On Wed, Oct 14, 2020, 11:03 PM Karl <[email protected]> wrote: > > > On Wed, Oct 14, 2020, 10:48 PM Peter Fairbrother <[email protected]> wrote: > >> On 14/10/2020 23:59, Karl wrote: >> > >> > >> > On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother wrote: >> >> > To put some BOTE numbers on that, suppose you want to provide for 1 >> > million concurrent users. You have about 150 TB per month user >> traffic >> > to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 >> > Baud. >> > >> > >> > Could you explain your math here? How did 500TB/3 (am I wrong?) become >> > 150MB? >> >> There are 500 raspberry pi's, each on the end of a 1TB/month link. >> That's 500 TB/month total traffic, but dividing by 3 we get >> approximately 150 TB/month user traffic. >> > > How about more routers if there are more users? > > >> With a million users at any time that's 150TB user traffic per month: >> divided by 1 million users that's 150MB per user per month. >> >> As they are concurrent users (the total number of users is higher, but >> at any time 1 million users are using the service) that is 150 million >> bytes per month per user divided by 2,592,000 seconds per month, which >> is 58 bytes per second per user or 463.32 baud. >> >> >> >> Looked at another way, if people always used an anonymity service the >> hops would multiply their traffic by say 5 times (3 times as in TOR is >> not enough). Covertraffic and file size > > > I'm curious why you believe it to be not enough (two seems good enough to > my quick guesses if traffic is constant, but I can't think worth beans); > I'm happy to look at a reference. >
I thought about this a bit, realised some strong danger of only two hops, and realised that more hops are needed if an adversary is running many nodes. Brings ideas of blockchains, trust metrics, friend-to-friend networks. Bandwidth is /5. > padding traffic would at least >> double that, so we would need at least 10 times the normal traffic the >> users created. >> > > I propose constant rate: cover traffic reduces as legitimate traffic > increases. Would this work, do you think? > > >> And you ned a lot of traffic through your anonymisation network to get >> decent anonymity, you need a large anonymity set. >> >> Web traffic is expensive - making it at least ten times more expensive >> is not on, especially if nine tenths of it has to be paid for by someone >> else. >> >> That's not counting the servers etc - getting a pi to handle 386 kB/s >> [1] of anonymity traffic is not trivial, I don't even think it is >> possible. >> > > Mmm might need good bare metal algorithms. Easier to use the client > device which has more CPU. > > >> [...] >> >> > Enforcing TLS is much more reasonable nowadays. (You could add a >> plugin >> > to use http tricks to hide file sizes.). Not what I would focus on once >> > it gets nonsimple. >> >> A good proportion of TOR traffic will be protected by TLS anyway, >> especially those sites which you might not want other people to know you >> are accessing. >> >> Visible file sizes are the main anonymity weakness in TOR. >> >> If you suspect someone you compare the file sizes of the traffic through >> their system with traffic through the exit nodes. >> > > Wouldn't using chaff to make your transfer rate relatively constant close > almost all of this anonymity attack surface? > > >> In the UK at least it is legally fairly easy for the cops to demand that >> info (and most ISPs are legally required to obtain and store that data >> anyway) - getting everyone's traffic info where the cops have no suspect >> is a little harder, but not impossible. >> >> Of course the ordinary cops don't use that power, and the people who do >> use it don't want it known that they can do it, so you will find that >> they make up stories about reused passwords and the like being the >> source of their information. >> >> >> Peter Fairbrother >> >> [1] 1TB/month divided by 2,592,000s/month >> >
