On 2/29/16, Zenaan Harkness wrote:

On 2/29/16, Georgi Guninski wrote:

...

Is it theoretically possible at all to make low latency anonymity of sufficiently decent quality?

For those able to pay the price of fill traffic, possibly (theoretically).

However even in that case, you will need at least some level of trust with your immediate peers (or high level of trust if your immediate peer is singular, only 1, from which you access the rest of the network).

Maybe you have some validation packets looping around and coming back to you on other [virtual] path. Maybe peer does not know traffic from you is from you as an endpoint. Maybe you're doing nothing and he wastes time.

Visibly stable fill traffic requires peers that don't collaborate with the NSA - e.g., you can imagine how trivial it might be to put in "bandwidth signals" if you are an untrustworthy peer - just a slight temporary dip at a specific point in time, could be a signal to the NSA.

If all nodes are multiply connected and independantly reclocking and jittering their output packet streams and your data passes through at least one good node besides yourself, it erases all the bad signals perturbed up to reaching it. Encryption also thwarts picking out some given user. Yet, again, what is trying to be defeated? - strict GPA (I only ever said this type) - traffic manipulation at internet layer - evil nodes doing whatever Fill is more obvious applicable to strict GPA. It gets harder for latter two, for which fill traffic may not be as simple benefit, and maybe start playing with packet switching / mixing / spreading / reassembly. What is adversaries non sunk cost and reach and odds of seeing given user traffic for each type?

Example peers: - your ISP

You could be multihomed, multi overlayed, multi vpn'd...

- your neighbours in say a wireless or wired local mesh net

That's potentially a social knowledge / friendly situation. - [peer] nodes wherever in the overlay network.

I am not aware of any academic research regarding the benefits and or pitfalls of fill traffic.

Paper titles were quoted in this thread, some had such appendix references. And in tor-talk / tor-dev whenever fill traffic comes up.

On Mon, Feb 29, 2016 at 04:58:14AM -0500, grarpamp wrote:

...

At [2] Tor (and/or DoD) confess:

These quote active attacks.

...

...

The Tor design doesn't try to protect against an attacker who can see or measure both traffic going into the Tor network and also traffic coming out of the Tor network.

"Timing", "seeing", and "measuring" are passive attacks.

I meant the quoted text, which is passive.

There is a difference.

Even if active attack is needed, does it matter with what buzzword I am deanonimized?

On Mon, Feb 29, 2016 at 05:30:05AM -0500, grarpamp wrote:

No, food in detention is same either way. Yet must define problem to make solution. Some of each are more likely or easier than others.

As I asked in this thread: Is it theoretically possible at all to make low latency anonymity of sufficiently decent quality? "sufficiently decent" is not well defined i agree. Replace "sufficiently decent" by "perfect", or define it to be "provably intractable" and do not assume hardness not proved unconditionally, like P != NP.

On 2/29/16, Steve Kinney wrote:

On 02/29/2016 06:38 AM, Georgi Guninski wrote:

...

Is it theoretically possible at all to make low latency anonymity of sufficiently decent quality?

"sufficiently decent" is not well defined i agree.

Bingo. How fast do you want web pages to load, vs. how much do you want it to cost to de-anonymize your traffic?

In ATM the cost was unfilled buckets... here, filling them even with junk (if not useful protocol)... is beneficial to you. Tradeoffs may also have sweet spots and asymmetric scales. The other meaning of "fast load" vs "$cost" is of bandwidth / bytes choices of the user to their ISP which is another topic and never "free".

In the case of TOR, it has long appeared to me that its leading design objectives include

Hiding participants to a communication from each other, negotiating their own encryption over the path, and confounding vanilla hop by hop backtracing by police level jurisdiction based authorities. That's mostly it.

competing on the speed front with unprotected networking and VPN services.

This is more a function of TCP's natural performance over WAN than anything else. Also some OS's like FreeBSD now have quite improved bandwidth x delay product handling in their stacks. (tor-relays should really evaluate this when considering which OS's to deploy as relays.)

The benefits of this competition include a larger user base = larger anonymity set.

s/competition/nature/ , which may end up being achievable with other designs as well.

The drawbacks include "the government that pays for TOR also has the capability to defeat TOR."

Well, then go find funding from an enemy of your enemy who also has no issue with what you're building. Or just don't accept strange money. How many of you donated or bought anything? Oh noes!, the influence. Next!

Last time I checked, the TOR Browser ships with NoScript turned off by default, leaving it unprotected against a large family of side channel attacks. This choice also looks like a convenience for technologically naive end users, again degrading the core security mission for the sake of a larger user base.

They've said as much. At least users can turn it on.

In this case we do know that hostile State actors have used the deficiency to unmask users, via a honey pot attack exploiting javascript to phone home and report the users' IP addresses.

"Disclaimers confuse and ward off users, and aren't popular in marketing departments."

Leaving fill traffic on the "to do list" forever, pending the disappearance of vocal advocates who claim that cover traffic is not practicable - either "impossible!" or due to a perceived head-to-head performance contest with unprotected networking -

This is a head-in-sand mindset problem. They are useless to you and will only hold you back. Go find other development partners.

I personally consider TOR sufficiently decent to positively lock out routine commercial surveillance of end users.

Yes. ie: All of the current strong anonymity overlay networks successfully fend off and are immune to the copyright MAFIAA, and all manner of other civil, police and non-state adversaries. (Note that's real world in practice now, vs current academic research attacks that may be deployed in production by them in the future. And that's at the protocol of the network level, not the age-old application layer exploit level.)

Sufficiently decent to provide reliable protection against NSA assets when combined with physical OpSec, i.e. covertly using open WiFi routers and single use disposable computers for brief one-off sessions.

Yes. Physical location separation plus non pattern generation.

Sufficiently valuable as an NSA collection asset to discourage routine harassment or prosecution of TOR users for petty offenses, which would reveal to more "valuable" targets that TOR does not protect them.

Yes. Though it still supplies profiling database and parallel construction in that mode.

So far we are only talking about passive attacks by an actor who can observe both ends of most TOR network connections. More costly active attacks could defeat /any/ anonymizing network protocol based on onion or garlic routing protocols. So whether or not to "fix" TOR at the cost of alienating the bulk of its user base due to performance issues might merit some debate.

Tor is fundamentally a tunneled circuit based encrypted network. It was designed roughly 15 years before Snowden's confirmations and before 911 in a time when networks were still mostly trusted and GPA's effectively spying at scale much less attacking were only in the minds of crackpot cypherpunks. Tor's circuit design probably doesn't lend itself to fill traffic / management, and bolting it on the side may be non ideal. (Those are open questions.) Yet "Tor" without its original design model could hardly longer be called Tor (or TOR) at that point. If you want fill traffic, you're probably better off forking and gutting it, or starting something completely new that incorporates ideas from knowledge both inclusive and post Tor's design. Tor is great at what it does well, which is a lot. You just have to know what that is, and find (or make in it or elsewhere) what it isn't good at.

My preferred solution: Defund the the agencies that can and almost certainly do defeat all current network anonymity protocols. My program for accomplishing this objective: Wait. They are hell bend on self destruction and Nature will provide.

You'll be dead by then. It's more fun to risk dying now ;) Tor is looking at some forms of network fill traffic, which may or may not be integrated to the entire network wide sense, or useful in your own designs... https://gitweb.torproject.org/torspec.git/tree/proposals/251-netflow-padding... https://gitweb.torproject.org/torspec.git/tree/proposals/254-padding-negotia...

On 2/29/16, Georgi Guninski wrote:

Replace "sufficiently decent" by "perfect", or define it to be "provably intractable" and do not assume hardness not proved unconditionally, like P != NP.

So long as each node accounts for negotiated contract rate with peers, and generate fill for missing packets on the inbound links when output the other side, and reclock all the input when output to a fixed rate, and add random jitter to the output links to mask time spend negotiating and compensating for the input junk received... it would seem range from reasonable sufficient to damn hard. It's an enhanced level of the fixed bucket clocks in old school ATM / TDM that people seem to forgot about... https://en.wikipedia.org/wiki/Asynchronous_Transfer_Mode#Traffic_policing https://en.wikipedia.org/wiki/Time-division_multiplexing There was even talk on one of these lists about doing fill not just in the overlay networks, but also doing it, along with automatic pfs style encryption in the layer zero link hardware itself (ethernet PHY, etc) by starting an IEEE / IETF working group... every switch, router and NIC port everywhere. Some OP threads for ref: https://cpunks.org/pipermail/cypherpunks/2016-February/012436.html metzdowd: "traffic analysis" Jan 2015 My spam on @cpunks @torproject Etc et al Encrypted fill traffic is at least worth thinking about, thus cc.

On 3/1/16, Georgi Guninski wrote:

Is jitter/fill traffic full solution?

Again, to what threat model? I've only mention GPA, fix for which may involve, at possible minimum, all nodes encrypting full fill traffic reclocked with jitter, under some form of negotiated and enforced possibly dynamic traffic contracts with peers. I may also be on crack.

What if they disrupt or slow X times your traffic to Tor?

That's an active attack, not a GPA trolling through packets. Then your peers may de-peer you until things look normal. Or it may take a while for you to get signal through. And if they're already close enough to disrupt you specifically, you've probably got other problems.

This will be observable at the other end.

Not when every node is doing reclocking and de-peering peers that seem to be misbehaving or dishonoring contracts.

Probably easier is to just own me via some application sploit (as suggested in this thread).

Again, that's active, and application level, not GPA.

RE: cost of ownage/minor offenses. Don't exclude the possibility single investment to result in compromise of all of Tor and then deanonimizing will be just a simple query.

You mean like rooting a bunch of Linux nodes, 6+:1 ratio ... 6831 Linux 696 Windows 291 FreeBSD 74 OpenBSD 33 Darwin 8 NetBSD 4 ElectroBSD 4 Bitrig 3 SunOS 2 DragonFly 1 GNU/kFreeBSD 1 CYGWIN_NT-10.0-WOW Or compromising the repo or developers or 3rd party libraries... Or asking your friends AT&T et al to help... What's the threat?

"NSA can deanonimize some Tor users ...

Again, talk about whatever, but people need to specify the threat model if they're going to really discuss solutions. Nor is Tor the only active network currently subject to attack.

This is consistent with the fate of Lulzsec. According to the official story (which I don't believe), the first of them got caught because "he forgot to use tor when on irc..."

Do they and their court docs officially say that? Or just some blogger reading 4chan?

On 3/1/16, Georgi Guninski wrote:

...

...

Is jitter/fill traffic full solution? The threat model is the entire world --

Then the full solution is to unplug, smash, and go outside and play...

in real life do you care much what accident will "own" your life?

... just be sure to wear your helmet :)

Combination of many threats -- owning, timing, crypto, etc

If the thread is a thread just griping on threats that's fine. But lumping them all in versus fill traffic (being a possible solution to the one specific subthreat of GPA)... probably isn't productive towards solving anything... whether the entire threat or any particular subthreat. Especially when fill traffic hasn't yet been speculated here to enhance the efficacy of any other existing threat, or to create new threats.

...

Do they and their court docs officially say that?

Don't know about courts, here is a reference from thereg: http://www.theregister.co.uk/2012/03/07/lulzsec_takedown_analysis/

That's not a quote from an original source. Neither is what it references... http://blog.erratasec.com/2012/03/notes-on-sabu-arrest.html ... which goes to Fox, which probably goes to... and to... and to... ... including possibly to stretching / ignoring the law, parallel construction... or to some other legit defendant screwup... at least until the quote is validated. Have the actual chain of custodied investigative materials as to exactly how the SilkRoad server was found come out yet? (And other similarly fishy cases where nodes on supposedly strong overlay networks were found...) Or is that still wrapped in grand jury, work product, state secret, in camera, sealed...

On Tue, Mar 01, 2016 at 01:52:24PM -0500, grarpamp wrote:

...

Don't know about courts, here is a reference from thereg: http://www.theregister.co.uk/2012/03/07/lulzsec_takedown_analysis/

That's not a quote from an original source. Neither is what it references... http://blog.erratasec.com/2012/03/notes-on-sabu-arrest.html ... which goes to Fox, which probably goes to... and to... and to... ... including possibly to stretching / ignoring the law, parallel construction... or to some other legit defendant screwup... at least until the quote is validated.

Have the actual chain of custodied investigative materials as to exactly how the SilkRoad server was found come out yet? (And other similarly fishy cases where nodes on supposedly strong overlay networks were found...) Or is that still wrapped in grand jury, work product, state secret, in camera, sealed...

If you find out, let us know. This is the most "official" version for me for now.

Georgi Guninski wrote:

"sufficiently decent" is not well defined i agree. ...is definable for the purpose as exorbitantly expensive and/or time-consuming in relationship to the necessity of gathering that information. You don't really think they're going to put a Cray and full-time satellite surveillance on you for dealing a little weed using tor do you?

Albeit there's always 'practice'... http://auntieimperial.tumblr.com/search/NSA+hookers -- RR "Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them"