Dishonest Tor relay math question - tor-talk is to lazy

grarpamp grarpamp at gmail.com
Sat Oct 16 04:00:35 PDT 2021 

On 10/16/21, Peter Fairbrother <peter at tsto.co.uk> wrote:
> Except the increased bandwidth cost. And if you have to have padding
> between each node, or on each link, that becomes very expensive.
> ...
> [whatever FUD's/month]

Again, no, users have already bought whatever speed they like from their ISP,
they can't shove any more over their link than that, thus there is zero
increased expense, the most speed they can ever get is literally exactly
what they paid for, they cannot push R bps or N B/m more beyond what
they bought, period. And as before, endpoint users on stupid byte rape
plans can just opt out of base-chaff, and miss out on the extra protection.

> Suppose you want to download a bloated web page of 4MB in 4 seconds then
> Running that 24/7 for a month

No, you only have to run it during the time of your download / activity,
plus maybe a few more minutes to sync network metadata, test wan
conditions to peer nodes, negotiate overlay speeds and chaff contracts,
and start running.

> [there are of course other issues regarding latency in a base-chaff-flow
> web system]

Vapors until posted.

> Total size of transfer - compared between whom? UserA and .onion1?
> But some on userA's and most of .onion1's traffic will be to other people
> so how does comparing their total size of transfer over a year help?

A's usage may be to zero other people, and Eve runs onion1 which
also has no such guarantee, thus whether its 1 minute or 1 decade
it's game over for A.

> Plus, with a randomly-variable delay, how do you accurately know the
> amount of traffic sent in your year?
>
> TCP ramps - but he doesn't have any close-grained timing info, so how
> does the adversary detect when TCP ramps happen?
>
> Backoffs - but he doesn't have any close-grained timing info, so how
> does the adversary detect when backoffs happen?

Users of any network probably exhibit more degenerate edge
cases, and at a higher frequency, than analysts they think they do.

Futher, some networks allow anonymous yet unique discrimination
by an endpoint among far end clients via the pubkeys they use.

> All very well, but how do you do anonymous browsing without TCP?
> ...
> without TCP / over UDP is probably doable, but it wouldn't be browsing

Web currently requires TCP, but the underlying generic transport
network, like packet switches, doesn't care what gets emulated or
chopped into packets in order to move over it, whether chaff or wheat.

> allowing a little padding and timing jitter here and there. And browsing
> without TCP / over UDP is probably doable, but it wouldn't be browsing
> as we know it)

You can run anything over a physical base layer of link level chaff.
Go read about how ATM networks work.
Chaff link contracts take place of your inability
to be the WAN's physical network bucket clock,
you can't own that... but you can own the clock,
randomizer, repeater, counter, statistical analyzer,
and enforcer that is your CPU... and own the logical
link out your NIC across whatever WAN to your peer
nodes.

> allowing a little padding and timing jitter here and there.

A low ratio [flow padding, jitter] isn't going to mask a
relatively big and or otherwise unique transfer.

> low latency

There's that FUD phrase being used again as if it means something
[when] it doesn't.

> low added cost

There's that FUD phrase being used again as if it means something
[when] it doesn't.

> a gpa that was and is not achievable.

"Tor Stinks  -- NSA"... that was over 10 years ago
from a slide deck indicating that they didn't have
to "deanon" all the time, meaning between the lines,
that they could "deanon" (and other ways and exploits).
Regardless, pretending that they, and even independent
actors, are not light years farther ahead today,
might be quite fatal. And refusing, like Tor Project does,
to prominently warn users of the problems, to permit
free open uncensored talk of the problems on their
fora, is irresponsible to complicit.

> Without a need to trust anyone except the math.

Can you trust your own enforcement of the expected
parameters of a contract that you negotiated?

> Examples?

Clearnet, vs tor.

Tor, vs all manner of other overlay networks.

All prior nets, vs whatever is done new in the future.



Not saying there aren't other fine methods or in parallel to
achieving degrees more TA resistance, particularly with single
application overlays. However generic transport overlays
may be more useful to more users via not having to
run a separate network for each application, and can
tend to have more devs helping out.

More information about the cypherpunks mailing list