On 16/10/2021 06:45, grarpamp wrote:
On 10/15/21, Peter Fairbrother <peter@tsto.co.uk> wrote:
Nothing about a base layer of chaff prevents "low-latency browsing" as an application.
Except the increased bandwidth cost. And if you have to have padding between each node, or on each link, that becomes very expensive. Suppose you want to download a bloated web page of 4MB in 4 seconds then your base flow is >1MB/s. Running that 24/7 for a month, that's 2.5 TB per month. 500 times more than an average user's 50 GB/month.. [there are of course other issues regarding latency in a base-chaff-flow web system]
Tor has vacuumed up, propagandized, sucked the funds from, steered via proceedings, and effectively killed all the competitive research and development in the space for last 20 years.
Yep. Totally agree there.
An entire class of TA is solely based on matching up i/o across all nodes to find matches. Certain things don't matter to such matching engines.
Grandma Eggs Suck.
Not if it was a randomly-variable one year delay they couldn't.
If your app is "browsing", or doing any other TCP stream, yes they can, such streams have other identifiable traffic characteristics than just arrival and inter packet timing, such as total size of transfer, TCP ramps, backoffs, etc.
Not even vaguely. Total size of transfer - compared between whom? UserA and .onion1? But some on userA's and most of .onion1's traffic will be to other people. so how does comparing their total size of transfer over a year help? Plus, with a randomly-variable delay, how do you accurately know the amount of traffic sent in your year? TCP ramps - but he doesn't have any close-grained timing info, so how does the adversary detect when TCP ramps happen? Backoffs - but he doesn't have any close-grained timing info, so how does the adversary detect when backoffs happen? [skip TCP stuff] All very well, but how do you do anonymous browsing without TCP? (I actually agree that TCP sucks in this case, but it isn't a total deal-breaker if the TCP data in the packet headers is encrypted - plus allowing a little padding and timing jitter here and there. And browsing without TCP / over UDP is probably doable, but it wouldn't be browsing as we know it) The TOR people (well, at least some of them - some may have had other agendas) wanted to anonymise web browsing as it existed then, a laudable aim. However that means TCP, that means low latency, that means low added cost - remember the 8th law, "A system which is hard to use will be misused, abused and unused", and that "hard to use" includes expensive in terms of resources or money or time - and against a gpa that was and is not achievable. They "settled" for some kind of anonymity against lesser adversaries, but their rationalisations of that motive suck.
I don't know of any strict anonymity p2p apps.
Not sure what you mean.
Without a need to trust anyone except the math.
Though there's no such thing as 100% anonymity, security, etc... there are certainly different comparative magnitudes of it available today, and higher ones are probably quite achievable with some work on new alternative models.
Examples? Peter Fairbrother