On 13 Sep 2013, at 21:46, Nico Williams wrote: > On Fri, Sep 13, 2013 at 03:17:35PM -0400, Perry E. Metzger wrote: >> On Thu, 12 Sep 2013 14:53:28 -0500 Nico Williams >> <n...@cryptonector.com> wrote: >>> Traffic analysis can't really be defeated, not in detail. >> >> What's wrong with mix networks? > > First: you can probably be observed using them. Unless too many people > use mix networks you might just end up attracting unwanted attention: > more passive surveillance, maybe even active attacks (at the limit very > physical attacks).
I do wonder what the problem with being observed using it is though. I understand the problem and the want to not have traffic analysis done on your communications but what's the practical effect on your communications if they are? If I think about what I'm bothered about. I do work part-time for an arm of government. I don't like the idea that someone is out there with a big ear-trumpet recording all my communications. I like to be able to discuss the rights & wrongs of mass surveillance but at the same time I don't want to be labelled a dangerous subversive. I like to have a moan about things I dislike but I don't want those to re-appear at some meeting where I'm called in for a meeting, hat on, without coffee. At least not where I've not been compelled to produce them (at least I know what's coming!). So privacy on the messages is important to me but not necessarily is it of *equal* importance that my communications partners are hidden. I might swap emails with Ben, Ben likes a good moan too, we both work for the same branch. The fact that I work with Ben and talk to him is neither here nor there. For example, Hemlis is taking on the problem of obscuring traffic with regards to the 'who' you're talking to and not just the 'what'. I wonder how important that is, really, especially when they're talking about centralised control of user information to ensure security, but haven't addressed what happens when they're compelled to help people game their own system (the it's ok, we'll go to prison before we help the spooks I always find a bit weak, what if they turn up with a car battery and a pair of pliers?) It's not clear how they're going to do any of this yet. All in all they seem to have good intentions but I fear they're falling into the trap of trying to solve the 'interesting' problems as a priority without having a consistant plan. I'm sure they'll come up with some sort of mix network. > > Second: I suspect that to be most effective the mix network also has to > be most inconvenient (high latency, for example). That probably means > mix networks won't be popular enough to help with the first problem. As Perry points out in his August posts, latency is less important although for instant messaging traffic people do kind of want 'instant' for a low enough value of latency. The latency though is only of massive importance if it's critical that who you talk to be obscured as well. If you have *some* idea of the people in a network who are communicating with each other there also needs to be enough bandwidth to hide your messages in, as you're probably already observing the traffic close (or fairly close) to the endpoint it's being delivered to. I took an approach in the system that I built of batching messages together inside an encrypted bundle and padding them with junk so that you got a message every x minutes or x seconds and it was always at least y size regardless of if there was anything in it for you of interest or not. If messages were over y size, they split and queued up for the next interval. > > Third: the mix network had better cross multiple jurisdictions that are > not accustomed to cooperating with each other. This seems very > difficult to arrange. Specifically on the jurisdictional point: I've looked into this, I did some research into cloud providers in different jurisdictions. After all if it's going to scale you're unlikely to be building data centres on the way to the system becoming successful. It is possible that you don't actually need to go to the extremes of routing stuff via Russia, China Egypt and Pakistan. I've got another discussion on another list about what entities that are allowed to co-opoerate can actually do on behalf of each other. It turns out there is an interesting disconnect between Irish law and the UK law (I picked Irish law because Amazon's european operations are in Ireland) You have to decide if you are worried about co-operation as allowed by law or not for the jurisdiction you're in, i.e. are you going to go to prison or not. The main instrument of cooperation here is a thing called an MLAT, a mutual legal assistance treaty and they're signed with an awesome number of countries. They only enable cooperation to the extent that local law allows and have different rules about support that allows evidence that can be admissible in court and other kinds of support. So it comes back to what you're worried about, it doesn't have to be about absolutes Max > > I'd love to be disabused of the above though. > > Nico > -- > _______________________________________________ > The cryptography mailing list > email@example.com > http://www.metzdowd.com/mailman/listinfo/cryptography _______________________________________________ The cryptography mailing list firstname.lastname@example.org http://www.metzdowd.com/mailman/listinfo/cryptography