Fwd: [Cryptography] A possible alternative to TOR and PrivaTegrity without backdoors
---------- Forwarded message ---------- From: Bill Cox <waywardgeek@gmail.com> Date: Sun, Jan 10, 2016 at 9:38 AM Subject: [Cryptography] A possible alternative to TOR and PrivaTegrity without backdoors To: "cryptography@metzdowd.com" <cryptography@metzdowd.com> This is an old idea, but perhaps now there might be more reason to consider it. I currently call this idea Alias. Here's my dumb data-dump on it. Thoughts? Alias is a concept for a TOR-like Internet protocol supporting free speech and user privacy, but without encouraging the worst evil behaviors. Exit Nodes are replaced with Public Gateways, which sponsor users. The definition of evil behavior is defined by the Public Gateways and operators of routing nodes. Users would be encouraged to use good behavior, as their public alias would develop a reputation over time. Anonymity would be protected, but a user's Public Gateway and any routing node could refuse to route data for aliases with poor reputations. TOR was created with a lofty goal: to support free speech. Unfortunately, TOR has drawn attention from governments and law enforcement, as it could be used to protect some of the worst activities, such as contract killing, and the slave trade. TOR Exit Node operators generally follow a strict policy of never looking at traffic, because simply observing this traffic would require Exit Node operators in most countries to regularly contact law enforcement to report crimes. PrivaTegrity is an alternative protocol to TOR, which aims to find a balance between protecting free speech and protecting the world from the worst behavior. Unfortunately, the PrivaTegrity inserts encryption backdoors. Alias Design: This is very much a dumb idea in the half-baked stage. Feedback and ideas are welcome. Alias would be a fork of TOR, and route Internet traffic from a user's machine through a couple of Routing Nodes, to a Public Gateway, which replaces the Exit Node. The Public Gateway would have an account for the user, under a pseudonym used on Alias network by the user, called his alias. The Public Gateway should keep an email contact address for the user, similar to regular accounts on various web sites. In Alias, user aliases would have trackable reputations, and the reputations of user aliases would be combined into a reputation for a Public Gateway. At a minimum, incident reports would be used to compute user reputations. Exactly how this works is TBD, but the goal is to cause gateways with very poor reputations to be effectively blacklisted by routing nodes, and for users with poor reputations to be dropped by reputable gateways. Users could move their alias from one gateway to another when needed, but they could not erase what their previous gateway knows about there identity. The Gateway would not know a user's location, and in many cases will know nothing other than the user's reputation and email address. When requested by a government authority, at a minimum, a gateway can drop support for a user alias, causing that alias to try to find a new gateway that will agree to sponsor it. Participants who act as routing nodes in Alias would be able to select what sort of reputations they require from aliases and Gateways to allow traffic to be routed through them to those gateways. They could, for example, choose to not route data for any gateway with a high reputation for routing to pornography sites. I compare the TOR, PrivaTegrity, and Alias concepts in several "threat cases" below: Threat Case: Governments Overreact to Terrorism In this case, we assume all the governments involved have decided to share all user network traffic in a mass surveillance program. The user Alice has something to say, such as wanting to tell the world that the mass surveillance program exists. TOR: Alice succeeds in using TOR to log into various blogging sites and publishes her knowledge about the surveillance program. Unfortunately, TOR provides limited defense against the Men in Black (MiB), and Alice may be arrested. The MiB is assumed to compromise TOR in various ways, such as operating many Exit Nodes and monitoring meta-data such as packet timing and size between nodes. PrivaTegrity: With the assumption that all governments involved are colluding, Alice is revealed directly, without having to subvert the protocol. Alias: Alice needs a Public Gateway to sponsor her. She can choose a gateway with a reputation of sponsoring free speech, such various newspapers, in a country that is not participating in the mass surveillance program. When Alice posts what she knows to various blogs, the Public Gateway (newspaper in this case) will be the the one defending her anonymity. In any case, even if the newspaper is forced to reveal what they know about Alice, they never knew her location. Conclusion: Alias seems to provide better protection of free speech in this case. Threat Case: A Single Government Blackmails the Rest Suppose one of the governments involved decides to use it’s influence in the protocol to blackmail one or more of the other governments involved into agreeing to some political agenda. TOR: If the government were the USA, it might have unique powers to track users through the TOR network. If true, the USA could refuse to reveal a French suspected terrorist unless the French government share mass surveillance data collected on it’s citizens. Is this sort of thinking too paranoid? PrivaTegrity: With nine separate governments who must collude to expose a user, it is possible for any one of the nine to blackmail the rest. For example, if tracking down a particular user is of critical importance to one government, another could demand certain trade policies be agreed to before allowing that user to be revealed. Alias: A country containing the Public Gateway sponsoring a user might make political demands from another country before agreeing to force the Public Gateway to reveal a user’s email address. However, this coercion is weaker than weaker than the TOR case because there is no country with majority control, and weaker than the PrivaTegrity case because a government can coerce cooperation only from Public Gateways in its country. Conclusion: While none are immune to this threat, Alias seems to perform better in this case. Threat Case: Hackers Compromise the Network In this case, a group of hackers wants to reveal the identity of a particular user. TOR: There is little chance that the attacker can hack all the nodes from the user to the Exit Node, and since the Exit Node has no information about the user, there seems to be little chance that the hacker can reveal the user’s identity, short of bugs in the protocol. PrivaTegrity: While hackers might hack one or more of the nine governments, it would be a considerable task for the hacker to hack them all. However, it is possible, and this is a weakness vs TOR. Alias: The hacker need only hack the user’s chosen Public Gateway, which is a considerably simpler task than with PrivaTegrity. Conclusion: Hackability of Public Gateways is a significant weakness for Alias compared to the other two. Threat Case: Evil Users Secretly Collude In this case, suppose there is strong evidence that several evil users wants to collude to do something terrible, and they want to communicate anonymously. For example, they could be running a contract-killing business or enslaving people and selling them on the Dark Web. TOR: Unfortunately, evil behaviors have been enabled in some cases over TOR. PrivaTegrity: The users involved in such evil activities can have their communication secretly wiretapped. This is a strong capability for law enforcement in this case. Alias: Assuming reputable Public Gateways are used, most of the users’ emails would be revealed to law enforcement. This is weaker than a wiretap. Conclusion: In the case of severe evil, PrivaTegrity performs the best, Alias next best, and TOR the worst. Threat Case: Somewhat Evil Users Secretly Collude What is evil vs good is highly subjective, and getting people to agree can be difficult. In this case, the users are engaged in what most reasonable people consider evil. For example, consider illegal trade in ivory, which could lead to the extinction of wild elephants. TOR: Users trading in ivory likely would benefit from using TOR. PrivaTegrity: Having to get cooperation from nine governments may be too painful when tracking down a single ivory trader, and the ivory trader likely could use PrivaTegrity to their advantage. If, on the other hand, the nine governments put in place a rapid rubber-stamp process to enable going after small-time criminals, then this capability can be highly abused. Alias: Ivory traders would avoid using Alias through reputable Public Gateways, since their identities could easily be revealed¸ and the sites the traders visit to buy/sell ivory would not likely be very reputable, lowering their alias' reputation. Conclusion: Alias seems to perform better at determine somewhat evil behaviors. Bill _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Very interesting, grarpamp. On 01/10/2016 04:38 PM, grarpamp wrote:
---------- Forwarded message ---------- From: Bill Cox <waywardgeek@gmail.com> Date: Sun, Jan 10, 2016 at 9:38 AM Subject: [Cryptography] A possible alternative to TOR and PrivaTegrity without backdoors To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
This is an old idea, but perhaps now there might be more reason to consider it. I currently call this idea Alias. Here's my dumb data-dump on it. Thoughts?
Alias is a concept for a TOR-like Internet protocol supporting free speech and user privacy, but without encouraging the worst evil behaviors. Exit Nodes are replaced with Public Gateways, which sponsor users. The definition of evil behavior is defined by the Public Gateways and operators of routing nodes. Users would be encouraged to use good behavior, as their public alias would develop a reputation over time. Anonymity would be protected, but a user's Public Gateway and any routing node could refuse to route data for aliases with poor reputations.
TOR was created with a lofty goal: to support free speech. Unfortunately, TOR has drawn attention from governments and law enforcement, as it could be used to protect some of the worst activities, such as contract killing, and the slave trade. TOR Exit Node operators generally follow a strict policy of never looking at traffic, because simply observing this traffic would require Exit Node operators in most countries to regularly contact law enforcement to report crimes. PrivaTegrity is an alternative protocol to TOR, which aims to find a balance between protecting free speech and protecting the world from the worst behavior. Unfortunately, the PrivaTegrity inserts encryption backdoors.
Alias Design:
This is very much a dumb idea in the half-baked stage. Feedback and ideas are welcome.
Alias would be a fork of TOR, and route Internet traffic from a user's machine through a couple of Routing Nodes, to a Public Gateway, which replaces the Exit Node. The Public Gateway would have an account for the user, under a pseudonym used on Alias network by the user, called his alias. The Public Gateway should keep an email contact address for the user, similar to regular accounts on various web sites.
In Alias, user aliases would have trackable reputations, and the reputations of user aliases would be combined into a reputation for a Public Gateway. At a minimum, incident reports would be used to compute user reputations. Exactly how this works is TBD, but the goal is to cause gateways with very poor reputations to be effectively blacklisted by routing nodes, and for users with poor reputations to be dropped by reputable gateways. Users could move their alias from one gateway to another when needed, but they could not erase what their previous gateway knows about there identity. The Gateway would not know a user's location, and in many cases will know nothing other than the user's reputation and email address. When requested by a government authority, at a minimum, a gateway can drop support for a user alias, causing that alias to try to find a new gateway that will agree to sponsor it.
[...] Just today, I read a Forbes story from late 2013 where an anonymous had set up a web-site featuring Bounties in bitcoins for assassination of named public figures, which goes with the Crypto Anarchy "credo" (sometimes). Source: Nov 18, 2013 @ 08:30 AM Meet The 'Assassination Market' Creator Who's Crowdfunding Murder With Bitcoins Link: < http://www.forbes.com/sites/andygreenberg/2013/11/18/meet-the-assassination-...
.
David
From: David Bernier <david250@videotron.ca>
Just today, I read a Forbes story from late 2013 where an anonymous had set up a web-site featuring Bounties in bitcoins for assassination of named public figures, which goes with the Crypto Anarchy "credo" (sometimes). Source: Nov 18, 2013 @ 08:30 AM Meet The 'Assassination Market' Creator Who's Crowdfunding Murder With Bitcoins Link:>http://www.forbes.com/sites/andygreenberg/2013/11/18/meet-the-assassination-... David Ah, yes, Sanjuro's Assassination Market. I, more than most, would like to find out what really happenedwith that. Inadvertently assisted by me (by directing the anonymous TOR-emailer, claiming to be 'Sanjuro', to AndyGreenberg of Forbes) it got a rather enormous amount of publicity almost instantly in the media. Nevertheless, littleactually happened, and the media coverage didn't reflect nor describe that. The main criticism I had of this was the fact that the system was said to have a minimum bid of 1 BTC, which at the time was somewhere around $1000. This, contrasting with my Assassination Politics essay of 1995-96 where I anticipated allowing bits of 10 cents. Assassination Market did not explain a lot of what I had considered necessary for a functioning such system. How can a potential donor trust the system? How can a potential 'predictor' trust the system? How to collect?I never tried to research into this, because I judged that to do so would be a little too 'hot' for me to do. Didany donations actually appear on the system after its initial announcement? Did any new names/targets appear? "I have a thousand questions I'd like you ask you, Mr. Klaatu". Jim Bell
On 1/14/16, jim bell <jdb10987@yahoo.com> wrote:
... The main criticism I had of this was the fact that the system was said to have a minimum bid of 1 BTC, which at the time was somewhere around $1000. This, contrasting with my Assassination Politics essay of 1995-96 where I anticipated allowing bits of 10 cents. Assassination Market did not explain a lot of what I had considered necessary for a functioning such system. How can a potential donor trust the system? How can a potential 'predictor' trust the system? How to collect?I never tried to research into this, because I judged that to do so would be a little too 'hot' for me to do.
i am curious how you arrived at a determination of what was "too hot" :) how do you pick where to draw that line? *he says with a toe on something very hot...*
Did any donations actually appear on the system after its initial announcement? Did any new names/targets appear?
there were a few targets added, "bid" transactions successful, yet my attempt to add my own life to list was for naught. :/ maybe i didn't pay enough... ? https://blockchainbdgpzk.onion/address/1P6yannm6Rx9kkMH5LxmAsi1GdZ4JZG73T best regards,
From: coderman <coderman@gmail.com> To: jim bell <jdb10987@yahoo.com> On 1/14/16, jim bell <jdb10987@yahoo.com> wrote:
... The main criticism I had of this was the fact that the system was said to have a minimum bid of 1 BTC, which at the time was somewhere around $1000. This, contrasting with my Assassination Politics essay of 1995-96 where I anticipated allowing bits of 10 cents. Assassination Market did not explain a lot of what I had considered necessary for a functioning such system. How can a potential donor trust the system? How can a potential 'predictor' trust the system? How to collect?I never tried to research into this, because I judged that to do so would be a little too 'hot' for me to do.
i am curious how you arrived at a determination of what was "too hot" :)>how do you pick where to draw that line?>*he says with a toe on something very hot...* It was more of an educated guess. I knew that I hadn't been promoting AP, yetsomebody was seemingly trying to bring it into reality, or saying they were. Themost likely scenario, given that this person had contacted me, is that he (they) weresimply trying to discredit me. To avoid that happening, and to 'kill two birds withone stone', I threw that hot potato to Andy Greenberg. (I was not at all happy with Greenberg, who greatly misrepresented 'facts' about me in his book). I figuredthat Greenberg wouldn't do anything with this contact, which would allow me to usehis negligence to discredit him. Very surprisingly, to me, Greenberg actually wrotean article and published in Forbes! Literally within hours, many dozen other articles appeared in other media, and in the end it probably was hundreds of articlesover the next year or so.
Did any donations actually appear on the system after its initial announcement? Did any new names/targets appear? there were a few targets added, "bid" transactions successful, yet my attempt to add my own life to list was for naught. :/ maybe i didn't pay enough... ? > https://blockchainbdgpzk.onion/address/1P6yannm6Rx9kkMH5LxmAsi1GdZ4JZG73T I expected to, within a few weeks or months, read many articles publishing details. But no,all the rest were seemingly just rehashes of Greenberg's. So, I learned very little. ButI _DID_ learn that that system wouldn't be successful: At the very least, it would have hadto convince the public that they could trust the system to operate reliably, and that neveroccurred.The only public criticism I voiced was the fact that the system didn't accept individual donationslower than 1 BTC. Most people would be willing to throw a penny, nickel, dime, quarter, ordollar into a wishing well. But nearly $1000? Highly unlikely. It was one choice that virtually guaranteed failure, even if everything else was done right. I am now, however, paying attention to Auger and Ethereum, which if they meet their impliedpromises, will actually do the job. Jim Bell
From: coderman <coderman@gmail.com> To: jim bell <jdb10987@yahoo.com> On 1/14/16, jim bell <jdb10987@yahoo.com> wrote:
... The main criticism I had of this was the fact that the system was said to have a minimum bid of 1 BTC, which at the time was somewhere around $1000. This, contrasting with my Assassination Politics essay of 1995-96 where I anticipated allowing bits of 10 cents. Assassination Market did not explain a lot of what I had considered necessary for a functioning such system. How can a potential donor trust the system? How can a potential 'predictor' trust the system? How to collect?I never tried to research into this, because I judged that to do so would be a little too 'hot' for me to do.
i am curious how you arrived at a determination of what was "too hot" :)>how do you pick where to draw that line?>*he says with a toe on something very hot...* It was more of an educated guess. I knew that I hadn't been promoting AP, yetsomebody was seemingly trying to bring it into reality, or saying they were. Themost likely scenario, given that this person had contacted me, is that he (they) weresimply trying to discredit me. To avoid that happening, and to 'kill two birds withone stone', I threw that hot potato to Andy Greenberg. (I was not at all happy with Greenberg, who greatly misrepresented 'facts' about me in his book). I figuredthat Greenberg wouldn't do anything with this contact, which would allow me to usehis negligence to discredit him. Very surprisingly, to me, Greenberg actually wrotean article and published in Forbes! Literally within hours, many dozen other articles appeared in other media, and in the end it probably was hundreds of articlesover the next year or so.
Did any donations actually appear on the system after its initial announcement? Did any new names/targets appear? there were a few targets added, "bid" transactions successful, yet my attempt to add my own life to list was for naught. :/ maybe i didn't pay enough... ? > https://blockchainbdgpzk.onion/address/1P6yannm6Rx9kkMH5LxmAsi1GdZ4JZG73T I expected to, within a few weeks or months, read many articles publishing details. But no,all the rest were seemingly just rehashes of Greenberg's. So, I learned very little. ButI _DID_ learn that that system wouldn't be successful: At the very least, it would have hadto convince the public that they could trust the system to operate reliably, and that neveroccurred.The only public criticism I voiced was the fact that the system didn't accept individual donationslower than 1 BTC. Most people would be willing to throw a penny, nickel, dime, quarter, ordollar into a wishing well. But nearly $1000? Highly unlikely. It was one choice that virtually guaranteed failure, even if everything else was done right. I am now, however, paying attention to Auger and Ethereum, which if they meet their impliedpromises, will actually do the job. Jim Bell
From: coderman <coderman@gmail.com> To: jim bell <jdb10987@yahoo.com> On 1/14/16, jim bell <jdb10987@yahoo.com> wrote:
... The main criticism I had of this was the fact that the system was said to have a minimum bid of 1 BTC, which at the time was somewhere around $1000. This, contrasting with my Assassination Politics essay of 1995-96 where I anticipated allowing bits of 10 cents. Assassination Market did not explain a lot of what I had considered necessary for a functioning such system. How can a potential donor trust the system? How can a potential 'predictor' trust the system? How to collect?I never tried to research into this, because I judged that to do so would be a little too 'hot' for me to do.
i am curious how you arrived at a determination of what was "too hot" :)>how do you pick where to draw that line?>*he says with a toe on something very hot...* It was more of an educated guess. I knew that I hadn't been promoting AP, yetsomebody was seemingly trying to bring it into reality, or saying they were. Themost likely scenario, given that this person had contacted me, is that he (they) weresimply trying to discredit me. To avoid that happening, and to 'kill two birds withone stone', I threw that hot potato to Andy Greenberg. (I was not at all happy with Greenberg, who greatly misrepresented 'facts' about me in his book). I figuredthat Greenberg wouldn't do anything with this contact, which would allow me to usehis negligence to discredit him. Very surprisingly, to me, Greenberg actually wrotean article and published in Forbes! Literally within hours, many dozen other articles appeared in other media, and in the end it probably was hundreds of articlesover the next year or so.
Did any donations actually appear on the system after its initial announcement? Did any new names/targets appear? there were a few targets added, "bid" transactions successful, yet my attempt to add my own life to list was for naught. :/ maybe i didn't pay enough... ? > https://blockchainbdgpzk.onion/address/1P6yannm6Rx9kkMH5LxmAsi1GdZ4JZG73T I expected to, within a few weeks or months, read many articles publishing details. But no,all the rest were seemingly just rehashes of Greenberg's. So, I learned very little. ButI _DID_ learn that that system wouldn't be successful: At the very least, it would have hadto convince the public that they could trust the system to operate reliably, and that neveroccurred.The only public criticism I voiced was the fact that the system didn't accept individual donationslower than 1 BTC. Most people would be willing to throw a penny, nickel, dime, quarter, ordollar into a wishing well. But nearly $1000? Highly unlikely. It was one choice that virtually guaranteed failure, even if everything else was done right. I am now, however, paying attention to Auger and Ethereum, which if they meet their impliedpromises, will actually do the job. Jim Bell
On 01/10/2016 04:38 PM, grarpamp wrote:
---------- Forwarded message ---------- From: Bill Cox <waywardgeek@gmail.com> Date: Sun, Jan 10, 2016 at 9:38 AM Subject: [Cryptography] A possible alternative to TOR and PrivaTegrity without backdoors To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
This is an old idea, but perhaps now there might be more reason to consider it. I currently call this idea Alias. Here's my dumb data-dump on it. Thoughts?
Alias is a concept for a TOR-like Internet protocol supporting free
[...]
Conclusion: Alias seems to provide better protection of free speech in this case.
Threat Case: A Single Government Blackmails the Rest
Suppose one of the governments involved decides to use it’s influence in the protocol to blackmail one or more of the other governments involved into agreeing to some political agenda.
TOR: If the government were the USA, it might have unique powers to track users through the TOR network. If true, the USA could refuse to reveal a French suspected terrorist unless the French government share mass surveillance data collected on it’s citizens. Is this sort of thinking too paranoid? [...]
It would usually be approached through Intelligence and/or Diplomatic channels. If it looks like the US is attempting to extort French surveillance data on French citizens, in exchange for the name of the French terrorist, I'd expect France to be disappointed at the USA, with the French looking for alternative Intelligence sources: Italians, Moroccans, Egyptians, Russians, etc. IOW, it's not good for the US to over-play its hand. But then, it all depends on the "state of play" ... Sill, diplomacy is reciprocal aide , or reciprocal "retaliations", etc. etc. One is left to wonder about the actual National Interests, and many "forces": lobbies/factions/States/regions , act on Governments at the same time. I believe History offers a Guide to Diplomacy. David
participants (4)
-
coderman -
David Bernier -
grarpamp -
jim bell