-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lots of words to say that you do not want the system analyzed by outsiders.
Arrakis wrote: > Robert, > >> At first glance your statement above could be taken to suggest that Onyx >> provides provably better anonymity than Tor. A second reading suggests >> that you are merely claiming Onyx deploys additional techniques that are >> regularly investigated for their anonymity properties, while at the same >> time overcoming certain attacks that Tor is still susceptible to. > > As there is no metric for measuring anonymity, it would be accurate to say > that it is not going to be provable. What we can do is say such a property > reasonably appears to exist, and make our determinations from there. > >> Would you agree that: >> >> - Onyx has not been the subject of independent analysis thus far, so its >> anonymity properties are an open question. > > One problem with the idea of "independent analysis" when applied to > technology, is that it requires that there is an independent analyst with > equivalent or superior knowledge to the system provider and tools with > which to measure a test, and a metric for measurement. Anything less and > you end up with an estimation that is less matched to the analyst's > ability, and more synchronized to the analyst himself. > > If you are providing a system with young technologies implemented in a > unique manner, you are unlikely to find an independent analyst with > mastery in these implementations, or the ability to test, much less > measure the veracity of such claims. The use of independent analysis will > probably come down to warm fuzzies regarding your trust of the reputation > / authority of the analyst, instead of measurement of the system itself. > Even then, he can only say at best that it *appears* to have these > properties. > > However, logically it is possible to disprove claims. If we could agree > on the mastery of the analyst, and his/her independence, then I don't see > why we wouldn't allow such attempts. > > Unfortunately, the best possible result you can hope for from the analyst > is "I couldn't break the system, it appears to be what is purports" which > isn't going to be an affirmative response, and would be the same response > given by any less-than-qualified analyst. > > This is where we get back to needing a metric to measure anonymity, > otherwise we are snipe-hunting for warm fuzzies. Would you agree? > >> - Some of the features you describe are not proven to provide better >> anonymity (e.g. traffic padding). > > As there is no metric of measuring anonymity, it would be a moot point > to say there is a technically "better" anonymity. What we can say is this > provides what appears to be better anonymity because of a sound design. > > In this specific instance, the matter is that padding increases the > opacity of the context of a transmission. This generally assumes that the > less accurate data an adversary has to perform traffic analysis, the > weaker the signal intelligence and thus the better the anonymity will be. > > Perhaps an analogy would be two gifts under a Christmas tree. One is > shrink-wrapped and you can clearly see the outline of the object and the > other is padded in a box. To a casual observer, I could estimate that it > is easier to determine the contents of the shrink-wrapped item rather > than the item in the box. Probably not the best analogy, but just at the > top of the mind. > >> - Onyx's immunity to sybil attacks and exit node injection is not explicit >> in its design. This immunity depends on the behaviour of the network >> operators. > > That is correct, we verify the integrity of the nodes and extend > commensurate trust to the operators of those nodes, which is based > on a reputation system. A pertinent difference is that operators do not > volunteer, they are only invited, so there is little opportunity for > malicious nodes. > >> - Are there plans afoot to open Onyx to independent investigation without >> becoming a paying customer? Does the design of the Onyx network allow such >> investigation? > > If a metric for measuring anonymity is established, I think we would > gladly welcome such an investigation. > >> - Isn't the use of a small number of privately, centrally owned servers to >> provide an anonymity network inherently problematic? Doesn't the anonymity >> of the client on such a network depend almost completely on the integrity >> of the network operator (i.e. xerobank)? > > The network node ownership and operation is completely decentralized and > distributed. Nodes are owned and operated by different corporations in > unique jurisdictions, differing from the location of the nodes they operate. > >> Apologies if some of my questions/assumptions above could be answered or >> contradicted by reading the whitepaper in full, but I'm sure they >> represent the sentiments of many readers on this list who are a little >> skeptical of what kind of beast Onyx actually is but aren't prepared to >> analyse it in any depth. This would certainly be a good opportunity for >> clearing such matters up with or-talk cynics such as myself. > > It's my pleasure. These are complicated subjects to say the least. > > Steve > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk5mIYACgkQ3ju7mowpX9XwIACfVIFAjRpNO2zchwfCGhWekKuZ f2IAoMKTq+yc7iz1NGb2vc0ldkJOXaTJ =tBrw -----END PGP SIGNATURE-----
