Dishonest Tor relay math question - tor-talk is to lazy

Peter Fairbrother peter at tsto.co.uk
Sat Oct 16 01:23:27 PDT 2021


On 16/10/2021 06:45, grarpamp wrote:
> On 10/15/21, Peter Fairbrother <peter at tsto.co.uk> wrote:

> 
> Nothing about a base layer of chaff prevents
> "low-latency browsing" as an application.

Except the increased bandwidth cost. And if you have to have padding 
between each node, or on each link, that becomes very expensive.

Suppose you want to download a bloated web page of 4MB in 4 seconds then 
your base flow is >1MB/s. Running that 24/7 for a month, that's 2.5 TB 
per month. 500 times more than an average user's 50 GB/month..

[there are of course other issues regarding latency in a base-chaff-flow 
web system]

> Tor has vacuumed up, propagandized, sucked the funds from,
> steered via proceedings, and effectively killed all the competitive
> research and development in the space for last 20 years.

Yep. Totally agree there.

> An entire class of TA is solely based on matching up i/o
> across all nodes to find matches. Certain things don't
> matter to such matching engines.

Grandma Eggs Suck.

>> Not if it was a randomly-variable one year delay they couldn't.
> 
> If your app is "browsing", or doing any other TCP stream,
> yes they can, such streams have other identifiable
> traffic characteristics than just arrival and inter packet timing,
> such as total size of transfer, TCP ramps, backoffs, etc.

Not even vaguely.

Total size of transfer - compared between whom? UserA and .onion1? But 
some on userA's and most of .onion1's traffic will be to other people. 
so how does comparing their total size of transfer over a year help?

Plus, with a randomly-variable delay, how do you accurately know the 
amount of traffic sent in your year?

TCP ramps - but he doesn't have any close-grained timing info, so how 
does the adversary detect when TCP ramps happen?

Backoffs - but he doesn't have any close-grained timing info, so how 
does the adversary detect when backoffs happen?


[skip TCP stuff]

All very well, but how do you do anonymous browsing without TCP?

(I actually agree that TCP sucks in this case, but it isn't a total 
deal-breaker if the TCP data in the packet headers is encrypted - plus 
allowing a little padding and timing jitter here and there. And browsing 
without TCP / over UDP is probably doable, but it wouldn't be browsing 
as we know it)

The TOR people (well, at least some of them - some may have had other 
agendas) wanted to anonymise web browsing as it existed then, a laudable 
aim.

However that means TCP, that means low latency, that means low added 
cost - remember the 8th law, "A system which is hard to use will be 
misused, abused and unused", and that "hard to use" includes expensive 
in terms of resources or money or time - and against a gpa that was and 
is not achievable.


They "settled" for some kind of anonymity against lesser adversaries, 
but their rationalisations of that motive suck.


>> I don't know of any strict anonymity p2p apps.
> 
> Not sure what you mean.

Without a need to trust anyone except the math.

> Though there's no such thing as 100% anonymity, security, etc...
> there are certainly different comparative magnitudes of it available
> today, and higher ones are probably quite achievable with some
> work on new alternative models.

Examples?

Peter Fairbrother



More information about the cypherpunks mailing list