On Tue, Jan 26, 2016 at 3:09 PM, juan <juan.g71@gmail.com> wrote:
On Mon, 25 Jan 2016 10:25:20 -0500 Paul Syverson <paul.syverson@nrl.navy.mil> wrote:
"20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables" available at http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0002/popet...
As far as I can see, most if not all of the paper deals with a way to organize information about 'network topology' but there's no concrete data regarding which systems/relays/cables/people/IXPs/ASs/whatever are 'compromised'.
...though the section on cables and cooperation between so called nation states seems to suggest that virtually all the world's infrastructure is 'compromised'?
The USA and Soviets have decades experience tapping cables around the globe in a cold war sense. The USA/FVEY has top secret blackops and administrative via corp partnership and various legal and extralegal access to extensive cable, hardware, and organizational assets around the globe. It is simply foolish to not assume that the world is highly compromised by these actors. Snowden and all the other surveillance and bigdata news and political rhetoric have been telling you that for over a decade now. You might be safe if you are in a locale untouchable by these actors, conduct all your activities in that locale, and have no similar local adversaries.
Also, is there a more concrete analysis of what can be achieved by monitoring traffic on those cables?
Did you just push a bunch of packets over time into your ISP and have google send replies back? Well, they can see both ends, so they saw that traffic pattern in and out, and back in and out, so they know who's talking to who and when.
Specifically, how easy it is for your government to find users and especially servers in the tor network or similar networks (i2p, freenet etc)
In addition to simple taps, they can also deploy passive or active nodes in any of these networks at will. And use all the tools to perturb things in favor of their efforts. Tor and other networks are good at hiding endpoints (users, servers) from each other, keeping traffic content encrypted over the wire, letting you anonymously publish and consume stuff among other users that isn't really of interest to (against) such adversaries (and thus won't get you killed or jailed or disappeared (but will still get you databased for life)), and getting around some censorship. That's probably about it. However when it comes to such global (and regionally lucky) passive adversaries, and adversaries operating the networks themselves, I seriously doubt anyone can say with a straight face that these networks protect against network analysis... who is talking to who and when. It would be harder for that analysis to succeed against networks that filled between all the nodes with fill traffic when unused and not needed for user traffic. (And in the sense of Tor, between clients and some number of guards). But that's hard to design so that it is functional. And no one in the overlay network / messaging field really seems to be trying it. Mindset, OMG bandwidth, probably buzzkills most research before it gets started. Here's some recent mostly tor specific threads if anyone's interested, plus whatever else has come up whenever I've mentioned this. https://lists.torproject.org/pipermail/tor-dev/2016-January/010257.html https://lists.torproject.org/pipermail/tor-dev/2016-January/010290.html
There's also mention of 'user beliefs' and 'trust'. That strikes me as weird. You seem to be saying that routes can be choosen according to users' beliefs, not according to real world facts? It doesn't matter if system X is hostile, what matters is what the user believes about system X?
Users often have better knowledge of the laws, operations and general feel in their countries and locales and areas of expertise than a handful of distant project maintainers largely based in one geopolitical exposure might have. You can download science, but you need more than that to win a street fight.