Anthony Papillion writes: > It's up to us to protect ourselves and, thankfully, we have the > technology to do just that.
(As I suggested in a previous message, I strongly support greater use of privacy-enhancing technologies, and finding tactics to increase the demand for them.) I think it's become clear that traffic and location data is much harder to protect technologically than "content". Advocates for privacy-enhancing technology sometimes don't appreciate or don't effectively communicate the scope of this problem. I've seen a lot of people in the last day or so referring to the need to encrypt everything. Encrypting everything is surely of tremendous benefit for privacy, but in low-latency packet-switched networks, it has no effect at all on the ability to perform traffic analysis. In order to get networks that we don't control to deliver our communications to the parties we choose, we have to tell the intermediaries who run the networks where to send the communications, affixing identifiers like IP addresses and PSTN numbers. Then the network operators can record and disclose all of that information. And the implications of that information are significant, especially when it includes or implies location data. We just recently had a discussion here that touched on how difficult it might be to make a mobile phone that doesn't allow location tracking. I think it's possible with a significant engineering effort, but the easiest ways to design and deploy mobile communications networks all automatically make users' locations trackable. The best widely-used tool to defend against traffic analysis is Tor, but Tor's developers readily concede that it has a lot of important limitations and that there's no obvious path around many of them. Two of these important limitations (not the only ones) are: ① Anonymization adds latency to communications. Better anonymization usually adds more latency. Everywhere else, communications engineers are struggling to take the latency out of people's communications. At least in some systems, anonymity engineers are struggling to put it in. ② Network adversaries can notice that things coming out of a system correspond to things going in. Here's one of many statements of these two issues as they relate to systems like Tor: Furthermore, Onion Routing makes no attempt to stop timing attacks using traffic analysis at the network endpoints. They assume that the routing infrastructure is uniformly busy, thus making passive intra-network timing difficult. However, the network might not be statistically uniformly busy, and attackers can tell if two parties are communicating via increased traffic at their respective endpoints. This endpoint-linkable timing attack remains a difficulty for all low-latency networks. http://www.freehaven.net/src/related-comm.thtml These issues are less severe if people are using e-mail or (maybe better yet) forum posting, over an encrypted channel to a popular service that many people use. But they're quite serious for voice calls, video conferencing, and even instant messaging. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
