Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote: The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards who are still here than it is about just about anything else. While I don't exactly know why the list died, I suspect it was the fact that most list nodes offered a feed full of spam, dropped dead quite frequently, and also overusing that needs killing thing (okay, it was funny for a while). The list needs not to stay dead, with some finite effort on our part (all of us) we can well resurrect it. If there's a real content there's even no need from all those forwards, to just fake a heartbeat. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On 10/26/05, Shawn K. Quinn [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? This is off-topic. Let's not degenerate into random Microsoft bashing. Keep the focus on anonymity. That's what the cypherpunks list is about. CP
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, 2005-10-27 at 23:28 -0400, R.A. Hettinga wrote: RAH Who thinks anything Microsoft makes these days is, by definition, a security risk. Indeed, the amount of trust I'm willing to place in a piece of software is quite related to how much of its source code is available for review. Surprisingly, I'm not the only one that feels this way. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 8:18 PM -0700 10/27/05, cyphrpunk wrote: Keep the focus on anonymity. That's what the cypherpunks list is about. Please. The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards who are still here than it is about just about anything else. Cheers, RAH Who thinks anything Microsoft makes these days is, by definition, a security risk. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 12:23 PM -0700 10/27/05, Major Variola (ret) wrote: Why don't you send her comma-delimited text, Excel can import it? But, but... You can't put Visual *BASIC* in comma delimited text... ;-) Cheers, RAH Yet another virus vector. Bah! :-) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [PracticalSecurity] Anonymity - great technology but hardly used
The cypherpunks list is about anything we want it to be. At this stage in the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more about the crazy bastards who are still here than it is about just about anything else. Fine, I want it to be about crypto and anonymity. You can bash Microsoft anywhere on the net. Where else are you going to talk about this shit? CP
Re: [PracticalSecurity] Anonymity - great technology but hardly used
From: Eugen Leitl [EMAIL PROTECTED] Sent: Oct 27, 2005 3:22 AM To: Shawn K. Quinn [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used .. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). Not only that, but this is often sensible. Have you noticed the bizarre misfit between our allegedly phonetic alphabet and how things are spelled? Why don't we get everyone to change that? Or the silly insistence of sticking with a base 60 time standard? Or the whole atrocity of English measurements that the US still is stuck with? Oh yeah, because there's an enormous installed base, and people are able to do their jobs with them, bad though these tools are. .. OpenOffice Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. I'll note that you can do the same thing by simply using slightly different versions of Word. MS takes a bad rap for a lot of their software (Excel and Powerpoint are pretty nice, for example), but Word is a disaster. Eugen* Leitl a href=http://leitl.org;leitl/a --John Kelsey
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 8:41 PM -0700 10/27/05, cyphrpunk wrote: Where else are you going to talk about this shit? Talk about it here, of course. Just don't expect anyone to listen to you when you play list-mommie. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Thu, 2005-10-27 at 20:18 -0700, cyphrpunk wrote: This is off-topic. Let's not degenerate into random Microsoft bashing. Keep the focus on anonymity. That's what the cypherpunks list is about. Sorry, but I have to disagree. I highly doubt that Microsoft is interested in helping users of their software preserve anonymity, in fact, evidence has surfaced to indicate quite the opposite. (GUID in Office? The obnoxious product activation requirement? I'm sure there are others.) I would say that helping others get rid of dependencies on Microsoft products is thus advancing the cause of anonymity in cyberspace. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [PracticalSecurity] Anonymity - great technology but hardly used
Travis H. wrote: Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are two problems with this; one, getting enough random data, and two, distinguishing the padding from the real data in a computationally efficient manner on the remote side without giving away anything to someone analyzing your traffic. I guess both problems could be solved by using synchronized PRNGs on both ends to generate the chaff. The two sides getting desynchronzied would be problematic. Please CC me with any ideas you might have on doing something like this, perhaps it will become useful again one day. But this is trivial. Since the traffic is encrypted, you just have a bit that says this is garbage or this is traffic. OTOH, this can leave you open to traffic marking attacks. George Danezis and I wrote a paper on a protocol (Minx) designed to avoid marking attacks by making all packets meaningful. You can find it here: http://www.cl.cam.ac.uk/users/gd216/minx.pdf. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, Oct 26, 2005 at 08:41:48PM -0500, Shawn K. Quinn wrote: 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? Telling is useless. Are you in a sufficient position of power to make them stop using it? I doubt it, because that person will be backed both by your and her boss. Almost always. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. OpenOffice Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 08:41 PM 10/26/05 -0500, Shawn K. Quinn wrote: On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. Why don't you send her comma-delimited text, Excel can import it?
Re: [PracticalSecurity] Anonymity - great technology but hardly used
cyphrpunk wrote: The main threat to this illegal but widely practiced activity is legal action by copyright holders against individual traders. The only effective protection against these threats is the barrier that could be provided by anonymity. An effective, anonymous file sharing network would see rapid adoption and would be the number one driver for widespread use of anonymity. If I thought I was being ripped off by anonymous file sharing, I'd try to push legislation that would mandate registering beforehand any download volume exceeding x per month. Downloaded more than x per month but not registered? Then you'll have to lay open your traffic, including encryption keys. The reasoning would be that most people won't have any legitimate business downloading more than x per month. By adjusting x, you can make a strong case. Once you get this enacted, you first get the ones with huge download volumes; then you lower x and repeat until the number of false positives gets too embarassing. If that seems drastic, just take a look at other legislation that has been enacted recently. I certainly believe that it's possible. Fun, Stephan begin:vcard fn:Stephan Neuhaus n:Neuhaus;Stephan org;quoted-printable:Universit=C3=A4t des Saarlandes;Department of Informatics adr;quoted-printable:;;Postfach 15 11 50;Saarbr=C3=BCcken;;66041;Germany email;internet:[EMAIL PROTECTED] title:Researcher tel;work:+49-681/302-64018 tel;fax:+49-681/302-64012 x-mozilla-html:FALSE url:http://www.st.cs.uni-sb.de/~neuhaus version:2.1 end:vcard
Re: [PracticalSecurity] Anonymity - great technology but hardly used
Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are two problems with this; one, getting enough random data, and two, distinguishing the padding from the real data in a computationally efficient manner on the remote side without giving away anything to someone analyzing your traffic. I guess both problems could be solved by using synchronized PRNGs on both ends to generate the chaff. The two sides getting desynchronzied would be problematic. Please CC me with any ideas you might have on doing something like this, perhaps it will become useful again one day. On packet-switched networks, running full speed all the time is not very efficient nor is it very friendly to your neighbors. Again, if you have any ideas on how to deal with this, email me. Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. In this case, the fact that the HR person (a third party to the transaction) is using it forces me to buy it from Microsoft. Similarly, the more people use digital cash, the more likely I am to decide to use it. The more Tor nodes we have, the more high speed and close nodes there will be, and the more enjoyable the experience will be (assuming Tor is smart enough to use the close, fast nodes). For more information on network externalities, see the book Information Rules, available from Amazon for just over $4. Everyone working in IT or interested in computers should read that book. Another issue involves the ease of use when switching between a [slower] anonymous service and a fast non-anonymous service. I have a tool called metaprox on my website (see URL in sig) that allows you to choose what proxies you use on a domain-by-domain basis. Something like this is essential if you want to be consistent about accessing certain sites only through an anonymous proxy. Short of that, perhaps a Firefox plug-in that allows you to select proxies with a single click would be useful. It would be nice if the protocols allowed you to specify a chain of proxies, but unfortunately HTTP only allows you to specify the next hop, not a chain of hops. Perhaps someone could come up with an encapsulation method and cooperative proxy server that is more like the old cpunk remailers, using nested encrypted envelopes in the body of the request. Perhaps crowds or Tor already does this, I don't know. Where anonymizing facilities fail are fairly obvious to anyone who has used them, listed in descending order of importance: ease of configuration (initial setup cost) ease of use locator services for peers or servers network effects (not enough people using it) efficient use of resources (see quote in sig about why this is the least important) There are some technical concerns limiting their security: resistance to traffic analysis or trojaned software ad-hoc systems for crypto key updates or revocation I think one way to encourage adoption is to amortize the cost of setup over a group of people. For example, everyone who reads this could set up a hardened co-loc box and install all the relevant software, then charge their friends a small fee to use it. An ISP could make these services available to their customers. An ASP could make them available to customers over the web. People could start creating open-source Live! CD distributions* with all the software clients installed and preconfigured (or configured easily through a wizard-like set of menus invoked automatically at bootup). With Live! CDs in particular, you'd have a bit of a problem with generating crypto keys since the RNG fires up in the same state for everyone, but perhaps you could seed it by hashing the contents of a disk drive, or the contents of memory-mapped hardware ROMs (e.g. ethernet MAC address), network traffic, and/or with seed state persisted on a removable USB drive. [*] See http://www.frozentech.com/content/livecd.php I don't see a distro specifically for anonymity; if you have friends who want to create Yet Another Linux Distro, perhaps they could fill this niche. Two alternatives suggest themselves; a client distro for end-users and a server distro for people with a machine that's not doing anything. You'd just pop in the CD and it announces its availability to various locator services to act as a Tor, mixmaster, or whatever node. Again, keep me informed if anyone starts work on this. -- http://www.lightconsulting.com/~travis/ -- We already have enough fast, insecure systems. --
Re: [PracticalSecurity] Anonymity - great technology but hardly used
--- Travis H. [EMAIL PROTECTED] wrote: [snip] Another issue involves the ease of use when switching between a [slower] anonymous service and a fast non-anonymous service. I have a tool called metaprox on my website (see URL in sig) that allows you to choose what proxies you use on a domain-by-domain basis. Something like this is essential if you want to be consistent about accessing certain sites only through an anonymous proxy. Short of that, perhaps a Firefox plug-in that allows you to select proxies with a single click would be useful. You can already do the latter with SwitchProxy (http://www.roundtwo.com/product/switchproxy). Basically, it's a Firefox extension that saves you the trouble of going into the 'preferences' dialogue everytime you want to switch from one proxy to another (or go from using a proxy to not using one, that is). It works like a charm with tor and a local proxy. It also has a Anonymizer mode, which cycles through a list of proxies in an attempt to give you some kind of pseudo-anonymity (which I guess is good enough for many people). Jörn __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On 2005-10-26T08:21:08+0200, Stephan Neuhaus wrote: cyphrpunk wrote: The main threat to this illegal but widely practiced activity is legal action by copyright holders against individual traders. The only effective protection against these threats is the barrier that could be provided by anonymity. An effective, anonymous file sharing network would see rapid adoption and would be the number one driver for widespread use of anonymity. If I thought I was being ripped off by anonymous file sharing, I'd try to push legislation that would mandate registering beforehand any download volume exceeding x per month. Downloaded more than x per month but not registered? Then you'll have to lay open your traffic, including encryption keys. The reasoning would be that most people won't have any legitimate business downloading more than x per month. By adjusting x, you can make a strong case. Once you get this enacted, you first get the ones with huge download volumes; then you lower x and repeat until the number of false positives gets too embarassing. This legislation would also require mandatory reporting by ISPs of subscribers' traffic patterns? Most people don't have any legitimate business writing for public consumption on blogs. Most people don't have any legitimate business owning cars that can go over 75MPH. Most people don't have any legitimate business for owning more scary-looking black rifles. If you tried to push this hypothetical legislation, you'd end up on some cypherpunk's to-kill list. Of course, those threats are all hot-air. Has anyone who's life has been threatened on cypherpunks-l (since Jim Bell) gotten so much as a scratch at the hands of a threatener? -- This is not the grand arena.
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, 26 Oct 2005, JЖrn Schmidt wrote: --- Travis H. [EMAIL PROTECTED] wrote: [snip] Another issue involves the ease of use when switching between a [slower] anonymous service and a fast non-anonymous service. I have a tool called metaprox on my website (see URL in sig) that allows you to choose what proxies you use on a domain-by-domain basis. Something like this is essential if you want to be consistent about accessing certain sites only through an anonymous proxy. Short of that, perhaps a Firefox plug-in that allows you to select proxies with a single click would be useful. You can already do the latter with SwitchProxy (http://www.roundtwo.com/product/switchproxy). Basically, it's a Firefox extension that saves you the trouble of going into the 'preferences' dialogue everytime you want to switch from one proxy to another (or go from using a proxy to not using one, that is). In fact, it is possible to setup it all thru privoxy alone: # 5. FORWARDING # = # # This feature allows routing of HTTP requests through a chain # of multiple proxies. It can be used to better protect privacy # and confidentiality when accessing specific domains by routing # requests to those domains through an anonymous public proxy (see # e.g. http://www.multiproxy.org/anon_list.htm) Or to use a caching # proxy to speed up browsing. Or chaining to a parent proxy may be # necessary because the machine that Privoxy runs on has no direct # Internet access. # # Also specified here are SOCKS proxies. Privoxy supports the SOCKS # 4 and SOCKS 4A protocols. [...] # 5.1. forward # # # Specifies: # # To which parent HTTP proxy specific requests should be routed. # # Type of value: # # target_pattern http_parent[:port] # # where target_pattern is a URL pattern that specifies to which # requests (i.e. URLs) this forward rule shall apply. Use / # to denote all URLs. http_parent[:port] is the DNS name or # IP address of the parent HTTP proxy through which the requests # should be forwarded, optionally followed by its listening port # (default: 8080). Use a single dot (.) to denote no forwarding. Btw, I guess everybody who installs tor with privoxy has to know about this since he has to change this section. The problem is that it is not clear how to protect against `malicious' sites: if you separate fast and tor-enabled sites by the site's name, e.g., tor for search.yahoo.com, and no proxy for everything else, yahoo can trace you thru images served from .yimg.com; OTOH if you change proxy `with one click' first of all you can easily forget to do it, but also a site can create a time-bomb -- a javascript (or just http/html refresh) which waits some time in background (presumably, until you switch tor off) and makes another request which allows to find out your real ip. -- Regards, ASK
Re: [PracticalSecurity] Anonymity - great technology but hardly used
Hello, At 25/10/05 07:18, cyphrpunk wrote: http://www.hbarel.com/Blog/entry0006.html I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are deployed just to fulfill the wish of particular users then it may fail, because most users don't have that wish strong enough to pay for fulfilling it. An example for such an application (that requires anonymity by design) could be E-Voting, which, unfortunately, suffers from other difficulties. I am sure there are others, though. The truth is exactly the opposite of what is suggested in this article. The desire for anonymous communication is greater today than ever, but the necessary technology does not exist. ...snip... For the first time there are tens or hundreds of millions of users who have a strong need and desire for high volume anonymous communications. These are file traders, exchanging images, music, movies, TV shows and other forms of communication. The main threat to this illegal but widely practiced activity is legal action by copyright holders against individual traders. The only effective protection against these threats is the barrier that could be provided by anonymity. An effective, anonymous file sharing network would see rapid adoption and would be the number one driver for widespread use of anonymity. But the technology isn't there. Providing real-time, high-volume, anonymous communications is not possible at the present time. Anyone who has experienced the pitiful performance of a Tor web browsing session will be familiar with the iron self-control and patience necessary to keep from throwing the computer out the window in frustration. Yes, you can share files via Tor, at the expense of reducing transfer rates by multiple orders of magnitude. ...snip... I agree with what you say, especially regarding the frustration with TOR, but I am not sure it contradicts the message I tried to lay out in my post. Secure browsing is one instance of anonymity applications, which, as I mentioned, is used. I completely agree that technology may not be mature enough for this other instance of anonymity applications, which is anonymous file sharing. My point was that there is a lot of anonymity-related technology that is not used, especially in the field of finance; I did not claim that there are technological solutions available for each and every anonymity problem out there. I apologize if this spirit was not communicated well. It's not that we have everything - it's that we don't use most of what we do have, although we once spent a lot of efforts designing it. Regards, Hagai.
Re: [PracticalSecurity] Anonymity - great technology but hardly used
http://www.hbarel.com/Blog/entry0006.html I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are deployed just to fulfill the wish of particular users then it may fail, because most users don't have that wish strong enough to pay for fulfilling it. An example for such an application (that requires anonymity by design) could be E-Voting, which, unfortunately, suffers from other difficulties. I am sure there are others, though. The truth is exactly the opposite of what is suggested in this article. The desire for anonymous communication is greater today than ever, but the necessary technology does not exist. For the first time there are tens or hundreds of millions of users who have a strong need and desire for high volume anonymous communications. These are file traders, exchanging images, music, movies, TV shows and other forms of communication. The main threat to this illegal but widely practiced activity is legal action by copyright holders against individual traders. The only effective protection against these threats is the barrier that could be provided by anonymity. An effective, anonymous file sharing network would see rapid adoption and would be the number one driver for widespread use of anonymity. But the technology isn't there. Providing real-time, high-volume, anonymous communications is not possible at the present time. Anyone who has experienced the pitiful performance of a Tor web browsing session will be familiar with the iron self-control and patience necessary to keep from throwing the computer out the window in frustration. Yes, you can share files via Tor, at the expense of reducing transfer rates by multiple orders of magnitude. Not only are there efficiency problems, detailed analysis of the security properties of real time anonymous networks have repeatedly shown that the degree of anonymity possible is very limited against a determined attacker. Careful insertion of packet delays and monitoring of corresponding network reactions allow an attacker to easily trace an encrypted communication through the nodes of the network. Effective real-time anonymity is almost a contradiction in terms. Despite these difficulties, file trading is still the usage area with the greatest potential for widespread adoption of anonymity. File traders are fickle and will gravitate rapidly to a new system if it offers significant benefits. If performance can be improved to at least approximate the transfer rates of non-anonymous networks, while allowing enough security to make the job of the content lawyers harder, that could be enough to give this technology the edge it needs to achieve widespread acceptance. CP