-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/19/2017 08:04 AM, Georgi Guninski wrote:
On Sun, Feb 19, 2017 at 12:59:24AM -0500, grarpamp wrote:
Reviewing designs... designing against threats... tracking proof... three areas. Do it, get funding, make yourself a star.
Does theory allow anonymity in the presence of sufficiently powerful network adversary?
I think that depends on the performance of the anonymous networking tool in question. Generally speaking, higher speed and capacity equates to lower security. High bandwidth, low latency connected protocols present the worst case scenario; low bandwidth, high latency unconnected protocols present the best case scenario. As an example, providing "normal" http performance on an anonymous overlay network (the TOR scenario) presents a huge attack surface. An adversary who can observe the majority of the physical network infrastructure all at once can use traffic analysis to trace connections from end to end; a lesser adversary could stand up enough routing nodes to be the majority owner of the overlay network and both passively observe and actively manipulate traffic to achieve the same goals as a global observer at a tiny fraction of the cost. (VPN connections from a cloud server farm to numerous remote hosts solves the problem of running centrally controlling nodes that /appear/ to be independently operated.) At the opposite end of the scale, imagine a network of NNTP servers that carry only PKI encrypted posts, distributing everything posted to all users. The users' local installations would try their owner's keys against /all/ the messages, writing those that decrypt to an inbox folder. Here, traffic analysis and/or majority ownership of nodes would be more or less useless; one good attack would be to overwhelm the network with flood of bogus message traffic. Countermeasures to this attack could include a web of trust arrangement, and configuring the nodes to only store and forward messages signed by "trusted" users; at least this would force an adversary to do some work to flood the network with garbage.
What are the disadvantages for better anonymity? (using one time device isn't cheap and requires to find device)
I believe it is reasonable to expect better anonymity to /always/ involve performance hits in latency, bandwidth, and local resource usage, relative to "normal" routing protocols. In practical terms, today's anonymizing technology /probably/ imposes sufficient delays on the identification of users and who is talking to whom that physical anonymity - i.e. making only brief connections to open wireless routers at locations where one is not seen coming and going - should provide "really good" anonymity. Of course one must prevent the hardware from leaking identifiers via RF or TCP/IP vectors. Conversely, repeatedly using anonymizing network protocols from one location provides cover against low powered adversaries, while top tier adversaries who by definition will know "who you are and who you communicate with" may be restrained from hostile action by their reluctance to disclose the existence of "sensitive sources and methods." That is, until or unless they find your activities /really/ annoying, and spend a little money / take a little risk setting you up for a series of unfortunate events that won't be attributed to them. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYqcVoAAoJEECU6c5XzmuqJPEIALZ4u2wDz8rY9f+xP+vlGxLs +tLwmeQsmT7kdiD0yKlzItyeWk58O0yeeptdihvs/nxGMrlI3MPjeVspzKCQL+03 S3ynjScVtSVv2W96v0HIMOCIBcVMyaOaSsUD89F9yB+RNotg16nze3WvF80HtULp xiz3E9okFIwN7eQ4+7q0n0tyc+y5HEwArczfDU1hZDj8j4anMxVWhHEzJ6Bwtavg pePdqh/+d10ocoYXxiE1k0aSahhXWa27xn8dQ9ynBW3oS+tE+Z4eA/XrwZ8oAKez +3NyGeEAEVNNngeK06mgH1ewdn5AHVMBA86l56kA5t5LUos6yqUhJa2+MQ4EhQk= =0gju -----END PGP SIGNATURE-----