Re: traffic analysis (was: blackmail / stego)

2003-08-28 Thread David Honig
At 01:01 PM 8/27/03 -0700, Jim McCoy wrote: While IANL, it seems that the whole anonymity game has a flaw that doesn't even require a totalitarian regime. I would direct you to the various laws in the US (to pick a random example :) regarding conspiracy. Subscribing to an anonymity service

Re: traffic analysis

2003-08-28 Thread An Metet
Jim McCoy writes: While IANL, it seems that the whole anonymity game has a flaw that doesn't even require a totalitarian regime. I would direct you to the various laws in the US (to pick a random example :) regarding conspiracy. Subscribing to an anonymity service might not become

Re: blackmail / real world stego use

2003-08-28 Thread Ed Gerck
bear wrote: On Wed, 27 Aug 2003, Ed Gerck wrote: OTOH, it is possible that the dutch man was traced not by a one time download of the image but by many attempts to find it, since the upload time of the image to the site was not exactly known to him and time was of essence. In this case,

Re: traffix analysis

2003-08-28 Thread Anonymous
John S. Denker writes: A scenario of relevance to the present discussion goes like this: -- There exists a data haven. (Reiter and Rubin called this a crowd.) -- Many subscribers have connections to the haven. -- Each subscriber maintains a strictly scheduled flow of

Re: traffix analysis

2003-08-28 Thread Steve Schear
At 09:17 PM 8/27/2003 -0500, Anonymous wrote: It will often be possible to also trace the communication channel back through the crowd, by inserting delays onto chosen links and observing which ones correlate with delays in the data observed at the endpoint. This way it is not necessary to monitor

Re: traffix analysis

2003-08-28 Thread Adam Back
I agree with anonymous summary of the state of the art wrt cryptographic anonymity of interactive communications. Ulf Moeller, Anton Stiglic, and I give some more details on the attacks anonymous describes in this IH 2001 [1] paper: http://www.cypherspace.org/adam/pubs/traffic.pdf which

Re: traffic analysis

2003-08-28 Thread John S. Denker
A couple of people wrote in to say that my remarks about defending against traffic analysis are not true. As 'proof' they cite http://www.cypherspace.org/adam/pubs/traffic.pdf which proves nothing of the sort. The conclusion of that paper correctly summarizes the body of the paper; it says