Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 2 [3] 4 5 ... 249
31
Off topic / Re: Real men aren't pussy beggers
« on: September 23, 2013, 09:54 am »
Quote
And good side of having little money is that there is more chances to find golden people ;)

I have to say that in my experience I find this to be true. I find that poorer people tend to be more accepting of others, and generally more charitable and nice as well. It is kind of funny how the people with the least to give generally give the most of what they have. I find that in general, the less money a person has the more likely I am to like them. This doesn't mean I don't like people with a lot of money, and even a lot of my friends over the years have come from pretty rich families etc. But I tend to feel more comfortable around poorer people, because they are less likely to like the police, less likely to be stuck up assholes, etc. There are plenty of golden rich people, but in general I agree with the statement that the less gold a person has the more likely they are to be a golden person.

As far as women go, I find them kind of depressing in general. Many of them are hard wired to find assholes attractive, since being extremely dominant is a sign of strength and women are for evolutionary reasons attracted to that. People dislike the pick up artist culture and think it objectifies women, but my experience indicates that they actually do have a pretty good grasp on female psychology. I suppose men are not any better though, since they are almost exclusively attracted to superficial physical appearance. So in the end men and women are both shallow and primitive animals. I think they are not really compatible with each other for the most part. Their desires are at odds with each other and it becomes gender war. Men want many sexual partners and women want many fewer. It makes sense evolutionarily, as men can impregnate thousands of women in a year but a woman can only become pregnant such that she gives birth once a year. That will lead to women being more picky and hesitant to engage in sex, since they have much more invested into it. Since women are also hard wired to desire their genes to propagate as much as possible, it makes sense they are attracted primarily to dominant men. The more dominant a male is the more likely he can obtain sex, the more likely it is for a male to obtain sex the more likely it is that he will have many offspring, the more likely it is that his off spring will be dominant and obtain sex. Therefore if a female has sex with a dominant male her children will be more likely to be dominant and more likely to obtain sex, and her genes will be more likely to spread. It actually does put men at kind of an advantage, since it is possible to fake a dominant personality but harder for a woman to fake being physically attractive.

32
Security / Re: What Is The Weakest Part of SR?
« on: September 23, 2013, 09:33 am »
1. Human error. Including not using GPG to encrypt your address.
2. Massive state level SIGINT agency traffic analysis
3. Hackers
4. Lack of anonymizing Bitcoin enough
5. Random interceptions


Human error is certainly a weak part of SR. Lots of users don't even encrypt their addresses I hear. But this is fine by itself, up to the point that the server is seized, pwnt by hackers, or the admins are busted. So it is hard to say it is the weakest part of SR, since before it manifests itself as a weakness another issue will need to trigger it. Massive traffic analysis by NSA and similar agencies is a big concern and there is a lot of worry that these attackers can deanonymize most Tor users. If they actually feed the intelligence to the feds, that is somewhat of a different question, although I am not as optimistic as I once was. Hackers are a real threat as well and it is hard to say they are less of a threat than SIGINT agencies. Even though a global external attacker is near a death blow against SR, it might be that we actually have more to worry about from hackers. Random interceptions are always a threat as well, but they happen rarely without some other form of intelligence pointing to the package or individual.

It is really hard to say which of these is the greatest threat to SR, but together they are the primary threats to keep in mind.

33
Security / Re: Dissent: accountable anonymous group communication
« on: September 23, 2013, 09:10 am »
Quote
1) The ability to relay/mix traffic 'off net' - eg if I have a relay I may choose to wirelessly pump some of that data to another relay via a private wireless link or similar - then back on to the net. This would frustrate adversaries with the ability to conduct widespread traffic analysis of the Internet (assuming they're not also monitoring my private networks)

The good thing about mixing is that it essentially happens off net. That is the big advantage of mix networks really. It happens inside the mix nodes RAM. If the attacker cannot see the state of the RAM on the mix node, then they cannot learn what is happening, even if they can see all traffic into and out of the mix. Replace "My private networks" with "The state of my RAM" and you have a mix network.

Quote
2) Broadcast model for message delivery - think the Bitcoin ledger system. All clients see all messages but can only decrypt messages for them. An adversary, even one who can see all traffic, cannot say where the recipients are without access to their key. Very inefficient but much better anonymity for recipients. I think a satellite would serve us well for this - pricey though.

There are much more efficient systems that can obtain nearly the same anonymity as this. The general concept is called PIR, the type you advocate for is everybody gets everything PIR. There are types of PIR that require several orders of magnitude less bandwidth, while still maintaining a high degree of anonymity. In fact, in some cases the anonymity of everybody gets everything can be matched while bandwidth required can be taken down orders of magnitude.

34
Security / Re: Dissent: accountable anonymous group communication
« on: September 23, 2013, 08:55 am »
Quote
1. Hidden services are a must. While i enjoy browsing porn with tor the only real reason i use it is SR. If the system cant support the hosting of sites then there is very little usefulness to it and we might as well resort to freenet.

Freenet isn't a bad choice. Tor is a featherweight boxer, quick but easily knocked out by a heavyweight attacker. Freenet is kind of a medium weight boxer. Mix networks are the heavyweights, slow but powerful. But it is likely if the NSA can pwn Tor they can pwn Freenet as well. It is a bit harder to pwn Freenet, but an attacker who can watch most links on the internet + who owns a decent number of Freenet nodes can break Freenet. We are assuming that the NSA can watch most links on the internet, it isn't going to be hard for them to own a decent number of Freenet nodes as well. In the case of Tor the attacker doesn't need to own a single Tor node if they can watch the majority of links on the internet. So the cost to attack Freenet in a major way is more than the cost to attack Tor in a major way, but it might in this case be the difference between someone in the Forbes top 100 buying a ten million dollar house or a twenty million dollar house.

Quote
2. Low latency. If people are to make any real use of this it needs to be accessible and responsive. Having a big clunky system that protects against SuperSaiyanNSA9000 wont do us any good if it takes forever to do anything.

This is not a realistic goal to have if you want strong anonymity. The only systems that allow for strong bidirectional anonymity and low latency require so much bandwidth that they only exist on paper. Strong unidirectional anonymity is in the realm of possibility, but even that doesn't scale so well in most cases. BitMessage is a good example, since everybody gets every message it has ideal receive anonymity, and it isn't very high latency either since messages are only slightly delayed at each node. But it wont scale very large and has a host of other problems with it.

Quote
3. Invariance or more variance? You make a point that if all traffic were uniform in size and timing then it would be all but impossible for even two bad nodes in the chain to track it. But then this creates massive overhead that is impracticable with current tech. So lets fudge that idea, we have packet encryption and packetsize invariance, this protects our contents, but when it comes to timing what we need is more variance, that is if every node added a random number of seconds to most of their packet then while it might slow down the network a bit it will be impossible for even a global adversary to determine the flow of a packet just based on timing. Packet numbers can be fudged this way too, add a few more or less packets here and there, not everything needs to be manipulated, just enough that an attacker wont know what has or hasnt been manipulated.

It is not impractical for many applications. For E-mail is certainly is not impractical there have been deployed mix networks for E-mail that removed all message variance. I think in many cases it is not impractical at all. For uploading and downloading high definition movies it isn't really practical, but for posts on a forum? For small and simple websites? For E-mail? For sharing small files like .pdf? For a blog?

The general rule of thumb is that uniformity is always good, and randomness is good sometimes but much less often. This can be seen in timing attacks against cryptographic systems as well. Random variance can often be filtered, invariance can never be filtered. In the case of layered encryption, randomization is secure. When it comes to inserting random jitter at each hop, I think it would either be insecure (in that even if it makes attacks harder, they would be realistic to carry out), or require such a massive range of time delays that it would actually be many orders of magnitude faster to just use a mix network and remove variance. I am sure some of the literature on anonymity discusses the idea of adding random jitter in depth, but I cannot off the top of my head think of a paper for you. The following paper on flow watermarking has demonstrated that attackers can filter substantial amounts of jitter in low latency networks though:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.123.3789&rep=rep1&type=pdf

Quote
Fortunately, our interval centroid-based watermarking
could self-synchronize the decoding offset with the encod-
ing offset even if 1) the clocks of the watermark encoding
host and decoding host are not synchronized; 2) there is
substantial network delay, delay jitter or timing perturba-
tion on the watermarked flows.
 

Actually they did an analysis on a rather sophisticated low latency system that utilized mixing, artificial jitter, dummy packets, etc, and were still able to insert readable interpacket fingerprints. So I think we will not have luck with this approach, and rather must take care to make messages totally uniform between hops (which means obtaining all packets before sending them forward to the next mix, to remove any interpacket timing fingerprint. which means significant time delay).

Quote
   Despite of the significant flow transformations (i.e.,
repacketization, flow mixing, and packet dropping) and net-
work delay jitter introduced by www.anonymizer.com to the
Web traffic, we were able to achieve surprisingly good re-
sults in linking the information sender and receiver through
our flow watermarking technique. When we decoded the
32-bit watermark from a network flow, we allowed a few
bits mismatched with the watermark we were seeking. The
number of allowed mismatched bits is called the Hamming
distance threshold in our watermark decoding. Figure 11
shows that we can achieve a 100% watermark detection rate
with a Hamming distance thresholds of 5, 6, 7, and 8, re-
spectively, and redundancy of 20 from the Web traffic re-
ceived at the client side. This only requires less than 11 min-
utes active browsing. With less than 6 1/2 minutes of active
browsing traffic, we were able to achieve a 60% watermark
detection rate with a Hamming distance threshold of 5.


Quote
What i want to know is what exactly protects against an attacker that owns the majority of relays in a network?

Mix networks are actually much better protected from attackers who own a lot of nodes. This is because a single good mix on a messages path buys it significant anonymity, and there is no hard limit to the number of mixes on a path. This is in contrast to systems like Tor, where adding more nodes to a circuit doesn't help from some of the most dangerous and easy to carry out attacks. If you have three nodes or fifty nodes it doesn't matter if packet streams can be linked regardless of their location on the circuit. The attacker who owns the entry and exit can still link clients to destinations. In the case of a mix network, the attacker can own 49 of the mixes on your messages path and still not be able to deanonymize you if your message went over a single good mix at any point in time.

35
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 23, 2013, 07:33 am »
I mean, is it really so critical that the above post is viewable within seconds after I make it? Would it really make for much worse of a system if it wasn't viewable for an hour? Because that is a more fair evaluation of what would happen in a mix network. It isn't so much that you clicked the link to this thread and an hour later it loaded, and then you hit refresh and wait an hour for the thread to reload. It is more like you click the link to the thread and it loads right away still, but you don't see the post I just made for an hour or so after I made it. If you really actually had to wait an hour to load the thread after clicking it, or after refreshing the page, that would be super painful and nobody would want to use the system at all. But we don't need it to be like that.

In other words, the hour delay isn't for you to view a thread, it is for the messages you make to be viewable after someone loads the thread. PIR allows for near real time *loading* of information, with very strong anonymity, but the best way to anonymize the *publishing* of information requires time delays.

To reiterate again, viewing available data can be done extremely anonymously in essentially real time, publishing data extremely anonymously requires (in practice if not theory) significant time delays ~30 minutes - 1 hour , or more. Generally speaking it is safe to assume that the longer you delay the publishing of a message, the more anonymous you can be, but this isn't strictly speaking true, because the real issue is how many other people have sent a message prior to your sent message being made available. The time delay typically will correlate with the number of other people who have sent a message prior to your time delay expiring and your sent message being made available.

I mean realistically, chances are most of the people reading this post are reading it more than an hour after I made it. If it took an hour for it to be published, you wouldn't be any the wiser. But I would have exponentially better anonymity.

36
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 23, 2013, 07:28 am »
^Mixnets are effective against timing correlation attacks because they are nowhere near real time. Problem is, no one wants high latency communication, and that's one of the biggest limiting factors of networks such as Freenet.

I think kmf makes a good point though. Would you rather wait an hour to refresh a page, or have your door busted in by the feds?

The problem is partially that you are thinking in a browser oriented way. Nobody says it needs to take an hour to refresh a page. You can refresh the page in real time if you want. But what you are refreshing is what the page would have looked like exactly an hour ago if it was low latency. When you think of it in that way, and design systems in that way, it becomes less painful. Nobody is saying you need to click on a thread and then wait an hour for your browser to load it. You can click a thread and have it loaded immediately still. But the result that you see will be an hour behind the posts that people have made to it in the mean time. If someone made a post 59 minutes ago, and you click the thread, the thread loads right away still. But it doesn't have that post. When you hit refresh a minute later, it loads instantly again, and now you see the post. Doesn't seem quite as bad when you think of it that way does it?

37
Security / Re: Can your encrypted vpn see your unencrypted traffic?
« on: September 21, 2013, 11:28 pm »
also keep in mind that if you are in USA or UK etc, no matter where your VPN is your traffic is going to cross through NSA monitored IX's on the way to it. So pretty much you are fucked from traffic analysis perspective no matter what.

38
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 21, 2013, 11:22 pm »

Freenet is the only network I am aware of that provides plausible deniability. It is kind of mid-latency. Mix networks do prevent timing correlation attacks, but they also prevent a hell of a lot of other attacks. Also, I see no reason why they cannot be used for commerce. Do you really need to get updates every two seconds? Or can you wait an hour or two after someone makes a post before you can see it? Do you need your posts to be visible right after you hit post, or can you wait and hour or two for people to see it? Even adding an hour or two of delay between messages being posted and messages being available will give the possibility of having exponentially more anonymity than Tor has.

An hour? People get pissed when it takes more than 15 seconds to load a page.

People gonna be even more pissed when feds kick their doors down.

Quote
That might be true for tor and i2p, but its not true for freenet. I believe this isnt due to the high latency or the fact that they are just relays, but the fact the network is designed to relay data randomly and automatically (for data redundancy), therefore even if an attacker had a full view of the network they wouldnt be able to tell who requested what.

Freenet would be more resistant to it but maybe not immune. I am not Freenet expert, but I think many attacks against Freenet require a local external attacker (IE: the users ISP) in order to easily get around plausible deniability. Freenet is the most resistant of all the current networks to anonymity attacks. Even I2P seems like it would be more resistant than Tor, because I2P has some plausible deniability except in the face of an external attacker as well. If you are the ISP of the target, you can see all traffic into them and out of them. If you are not the ISP, you cannot tell for certain if traffic from them is being forwarded through them or if it originates from them, even if you are all nodes connected to them you cannot really be certain of this without an external position. Tor is actually pretty weak to internal attackers in this regard, due to the fact that clients are not relays.

Quote
The problem with tor/i2p is everything is on a command basis, so its trivial to say "well this server received a request for this data and this node sent a request for something within x timeframe therefore there is a high probably they are linked". I suppose this is the problem with low latency systems, it always comes down to resources otherwise the relays could just send junk data all day and it would be impossible for an attacker to tell what is real.

Constant rate cover traffic is a technique that can provide perfect anonymity in low latency. But it requires too much bandwidth to be feasible. It pretty much has the same anonymity as a DC-net.

Quote
edit: wait, you are saying that all it would take is for the botnet owner to set all his zombies to run as relays to deanonymize TOR?

Well, if the botnet owner had all his nodes are relays he could easily deanonymize Tor 100% instantly. But he cannot get all of his nodes to be relays because nodes are screened by directory authority servers that have mechanisms in place to protect from botnet flood attacks. Unlike I2P and unlike Freenet.

39
Security / Re: completely removing tor from computer
« on: September 21, 2013, 11:09 pm »
just dban or secure erase. Every week we get people asking this question and a thousand people giving crazy ideas like put it in microwave or pour cup of water on it. Just wipe the damn thing with DBAN or Secure Erase. Preferably Secure Erase followed by DBAN. Secure Erase is best. DBAN is second best. Both provides defense in depth in case of implementation errors in either. Nothing else is likely to be as secure short of melting the thing down into a liquid.

40
Philosophy, Economics and Justice / Re: little rant
« on: September 21, 2013, 11:05 pm »
the problem as i understand it is that the authorities are trying to kill off the mdma trade by restricting movement of ingredients, as a result less safe compounds are being passed off as mdma and subsequently the mortality rate rises.....brilliant harm reduction result there from the twats in charge.

dont worry, we'll save your kids from the horrors of clean mdma...by killing the little fuckers in a heatstroke pma nightmare.

and then when the kids die from the PMA everybody says it is MDMA and they all rally around the war on drugs to restrict it even more, and then even more kids die.

41
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 21, 2013, 10:05 pm »
NOW b4 u all get paranoid, this is what keeps the NSA from knowing FOR SURE, its called ENCRYPTION and it prevents a passive observer from seeing what you are sending and who you are sending to.

In some cases it can prevent them from seeing what you are sending, but it cannot prevent them from seeing who you are sending it to. And in many cases knowing who you are sending something to is enough for them to determine what you are sending. If NSA is correlating my traffic right now, they can see I sent a message of a certain size to SR forum. Quick timing and stream size analysis will allow them to determine this is the message I sent, despite the fact that it was encrypted all the way to the server.

Quote
NOW what is getting everyone all in a ruff over the security of tor are the recent revelation that the NSA MIGHT JUST HAVE COMPROMISED THE ENCRYPTION STANDARD THAT TOR RELIES UPON AND POSSIBLY EVERY ENCRYPTION STANDARD THERE IS. Very intelligent people are working on this at the moment but these things take time. AS IT STANDS CRYPTO MATH IS IMPOSSIBLE TO DECRYPT WITHOUT HAVING THE KEY EVEN WITH A MILLION BILLION SUPERCOMPUTERS, but the implementation of the math is where the NSA may have attacked, and has attacked before as revealed by the Snowden intel.

We are not by any means only worried about the NSA cracking 1,024 bit DH and RSA. We are also worried about traffic analysis, and hacking of Tor relays to aide in traffic analysis. Also, some people now think the NSA can crack 1,024 bit DH and RSA without the key.

Quote
There however is another form of network, its called HIGH LATENTCY. As was described earlier in this thread, you send a request and it gets bounced around the network until it gets back to you. LATENTCY = TIME, so this type of network CANNOT BE USED FOR COMMERCE. The reason high latentcy is considered more secure is that it makes it impossible to do a timing correlation attack as every node takes it sweet fucking time. Also these networks typically provide PLAUSABLE DENIABILITY. That is everyone acts as a relay so its all but impossible to say any one node "requested" or sent information to or from another node.

Freenet is the only network I am aware of that provides plausible deniability. It is kind of mid-latency. Mix networks do prevent timing correlation attacks, but they also prevent a hell of a lot of other attacks. Also, I see no reason why they cannot be used for commerce. Do you really need to get updates every two seconds? Or can you wait an hour or two after someone makes a post before you can see it? Do you need your posts to be visible right after you hit post, or can you wait and hour or two for people to see it? Even adding an hour or two of delay between messages being posted and messages being available will give the possibility of having exponentially more anonymity than Tor has.

Quote
This is where TOR needs to change. Timing attacks would mean diddly fucking squat if everyone acted as a relay (i2p's main strong point). Also this stupid fucking botnet bullshit TOR is suffering from could not happen if everyone acted as a relay, in fact it would make the network substantially stronger.

Wrong, timing attacks still work against I2P, especially in the face of a global external attacker. At best I2P might be able to (I bet it can) add plausible deniability from timing attacks if the attacker is only internal at the target (IE: the clients entry node, not the clients ISP). If everybody was a relay and the botnet was as well, the owner of the botnet would have broken Tor anonymity entirely. They have 5,000,000 nodes, there are like 500,000 legitimate Tor users a day.

Quote
But then if NSA has compromised crypto then all is lost. But until then TOR needs to change from its leecher model and move towards a bittorrent/freenet/i2p/everyfuckingdecentsecurenetwork "give as much as you take" model. This can easily be achieved by following in freenets footsteps and make it hard to use the network without being logged in for x number of hours, this will train people to leave tor running. Another way would be to offer a "TOR on a router" package so people dont have to leave their computers running all the time.

my 2c.

If Tor had the same model as I2P this Botnet would have totally deanonymized everybody.

42
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 21, 2013, 09:49 pm »
Quote
High latency networks (like mixnets, Freenet to some degree) don't provide instant gratification.   You request a resource (a message, a copy of a static website, whatever), and that message gets bounced around for a while, and the content works its way back to you.  Maybe in a minute, maybe in a day.   Maybe in 30 seconds.   But the key here is that it's not establishing a *connection* between two points (you and your server/destination) and grabbing the content.  It's you, sending a message, waiting for a response.  Email is high-latency.  Usenet is high-latency.  Downloading a video, then watching it is high-latency. 

How long traffic mixes for is less important than how much other traffic it mixes with. If a message is delayed for two weeks but nobody else mixes traffic on that node, it might as well have been mixed for two seconds. If your traffic is mixed for two seconds but ten thousand other people sent traffic over that node, then it would be just the same as mixing for two weeks with ten thousand other people sending traffic over the node. So the more heavily used a mixnet is the faster it can go while still providing the same level of anonymity. Another technique is called alpha mixing, which is where the messages themselves have user defined time delays per hop. Old mixnets had various other strategies where the user was not in control of their own latency but it was decided by the individual mix nodes. Alpha mixing allows us to lower latency a little bit as well, provided not everybody does. Some people routing high latency traffic over the mixnet gives an anonymity benefit to everybody using the mixnet, including the people routing lower latency traffic over it. This isn't to say that you can use it with no time delays and be fine, but there are techniques to shave some latency away while still keeping anonymity intact.

Quote
When you're talking about an adversary the size of NSA, they're always going to be able to see enough network traffic to follow *connections* around the Internet.   High-latency Mix/etc networks separate the connection from the actual conversation.  This lets them chop the conversation up into pieces, toss it in with other pieces of other people's conversations, and keep an adversary from saying "Aha!  That specific request is from X!  He's sending a message to Y!"

The issue is that, because the NSA can watch most of the links between nodes on any given network, they can indeed follow the packets around. Low latency networks do not mix traffic, they get packets and forward them on as they come. If the attacker watches Alice send a packet to a server and then Bob sends a packet to the same server, he knows that the first packet out of the server belongs to Alice and the second packet out belongs to Bob. So he can follow their traffic around easily. In a mix network, Alice and Bob send their packet to the server as before, but the mix network holds them long enough that it can randomize their output order before sending them on. Now the first packet out has a 50% chance of belonging to Alice and a 50% chance of belonging to Bob. Throw in some randomly generated dummy packets between mixes, and it becomes even harder for the attacker to tell what is going on. 

Quote
No technology is going to keep NSA from seeing that *your IP* is making connections and participating in an anonymity network.   Nor is it going to keep someone that size from seeing what servers you're connecting to.  Or seeing who else is connecting to the same server, and possibly correlating that traffic.

There are covert channel technologies that could make it harder for them to tell, something sort of like bridges on steroids could be made, but it is going to be really hard to protect from a global external attacker anyway. There are systems for Alice and Bob to talk with an extremely low probability of their act of communication being identified, even by an attacker who watches the links of the entire internet. But I think these techniques would work better for a spy to funnel information back to his home country than they would work for bridges to an anonymity network. 

Quote
But it can provide massively better protection against those agencies identifying what you're doing.   In some perfect, "everybody uses a perfect high-latency anonymity technology" world, NSA can still see that you're using anonymity technologies.  Just not what you're doing.  Maybe you're sending an message.  Or participating in a group chat.  Or downloading a catalog of products from a vendor and sending a message to transmit an order.

Pretty much.

Quote
However, we're not just one missing piece of technology away from that happening this week.  kmfkewm's project to build a PIR/etc system is fantastic.  But even if he finishes it tomorrow, and it's ready for production, and he stands one up on the Internet, what you have is a single PIR server, sitting on the Internet, able to securely route messages from Client A to Client B, with nobody else able to see what they're doing.   But they'll still be able to see all the clients connecting to the server.   They can't know what they're doing, but they'll know they're using that server.

A single mix is only good to protect from external attackers anyway. If the mix is bad it can link communicating parties. But a single good mix on a messages path can buy it significant anonymity. With CPIR (which PSS seems to be a type of) it doesn't matter if the server is bad. It is essentially cryptographic anonymity, nobody can tell the messages you download unless they can solve a hard math problem. Also, people would connect to the server via Tor anyway, so nobody who cannot break Tor can tell they are connecting to the server. But hopefully a network of volunteer nodes springs up pretty quickly.

Quote
One single perfect PIR server doesn't fix the problem.  It's a key part of the equation, but it's nowhere near the whole equation.  Sure, it's cryptographically awesome, but from a practical anonymity perspective, if there's just one single server sitting on the Internet, doing amazing crypto stuff, it's really not that much better than a hidden webserver just routing PGP messages between users.   If someone seizes that server, and backdoors it, they're going to be able to see that Client A sent something encrypted to Client B, and because of their NSA-level view of the world, they probably will know who Client A & B are.  Not what they said, but everything else about their conversation.

Well, one of the reasons it is better is because if a server routes GPG messages between users, it knows who is talking to who, and unless the users connect to it with Tor it can easily tell which IP address belongs to which person. With single PIR server the server cannot tell who communicates with who and it cannot link messages to IP addresses. No, even if somebody seizes the server they cannot tell anything. PSS assumes a malicious server the entire time. Unless they can solve a hard math problem, having the server buys them next to nothing. On the other hand if they seize a single mix it is game over because the owner of a mix can follow traffic through their own mix. A mix network needs at least two nodes operated by different individuals to protect from internal attackers, although a single mix can protect from external attackers like the NSA, unless they take the mix over.

Quote
A hundred isolated PIR servers, acting as little individual islands of communication, still basically have the same problem.  They have to be able to communicate with each other, forming a meshed network of mixing and content delivery, that actually decentralize the network.

Certainly they need to form a mesh network. A hundred isolated PIR servers wouldn't work very well.

Quote
kmfkewm, I'd love to know where you see those technologies evolving, and how you see the world working after the actual implementation of PIR/etc technologies.  Is every user node routing traffic for others? Or are they connecting to central servers?  Do PIR storage servers talk to each other, or are they islands?

I see things evolving past the point of browser based applications in many ways, and toward custom security oriented software packages for specific goals. The anonymity of a mix network is actually hurt if it is too big, pretty much the opposite of Tor. The theoretically ideal mix network would consist of one node, from a traffic analysis perspective (or two nodes if you want protection from internal attackers), but in practice it needs more nodes to ensure the two people running nodes don't turn to the darkside etc. The more concentrated traffic is over the mix nodes the better, and the more mix nodes there are the less concentrated traffic over them is. If all users are mix nodes, traffic wont be mixing with much other traffic at any given hop.

I envison a mesh network of maybe 50 or so nodes, each node being a mix and a PIR server, with messages being distributed through the servers with everybody gets everything PIR or something. The shittiest part of this system is the fact that all PIR servers need to have the same database, and that means they need to share all messages they get with each other similar to how BitMessage shares all messages with all users of the system. It would be much nicer if we could have messages segmented and spread across the network to different nodes, instead of a single database mirrored over each node. Doing it this way is kind of crappy, because for one it wastes probably hundreds of terabytes of storage space that will be dedicated to the same mirror, for two it opens up the risk of DDoS attacks since sending a packet to a single node echos it to all nodes, etc. And it is hard to keep good content that is accessed a lot, because the protocol itself prevents anybody from knowing what is being accessed and what is not. So this is not ideal, but I cannot think of a better system that doesn't introduce traffic analysis vulnerabilities. Certainly we can not have different messages tied to different PIR servers, or else Alice could cause Bob to access the various servers in a pattern that she can then identify. Bob could have a single server associated with his pseudonym where all messages to him are sent, but then his anonymity set size immediately falls to the users using that node, and what happens when that node is taken down? If it is malicious it doesn't matter because of PIR, but if it is taken down he needs to go to a new server, this will introduce traffic analysis vulnerabilities as well. So I cannot think of a way to do it other than a mirrored database over all the servers, but what to do about the risk of DDoS , plus it is a fucking shame to waste so many terabytes of space mirroring the same thing over and over again. The biggest win from mirroring the database instead of having it on a single server is that the bandwidth load of clients downloading messages will be distributed, but in reality a single CPIR server is no more insecure than 100 CPIR servers. It doesn't matter if your CPIR server is compromised or not.

If you can think of a better way to manage inter-CPIR server communications etc please let me know.

Quote
And everyone who said "We need an easy way to do that" is hitting the nail perfectly on the head.  Even if the world's best anonymity network is built, if only two people are using it, then it's still not anonymous.  You need more widespread adoption to get the true benefit from mix technologies.   Basically, I have to have enough "other" traffic to mix my traffic with with before I can hide in that traffic.

Yeah one of the hardest issues will be bootstrapping an anonymity set to start with. I will probably suggest people run it sending dummy traffic, but not using it for anything, until it has at least a thousand members.

43
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 21, 2013, 09:13 pm »
I am still supremely confident in my anonymity practices.

I use a super powerful antenna to pick up a free WiFi signal from half a mile away. I log onto this signal with a Linux computer bought with cash that is not used for anything else but SR. I then open a VPN connection from a VPN company in a country that disallows keeping log records. I then open up Tor. And THEN I log onto SR.

They can know the DSN and it won't matter because it is the DSN of the VPN. They can find out the VPN network and it won't matter because there are no logs. They can know my actual physical address of the underlying initial internet access and it won't matter as it is half a mile away from me and not mine. They can hack into my computer and try to determine some identifying information from in it but it won't matter because the computer is clean and was paid for in cash. There is no way to identify me technology wise.

Look if all you use is Tor then they MIGHT be able to use massive amounts of resources representing billions and billions of dollars of several of the biggest countries in the world to find out a real IP for you but that is why you use LAYERS of security and not just one. We are talking about how it might be possible with massive amounts of resources to break this one layer, but add a couple more layers and see what happens. Even if it is technically possible it is just not practically possible.

If you are in USA your traffic to your VPN goes through the same monitored IX's as everybody else, and after they locate the WiFi access point they can pinpoint you with directional antennas.

44
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 21, 2013, 12:53 pm »
Guys this has been in the "issues" and changelog documentation for ages, at least implicitly. It's saying something though when they come out and state it explicitly.

Why are you saying to scrap TOR and start from scratch?? The problem with PUBLIC networks such as tor is that ANYONE can access them. The most secure model could be one that relies on requiring PHYSICAL access. But this doesn't seem at all realistic now does it? We got to stick with the interwebs for now.

that is not the problem with networks like Tor, at all. The more people who use an anonymity network, the better it is. Physical anonymous communication sounds, well, not feasible at all for a large group of people around the entire world to do? Not very anonymous probably, depending on how it is implemented? We saying scrap Tor and start from scratch because Tor model is fucked. I2P model is fucked. VPN model is fucked. Proxy model is fucked. These were always toy technologies to begin with. The real anonymity has always been in the mix network designs. When they made these low latency solutions they said "high latency is not really that user friendly, but it assumes a super strong attacker. Let's try to make it user friendly by assuming a vastly weaker attacker, and hope that there are no super strong attackers". There was a super strong attacker, it was NSA. And GCHQ. And other SIGINT agencies. And they shared intelligence with police, which was a surprise to many including myself. And they networked together into essentially international massive intelligence cooperatives, Australia + UK + Canada + USA SIGINT = tremendously powerful attacker, the type of attacker that the mix networks hoped to protect from but way way past what Tor was ever meant to protect from, way way past what I2P or proxy or VPN was ever meant to protect from. Not only that, but research into these technologies ended up showing over time that they were not even as good against the weaker attackers they set out to protect from as they hoped to be at first. And that research is just stacking up paper after paper. They aimed to add user friendlyness to anonymity by making these technologies, and the cost was to protect from a much weaker attacker than the mix networks. But they under estimated the strength of the attackers in reality and they under estimated how much their designs would weaken the anonymity properties of their networks against the weaker attackers they aimed to protect from. The end result is that their networks are not safe to trust your life to, because not only are there big powerful attackers in reality who they thought they didn't need to protect from because they thought they didn't exist, but the weaker attackers they tried to protect from who they knew existed turned out to be able to do a lot more against their networks than they originally thought they would be able to do. It is a double whammy combo punch and the result is these technologies are KO'ed. Time to bring in the heavy weight boxers, and those are the mix networks, the PIR based solutions, the DC-net based solutions, the covert channel based solutions, etc. Not the low latency proxy with some fancy encryption and padding solutions.

45
Security / Re: Tor update warning: Tor might not protect you from NSA
« on: September 21, 2013, 12:42 pm »
no

Pages: 1 2 [3] 4 5 ... 249