So one of the scary things here is that we’re just not even sure how to exist in a complete—what’s called "global passive adversary world," where they can watch the entire internet. And so, this is, I think, an existential threat to anonymity online, to privacy and to security of everyday people.
Maybe not with low latency but that is what high latency mix networks are made for. Global passive adversary can watch all traffic BETWEEN all nodes on the network, which is end of story for low latency anonymity they completely defeat it. If you have high latency traffic, and the mixes re-order thousands or tens of thousands of messages before sending them to the next mix which does the same thing, as long as there is absolutely no other linkability between individual messages at each hop, it takes a global passive adversary a long time to gather enough information to carry out deanonymizing attacks against the mix network. If you have a highly used and highly secured (talking military grade protection from hackers penetrating the mix to observe the re-ordering, tamper resistant / signal shielding cases to prevent someone with physical access from doing the same) mix network, you can do a decent job of resisting a global passive adversary. In the end they will always win unless there is constant rate cover traffic, but you can make it so the number of messages you need to send under a pseudonym before they can tie that pseudonym to a person, is large.
Another option, although bandwidth and other constraints may make it more theoretical than practical, is the use of dining cryptographer networks (DC-nets), which offer cryptographically provable anonymity to within a set size (usually the set size of all participants on the network, although it is possible to make intertwined DC-nets that offer perfect anonymity only within the sub-sections).
Low latency anonymity is dead against powerful signals intelligence agencies, it probably has been for at least the past decade. It might be dead in the not so distant future if federal police get access to information that used to be only in the realm of signals intelligence. But even though browsing the 'regular' internet anonymously (and I include hidden services in this definition of 'regular internet') may be fatally wounded, there are still *much* stronger solutions than Tor, I2P or Freenet in the world of academia and theory. Anonymity online will not die in a GPA world, it will just be much slower (talking hours to days for a message to go from one communicator to the other/s), only support sending small messages (no downloading large files, just text messages images and maybe small files like mp3s), and probably not at all compatible with web browsers (it will require custom client and server components).
Membership concealment will be dead in such a world though. You will not really be able to hide the fact that you are a user of a given mix network, unless you use open Wifi from random locations or something. This is pretty shitty too for us, since vendors leak rough geolocation intelligence when they ship product, it is best to hide that they are also users of a communications network to avoid these crowds from being intersected. Let's hope when FBI/DEA/ICE are GPA, that a lot of people are willing to use mix network, to create large crowds in arbitrary geographic regions.
Show Posts