On 14/10/2020 18:22, jim bell wrote:
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new:
1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data.
And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.
The problem is that a reliable cheap anonymising network for low-latency traffic like web traffic is basically impossible. Tor is about as good as we can get. When I was designing m-o-o-t I didn't include any web anonymiser for that reason. The problem is traffic volume and latency. If we want low-latency web traffic - nowadays [1] that's less than 4 seconds - we can't include fixed file sizes with realistic constraints on traffic. To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud. Ouch.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
Like fixed file sizes - essential for anonymity - chaff and covertraffic takes too much traffic, see above.
3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data.
That doesn't work - the users want to connect to any web server somewhere. You could enforce eg TLS but even that does not hide file sizes..
4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical.
Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to
That's OK if you are doing development, but not for production - unless the users decide the routing, as in eg Mixmaster. But you can't (or shouldn't) use an anonymiser if you don't know whether it is going to work!
TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.
I was at some of the early meetings when Roger Dingledene, Paul Syverson, Lucky Green, Nick Matthewson, Len Sassaman, myself and others were talking about a web anonymiser, which later became Tor. Other people at those meetings included many if not most of the top anonymity researchers, and some of the top cryptographers, in the world at that time. Tor was not conceived as is was by accident or in ignorance [2], many people (including myself) thought it was about the best that could be done. Roger's thought was that TOR would make mass surveillance difficult and it would be worth doing for that reason, even though it wouldn't prevent targeted attacks by major adversaries. At a set of meetings the next year Roger had gotten some funding, iirc from the US Navy, and Nick had started work on coding. I bowed out almost immediately, Len and Lucky bowed out after a while, because we knew it couldn't be done securely on the user level. After that I pretty much lost interest, though I did keep an eye on the project. The problem is that it's a super Zooko's triangle - you simply can't get reliably anonymous, low-latency and cheap anonymous web traffic. You probably can't even get reliably anonymous and low-latency, at any price. Peter Fairbrother [1] Acceptable low latencies vary according to use and user expectations - fifteen years ago people would wait 20 seconds or more for a web page to load, nowadays they lose interest at 4 seconds. Actually maybe less now, that figure is several years old. And for interactive speech or video latencies should be subsecond. [2] or with evil intent, at least from Roger and Nick. I don't think Paul had any evil intent either, but he was USN and is therefore suspect. It's like my friend from GCHQ - we are friends and we were sort-of colleagues until I retired, but it's a bit like having a policeman live next door - even when you have done no wrong you are always aware that he is a policeman. One curiousity, the .onion part of the TOR infrastructure was largely driven by Paul.