather than relying on news archives. If you set up a pipenet between the servers you could do something similar to what you describe below with jondos.
Say have split the jondo in half, with two cooperating half-Jondos acting as a single virtual jondo in such a way that someone with root access on one machine but not the other, can't extract any useful information by spying on that half of the jondo.
This is an intriguing idea. Secure multiparty calculation protocols allow calculations to be made such that neither machine would have access to all the data. It is an interesting question how this could be applied to the anonymous communication problem.
In this specific case, if the Crowds system were enhanced so that end-to-end encryption was used (which seems very practical and useful), you could run a jondo on your PC whose only function was to link to the jondo on the ISP and then set up the additional path through the jondo net. The path between your local PC jondo and the end one in the path would be encrypted, so even root on the local ISP could not see the contents of what you send down the jondo path. He might still be able to see when you were sending and when not, but he couldn't tell where it was going.
Viewed from outside the jondo net (where the jondos function on the ISP) would be an opaque series of pipenets with contiuous bandwidth consumption and a flurry of connections to web pages sprouting off different jondos. Your modem connection would be a small pipenet link feeding into the large bandwidth jondo pipenet. The flurrys would be impossible to correlate with users. To avoid placing all trust with one jondo, you'd need bi-directional anonymous WEB traffic within the jondo net with multiple layers of encryption, so that jondos don't know where the data is going beyond the immediate hop. You know we could do this if we were willing to pay for the bandwidth. The ISPs probably won't like PipeNets though as they oversell and rely on underutilisation of sold bandwidth. If it worked out to a reasonable price for the modem user to browse the web, it might be viable.
Yes, latency would be cumulative, and I just tested mine and found it was 160-220 ms, about the same as what you saw. So running through say 5 jondos at the end of modem paths would add about a second of latency. I think this would be fine if it only happened once per web page, but almost intolerable if it was once per tiny picture.
Doesn't netscape do the right thing for what you want here? I think it's option to set maximum network connections (default 4) means that it will open multiple sockets to fetch the images on the page in parallel. If you load a page with multiple largish pictures you can see it happen as they all scroll down scan line- by scan line in parallel. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (2)
-
Adam Back -
Hal Finney