annotate doc/www.anonet2.org/public_pod/anonymity.pod @ 283:16c5e9d0b6f5 draft

Merge branch 'master' of git://git1.somerandomnick.ano
author Ivo Smits <Ivo@UCIS.nl>
date Tue, 23 Nov 2010 06:00:05 +0100
parents 5100b1fb4f5c
children a29e72c5408d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
113
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
1 =head1 AnoNet2 - Anonymity & Pseudonymity
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
2
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
3 Back to homepage - L<http://www.anonet2.org/>
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
4
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
5 =head2 Introduction
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
6
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
7 This page is intended to explain a bit of the theory behind anonymity
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
8 and pseudonymity. If your goal in joining AnoNet is to protect your
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
9 anonymity, this page may help you avoid some "leaks."
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
10
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
11 =head2 Definition
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
12
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
13 Anonymity translates literally into "having no name," and means having
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
14 no useful identification "marks" ("useful" being defined as "usable
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
15 for future find operations"). While it's technically possible to be
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
16 truly anonymous on AnoNet, true anonymity is not really necessary (nor
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
17 desirable) in order to achieve the goals that most guys here expect.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
18 Pseudonymity ("having no real name") is what most of us are here to
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
19 achieve. (Most of us don't care if you can find us again on AnoNet
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
20 (and in fact, we normally _want_ you to). We only care if you can find
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
21 us _outside_ AnoNet.) However, the theory behind both is quite similar,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
22 since the potential attacks against both are quite similar. Therefore,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
23 this page primarily concerns itself with true anonymity on the assumption
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
24 that a certain amount of correlation between your actions is already
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
25 feasible for an attacker.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
26
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
27 =head2 Introduction to Triangulation
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
28
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
29 The fundamental method that people use for identification is
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
30 triangulation, where we look at something from a bunch of different angles
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
31 and then narrow down our guesses to items that match that combination
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
32 of observations. For example, a duck is something that looks like
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
33 a duck, quacks like a duck, etc. It should go without saying, then,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
34 that our goal here is to avoid others being able to apply triangulation
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
35 "against" us. That is, our goal is to prevent triangulation "attacks."
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
36
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
37 =head2 Simple Triangulation
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
38
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
39 If you see someone on a chatroom around 1800 GMT, and he tells you that
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
40 his mother just bought him some colourful pants when he got back from
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
41 school, it'd be a pretty safe bet to say that he probably:
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
42
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
43 =over
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
44
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
45 =item 1
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
46
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
47 is a kid (his mother buys him simple clothing items, after school)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
48
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
49 =item 2
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
50
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
51 in England (colourful == British spelling; pants == underpants)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
52
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
53 =item 3
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
54
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
55 who is actually a she (boys with colorful pants?)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
56
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
57 =back
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
58
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
59 Now, obviously, if you found more details concerning the makeup of his
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
60 class, you may be able to narrow down the possibilities for his schools.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
61 Combine that with his IP address, and you can focus on your candidates
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
62 within range of his geographical location. Perhaps he (she) talks about
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
63 his older brother walking him (her) to school in the morning, before
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
64 going to his own school. Well, in that case, you can be reasonably sure
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
65 that his older brother graduated from the same school "back in the day."
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
66 Given the fact that England's birth rate is relatively low, you can
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
67 therefore speculate that this bit of information is likely to narrow
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
68 down the possibilities (especially if he tells you how much older his
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
69 brother is). Another reasonably safe guess is that he's probably located
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
70 in a rather urban area. Now, you can add a bit of active triangulation
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
71 to the mix, by telling his ISP that his IP address has been sharing
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
72 your intellectual property. If the owners of that IP address really
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
73 do have a girl in primary school and your intellectual property sounds
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
74 like something oriented towards kids, the parents' first defense is
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
75 likely to be that they don't fileshare, so it was probably their kid (or
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
76 maybe some guy who drove by with wifi, who happens to like kid stuff).
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
77 (Obviously, if you're a civilian, your country is likely to have laws
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
78 against you committing fraud like that, but intelligence agencies
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
79 routinely do this type of thing, so it's worthwhile understanding some
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
80 of the options physically available to an attacker, even if they're not
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
81 "legally" available to him. You certainly don't want your anonymity
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
82 dependent on an adversary "playing by the rules," do you?)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
83
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
84 =head2 A Bit More Formality
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
85
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
86 A very powerful science for dealing with these types of problems is
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
87 Mathematics, so we gain an advantage if we can translate our problems into
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
88 Mathematics (and our solutions out of it, of course). Our Mathematical
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
89 model for triangulation is similar to that of geolocating a cellular phone
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
90 that dials for emergency assistance. Initially, we can only say that
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
91 the cellular phone is likely to be someplace on (or near) planet Earth.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
92 Since we know that the cellular signal deteriorates over distance and we
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
93 know (based on the phone's specifications) the original signal strength at
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
94 source, each tower can guage its distance from the phone by translating
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
95 backwards from its observed signal strength to meters. Most towers
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
96 are well out-of-range, and won't observe any measurable signal at all
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
97 (meaning an effectively infinite distance), while the nearby towers will
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
98 observe measurable signals. Now, each tower has a circle around it made
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
99 up of all the points at a particular distance from it. (Actually, it's a
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
100 three-dimensional sphere, but in our case, we're assuming the phone isn't
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
101 in flight or underground, for a bit of simplification. Real systems will
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
102 add an additional tower in order to triangulate in all three dimensions.)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
103 Two intersecting circles will normally intersect (touch or cross over each
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
104 other) at two points. Three intersecting circles will rarely intersect
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
105 at more than a single point. Therefore, as long as the towers can safely
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
106 assume that the phone is broadcasting a uniform signal in all directions,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
107 they can safely claim to have triangulated his position.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
108
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
109 Now, let's see if we can apply triangulation to our own problem space.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
110 We know that there are approximately 6 billion people on our planet,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
111 so we're starting out with a population of 6 billion candidates.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
112 (Obviously, we're assuming that aliens don't have anything interesting to
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
113 do on our ICANN-dominated Internet, and so for all intents and purposes
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
114 don't count.) Now, there are many "dimensions" in which these people
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
115 are organized. (A dimension is simply a metric where each individual
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
116 has a potentially measurable coordinate.) For example, everybody has
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
117 a gender. Everybody lives in some country. Everybody has some level
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
118 of computer expertise, some level of Mathematical education, some set
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
119 of familiar authors, some set of favourite bands, some color skin and
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
120 some length hair, etc. Now, as you're able to intersect coordinates in
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
121 different dimensions, you can start eliminating unlikely candidates and
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
122 focusing on the likely ones. For example, the number of males is quite
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
123 high (on the order of 3 billion or so), the number of people in Portugal
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
124 is quite high, the number of 15-year-olds is quite high, the number of
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
125 stay-at-home parents is quite high, the number of people who are still
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
126 married to their first wife is quite high, and the number of parents with
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
127 two kids is quite high, but the number of Portuguese males around age 15
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
128 who stay at home to care for their two kids while their first wife is out
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
129 working is very low (probably well under 1000 - low enough for you to be
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
130 able to go door-to-door looking for him, if you'd recognize him by face).
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
131 Clearly, by triangulating coordinates between a variety of dimensions,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
132 we're able to take the intersection of a variety of sets, which is quite
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
133 small when the sets have little in common (which is normally true when
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
134 there's no causal relationship between the sets in question).
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
135
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
136 Therefore, if you're that guy and you don't want others to find you,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
137 you probably shouldn't give away too many facts about yourself.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
138
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
139 =head2 Countermeasures
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
140
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
141 Remember when we talked about the cellular phone geolocation problem,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
142 where we noted that the towers need to assume the phone is broadcasting
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
143 the same value (in this case, the same starting signal strength) in
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
144 all directions? Obviously, a phone without an omnidirectional antenna
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
145 could point a different directional antenna at each nearby (or even far
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
146 away) tower, and transmit a highly focused signal at an arbitrary power
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
147 level to each tower, and thereby confuse the towers. Alternatively, it
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
148 could even work backwards through the triangulation algorithm in order
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
149 to figure out a set of inputs that would cause the towers to geolocate
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
150 the phone "accurately" as being kilometers away from its true location.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
151 It should come as no surprise, then, that similar techniques work in
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
152 our own problem space. For example, how do you know that the guy is
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
153 really male? Given the other dimensions, wouldn't you say he's more
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
154 likely to be a female?
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
155
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
156 =head2 Verification
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
157
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
158 Going back to our cellular phone geolocation problem, we left off
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
159 with our phone fooling the towers into thinking it's someplace else.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
160 However, we didn't take into account that the towers themselves may
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
161 have directional antennas scanning around on a regular basis in order
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
162 to detect precisely this type of fraud. If the phone is supposed to be
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
163 southwest of one of our towers, why is its signal coming in from the east?
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
164 Not surprisingly, certain verification techniques may be applicable in
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
165 our own problem space. For example, suppose you somehow got a list of
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
166 all candidates, and then combed all of Portugal door-to-door looking
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
167 for the guy, and didn't find him? What if he told you that he was a
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
168 licensed pilot, but you couldn't find any pilot matching his description?
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
169 The goal of a verification algorithm is to assess the probability of
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
170 our data sources being correct. The goal of a verification algorithm
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
171 is to tell us how likely it is that we've been fooled, not to find the
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
172 right answer. (Obviously, a verification algorithm may itself reveal
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
173 additional information that we can then triangulate with. For example,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
174 the towers employing directional antennas can geolocate our phone with
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
175 the directional antennas (using the law of intersecting lines), without
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
176 even relying on the omnidirectional antennas. Therefore, the verification
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
177 algorithm in this particular case not only verifies the likelyhood of the
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
178 triangulation, but actually provides its own alternative triangulation
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
179 dataset.)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
180
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
181 =head2 AnoNet
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
182
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
183 On AnoNet, the single most important factor in securing your anonymity is
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
184 precluding verification. If an adversary can't verify his data about you,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
185 then he's trivially vulnerable to countermeasures, making it difficult for
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
186 him to trust the results of his triangulation (and making it difficult,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
187 therefore, for him to even justify the cost of triangulating in the
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
188 first place).
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
189
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
190 For example, you probably don't want to recycle a nickname you
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
191 use elsewhere, since a simple Google search may give adversaries
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
192 a verification tool to use against anything they learn about you on
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
193 AnoNet. You also want to make sure that the public IP address you use
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
194 for peering doesn't geolocate your exact location (try MaxMind's online
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
195 tool, for example). A good way of getting around this one is to get a
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
196 VPS (Virtual Private Server) before peering with too many other guys.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
197 There are plenty of cheap ones (well under 10EUR or 10USD each month),
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
198 and you can easily get a VPS in a different country. An even better
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
199 way of getting around this is to peer over i2p, if you don't mind
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
200 installing Java on your routers. If you're lucky, your ISP may
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
201 SNAT outgoing traffic from its users, giving you a certain amount of
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
202 "built-in" protection. If you're not comfortable giving a peer your IP
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
203 address and none of the above is an option, you may consider peering
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
204 using TCP over tor or something. In addition, it's also possible to
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
205 exchange data using DNS, so if each of you has access to a DNS server
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
206 and some method to automatically load TXT records into it, you can
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
207 tunnel a VPN over it without either of you giving away his IP address.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
208 (This particular method can also get around restrictive firewalls, which
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
209 may be independently useful.) Other things you probably don't want
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
210 to advertise are your name (especially not your full name), location,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
211 age, marital status, occupation, school, and hobbies. Under normal
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
212 circumstances, it's safest to assume that anything you tell anybody
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
213 on AnoNet may be used by anybody else on AnoNet for triangulation or
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
214 verification attacks, and so the only reliable method of preventing
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
215 these types of attacks is to avoid leaking any verifiable information
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
216 to anyone on AnoNet. When that's not feasible, try to avoid giving
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
217 multiple pieces of information to individuals. For example, if you're
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
218 coming in with UFO's CP, it's probably unwise to use his IRC server.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
219 (It's also smart not to come onto IRC as soon as you connect, since
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
220 then UFO can guess that the guy who just joined IRC is probably the
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
221 same guy who just connected to his CP. To protect your anonymity from
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
222 the organizers of a darknet, it's imperative that you peer with someone
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
223 (preferably not an organizer) ASAP after joining. The more often you
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
224 come in through the CP, the higher the probability that an organizer
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
225 will find you. If you've come in over the CP more than a few times
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
226 before getting peered, you'll probably want to at least change your IRC
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
227 nickname before rejoining IRC after peering, so the darknet organizers
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
228 at least can't trivially connect your IcannNet IP address with your
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
229 AnoNet nickname. If a darknet's organizers try to put you through a
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
230 "hazing" period before they'll allow anybody to peer with you, that's
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
231 a strong indication that they don't care much for I<your> anonymity.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
232 They may tell you that "nobody here trusts you enough yet to give you his
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
233 IP address," but that's (at best) just a thinly veiled way of saying that
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
234 "nobody here cares enough about your anonymity to have bothered to get
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
235 himself a VPS for peering." By making it difficult for new users to join,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
236 they're effectively dooming their darknet into forever being a small and
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
237 incestuous club, a fraternity if you will, where everybody gradually gets
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
238 to know everybody else quite well (since static analysis works quite well
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
239 against rigid structures). An anonymity-preserving darknet makes it easy
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
240 for users to enter and exit at will, with the organizers keeping minimal
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
241 (or no) tabs, in order to resist static analysis.)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
242
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
243 =head2 AnoNet2 vs. The Competition
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
244
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
245 AnoNet2 aims to provide the best anonymity feasible with TCP/IP, through
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
246 a variety of techniques:
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
247
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
248 =over
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
249
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
250 =item minimizing required direct information disclosure
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
251
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
252 Most TCP/IP-based darknets require new users to submit a fair amount of
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
253 information up-front. Non-anonymizing darknets like dn42, for example,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
254 expect users to sign up for a wiki account to register resources, to join
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
255 a mailing list for operational discussions, etc. (dn42, incidentally,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
256 deserves special mention, as the resource database has recently been
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
257 migrated over to a decentralized resdb-like registry. In addition,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
258 there's now an NNTP gateway to the mailing list reachable from inside
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
259 dn42, making it feasible to avoid giving away much information.)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
260 So-called "anonymizing" darknets, by comparison, tend to turn these types
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
261 of expectations into policy requirements. A case in point is AnoNet1,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
262 where new users are expected to go through a "hazing" process for 2-4
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
263 weeks before anybody is supposed to peer with them. During the "hazing"
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
264 process, the new user is expected to answer questions like "what brings
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
265 you here?" from an informal panel of existing members, and is expected
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
266 to "participate in the discussion" for a couple of weeks to prove that
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
267 he's serious about joining AnoNet1. (The official excuses range from
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
268 avoiding "drive-by peerings" to preventing infiltration by law enforcement
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
269 officials. The former commands a high price relative to the nuisance
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
270 factor of a temporary peering, while the latter is just plain laughable.)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
271 AnoNet1 also requires members to maintain their resource registrations
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
272 on a centralized wiki, making certain information available to crzydmnd.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
273 There is only one official client port (run by Kaos), and users are
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
274 discouraged from setting up additional ones. AnoNet2 gets this part
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
275 right by making it very easy for new users to join, and to peer as early
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
276 as technically possible.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
277
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
278 =item avoiding centralization of critical infrastructure
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
279
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
280 Most TCP/IP-based darknets have a fair amount of centralized
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
281 infrastructure. Centralized infrastructure is problematic, since it
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
282 creates a single point of control (or evesdropping), making it easy for
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
283 the operator to learn information that's not intended for him, and/or
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
284 alter transmissions that aren't intended for him. Typical examples are
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
285 things like resource databases, chatrooms, DNS, routing infrastructure,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
286 documentation stores, forums, mailing lists, and public Web pages.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
287 AnoNet1 is a model of centralized infrastructure, with centralized
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
288 mechanisms in-place for pretty much all of the above minus routing
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
289 (and even routing is quite centralized on AnoNet1, due to their peering
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
290 policies). Even dn42 (whose primary claim to fame is decentralization)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
291 retains centralized mechanisms for IRC, wiki, mailing list, and public
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
292 Web pages. AnoNet2 has only a single point of centralization, in the
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
293 public Web pages here, and even they are easy for anybody on AnoNet2 to
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
294 modify (although there's still a centralized point of control over what
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
295 ends up getting published here and what doesn't, a point which has never
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
296 been used so far (a fact that's very easy to prove in a decentralized
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
297 way), and which will hopefully never be used). In addition, users are
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
298 encouraged to set up their own public Web pages and to put links to them
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
299 here, in order to further reduce centralization of AnoNet2's Web presence.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
300 In addition to protecting your anonymity, this level of decentralization
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
301 makes it far more likely for AnoNet2 to survive a splitbrain condition
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
302 (where some bad guys take a number of central users out of the picture,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
303 leaving a few disconnected fragments with critical services missing),
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
304 something that an anonymity-preserving darknet always has to plan for.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
305 If AnoNet1 were to become split, the "non-central" side would most
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
306 likely wither away and die (a statistical fact that AnoNet1 used to
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
307 try and destroy AnoNet2 before it ever got off the ground), whereas if
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
308 AnoNet2 splits, the individual fragments should have no problem carrying
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
309 on indefinitely as independent darknets, and little difficulty merging
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
310 back together again if their paths cross at some point in the future.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
311 What git and monotone do for software development, AnoNet2 does for
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
312 darknet development.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
313
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
314 =item not requiring resource registration
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
315
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
316 AnoNet1 had a very powerful idea, of allowing people to mark a resource
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
317 "reserved" without specifying who has reserved it, but like most good
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
318 ideas in AnoNet1, this one also turned out incompatible with what
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
319 AnoNet1 has become. AnoNet2 takes this idea one step further: not only
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
320 can you easily leave out the "owner" field in a resource registration,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
321 but you can even leave out the registration completely, and let someone
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
322 who happens to notice the resource in use (presumably, someone who's
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
323 scanning to make sure a resource is available before using it himself)
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
324 add it himself as "apparently in use."
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
325
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
326 =item not requiring resource exclusivity
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
327
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
328 In fact, AnoNet2 takes it a step further, by having no conflict resolution
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
329 policy for resources. This means two users can use the same IP address,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
330 for example, and leave it up to routing to decide who "wins." (Under
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
331 normal circumstances that's not likely to happen, since at least one of
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
332 the users will almost certainly prefer to renumber rather than fighting
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
333 it out with the other guy. If they both want to fight it out, though,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
334 there's no AnoNet2 rule that either of them is violating by refusing
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
335 to "talk it out," even if it's trivial to prove which guy's claim came
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
336 first.) This is intended to be useful during darknet merges, but it can
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
337 also aid in anonymity protection for cooperating users who agree among
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
338 themselves on some algorithm to determine who gets the resource when,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
339 or perhaps they use the split routing to their advantage, SNATting (or
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
340 proxying) through each other for locations they can't reach directly
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
341 (or even for locations they I<can> reach directly, if they really
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
342 want to confuse an attacker - and themselves, if they're not careful).
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
343 The same thing goes for ASNs, domains, nicknames, etc. Static analysis
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
344 against any of these resource types is not guaranteed to yield useful
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
345 information (i.e., excessive triangulation may yield strange results),
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
346 and with only a little bit of coordination, a group of users can achieve
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
347 true anonymity, if that's really what they want.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
348
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
349 =item avoiding bandwidth requirements for peering
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
350
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
351 Not everybody can afford a VPS, but everybody should be able to enjoy his
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
352 anonymity, not just as a leaf, but also as a transit. Conversely, many
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
353 users will want more path diversity, even if it means using slower links.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
354 Therefore, AnoNet2 defines no rules about minimum bandwidth for peering.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
355 Individual users can obviously do whatever they want, but there's no
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
356 official policy for them to use as an excuse. There's nothing wrong
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
357 with a transit node being on dial-up. If you prefer speed over path
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
358 diversity, just tell your router to avoid any path going through that ASN.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
359 By the same token, if you have both VPSes and dial-up links and you want
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
360 to make it easy for people to implement different policies for routes
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
361 passing through each of them, it's probably wise to use different ASNs.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
362
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
363 =item avoiding I<all> censorship
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
364
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
365 AnoNet1 officially sanctions some censorship, and unofficially practices
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
366 much more. The problem is that once you start complexifying the
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
367 definition of censorship, where do you draw the line? AnoNet2 has a very
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
368 simple definition of censorship: interfering with communications of which
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
369 you are not the (I<the>, not I<an>) intended recipient. AnoNet2 doesn't
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
370 impose anybody's morals (nor anybody's legal system) on you, so feel
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
371 free to communicate anything you want. If we don't like what you say,
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
372 we can always just ignore you.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
373
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
374 =item avoiding arbitrary restrictions on freedom
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
375
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
376 Working around restrictions wastes resources, so those who are determined
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
377 to achieve their goals will still achieve them, while the rest of us
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
378 suffer the consequences of a legal framework. To avoid wasting your
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
379 resources working around AnoNet2 rules, AnoNet2 simply avoids defining
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
380 any rules. Anything goes. If you manage to annoy enough people (and
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
381 you'll probably have to put in a serious effort, if you really want to
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
382 annoy enough of us), you'll most likely wind up forking AnoNet2, which
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
383 is probably what you'd want in that case, anyway.
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
384
5100b1fb4f5c added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff changeset
385 =back