On 15/10/2021 11:07, grarpamp wrote:
Anonymity is hard, and low-latency anonymity is almost impossible.
People keep throwing this "low latency" term around as if it's some kind of distinction, a proven generality, lesser capable to anonymity, than any other particular "latency" level. This is bogus.
There is a smigdin of truth in that, but there's probably more in the simple use of the term low-latency, or perhaps I should have said low-latency browsing. You might perhaps do a reasonably low latency anonymous twitter for instance, but not low-latency anonymous browsing.
Latency is just a timing measure, whether your traffic events, sessions, and characteristics occur over milliseconds, or days, traffic analysis doesn't give a shit.
It can matter if traffic is aggregated and an adversary can only see the aggregated traffic. It can matter if the adversary uses timing information to correlate the input and output traffic to a network (which he almost inevitably does). You could drop a 1 year
store and forward packet buffer delay on every interface in the entire tor cloud and the NSA could still analyze it.
Not if it was a randomly-variable one year delay they couldn't. Or if you took the timing data away. If it was like that, Tor could (and probably would) add a little bit of packet size restriction, and that would probably be enough to make it TA resistant.
That's because tor's design is hardly TA resistant, not because it's "low-latency".
It's not TA-resistant because the design requirement for low latency buggered the design. You could add lots of covertraffic but it wouldn't help much - the lack of aggregation kills it as far as TA goes. And the reason for the lack of aggregation (and no fixed packet sizes) is because they wanted low latency.
They also use it as apology and to avoid doing dynamic base of chaff, because they are application layer7 people who don't understand how raw packet networks work at <=L3 and how to use them to run a base layer of dynamically yielding chaff to ride your wheat over on demand.
I think you are being overly optimistic/simplistic here. That is not the only way to go, though it was famously used in eg the US-USSR hotline. It is expensive. And a simple base layer wastes bandwidth. Techniques like randomly-variable base rates, traffic aggregation, end-user sharing (which among other things blurs the edges of the network), directed covertraffic (where the covertraffic looks "guilty"), route splitting, latency jittering and so on are available to defeat TA at lesser bandwidth cost.
Fixed sizes of cells, etc.
Yeah, that's almost a requirement. Certainly makes life easier.
"Low latency" really just defines the point at which users switch from thinking "Hey this is fast enough to surf the web (or whatever their use case)", to "This shit's too damn slow to do anything, I'm out."
Which is about 4 seconds for web browsing today (a few studies have been published), .. though in the days of acoustic modems it was longer ..
Anonymous remailers could work
They're a bit harder since a "message" gets injected into a proper random mix/cloud/buffer, and is not an e2e stream tacked up across it. Yet without chaff on every link, message size controls, etc... they can still fall to TA the same way tor does.
Iirc Mixmaster has message size control. It doesn't have or need specific per-link chaff, but it does have chaff - nobody knows/knew how much, it was added by individual users. Per-link chaff might help against some injected traffic attacks, but it is not strictly necessary.
but they are pretty much moribund now.
Still useful if you want to use "E-Mail" addresses over "E-Mail" networks, and should continue to be developed and deployed for that legacy purpose. But for the general purpose of "messaging" they are largely now rightly replaced by dedicated p2p message network apps that don't have to compromise themselves to "E-Mail"s old protocol restrictions and trust model.
I don't know of any strict anonymity p2p apps. Peter Fairbrother