Mercurial > hg > anonet-resdb
annotate doc/www.anonet2.org/public_pod/anonymity.pod @ 207:4c10fc3cdffc draft
Merge branch 'master' of git://git1.somerandomnick.ano
author | Ivo Smits <Ivo@UCIS.nl> |
---|---|
date | Fri, 15 Oct 2010 15:00:09 +0200 |
parents | 5100b1fb4f5c |
children | a29e72c5408d |
rev | line source |
---|---|
113
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
1 =head1 AnoNet2 - Anonymity & Pseudonymity |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
2 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
3 Back to homepage - L<http://www.anonet2.org/> |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
4 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
5 =head2 Introduction |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
6 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
7 This page is intended to explain a bit of the theory behind anonymity |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
8 and pseudonymity. If your goal in joining AnoNet is to protect your |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
9 anonymity, this page may help you avoid some "leaks." |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
10 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
11 =head2 Definition |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
12 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
13 Anonymity translates literally into "having no name," and means having |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
14 no useful identification "marks" ("useful" being defined as "usable |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
15 for future find operations"). While it's technically possible to be |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
16 truly anonymous on AnoNet, true anonymity is not really necessary (nor |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
17 desirable) in order to achieve the goals that most guys here expect. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
18 Pseudonymity ("having no real name") is what most of us are here to |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
19 achieve. (Most of us don't care if you can find us again on AnoNet |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
20 (and in fact, we normally _want_ you to). We only care if you can find |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
21 us _outside_ AnoNet.) However, the theory behind both is quite similar, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
22 since the potential attacks against both are quite similar. Therefore, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
23 this page primarily concerns itself with true anonymity on the assumption |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
24 that a certain amount of correlation between your actions is already |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
25 feasible for an attacker. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
26 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
27 =head2 Introduction to Triangulation |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
28 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
29 The fundamental method that people use for identification is |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
30 triangulation, where we look at something from a bunch of different angles |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
31 and then narrow down our guesses to items that match that combination |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
32 of observations. For example, a duck is something that looks like |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
33 a duck, quacks like a duck, etc. It should go without saying, then, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
34 that our goal here is to avoid others being able to apply triangulation |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
35 "against" us. That is, our goal is to prevent triangulation "attacks." |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
36 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
37 =head2 Simple Triangulation |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
38 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
39 If you see someone on a chatroom around 1800 GMT, and he tells you that |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
40 his mother just bought him some colourful pants when he got back from |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
41 school, it'd be a pretty safe bet to say that he probably: |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
42 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
43 =over |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
44 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
45 =item 1 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
46 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
47 is a kid (his mother buys him simple clothing items, after school) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
48 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
49 =item 2 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
50 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
51 in England (colourful == British spelling; pants == underpants) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
52 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
53 =item 3 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
54 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
55 who is actually a she (boys with colorful pants?) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
56 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
57 =back |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
58 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
59 Now, obviously, if you found more details concerning the makeup of his |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
60 class, you may be able to narrow down the possibilities for his schools. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
61 Combine that with his IP address, and you can focus on your candidates |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
62 within range of his geographical location. Perhaps he (she) talks about |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
63 his older brother walking him (her) to school in the morning, before |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
64 going to his own school. Well, in that case, you can be reasonably sure |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
65 that his older brother graduated from the same school "back in the day." |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
66 Given the fact that England's birth rate is relatively low, you can |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
67 therefore speculate that this bit of information is likely to narrow |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
68 down the possibilities (especially if he tells you how much older his |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
69 brother is). Another reasonably safe guess is that he's probably located |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
70 in a rather urban area. Now, you can add a bit of active triangulation |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
71 to the mix, by telling his ISP that his IP address has been sharing |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
72 your intellectual property. If the owners of that IP address really |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
73 do have a girl in primary school and your intellectual property sounds |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
74 like something oriented towards kids, the parents' first defense is |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
75 likely to be that they don't fileshare, so it was probably their kid (or |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
76 maybe some guy who drove by with wifi, who happens to like kid stuff). |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
77 (Obviously, if you're a civilian, your country is likely to have laws |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
78 against you committing fraud like that, but intelligence agencies |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
79 routinely do this type of thing, so it's worthwhile understanding some |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
80 of the options physically available to an attacker, even if they're not |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
81 "legally" available to him. You certainly don't want your anonymity |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
82 dependent on an adversary "playing by the rules," do you?) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
83 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
84 =head2 A Bit More Formality |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
85 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
86 A very powerful science for dealing with these types of problems is |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
87 Mathematics, so we gain an advantage if we can translate our problems into |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
88 Mathematics (and our solutions out of it, of course). Our Mathematical |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
89 model for triangulation is similar to that of geolocating a cellular phone |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
90 that dials for emergency assistance. Initially, we can only say that |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
91 the cellular phone is likely to be someplace on (or near) planet Earth. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
92 Since we know that the cellular signal deteriorates over distance and we |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
93 know (based on the phone's specifications) the original signal strength at |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
94 source, each tower can guage its distance from the phone by translating |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
95 backwards from its observed signal strength to meters. Most towers |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
96 are well out-of-range, and won't observe any measurable signal at all |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
97 (meaning an effectively infinite distance), while the nearby towers will |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
98 observe measurable signals. Now, each tower has a circle around it made |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
99 up of all the points at a particular distance from it. (Actually, it's a |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
100 three-dimensional sphere, but in our case, we're assuming the phone isn't |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
101 in flight or underground, for a bit of simplification. Real systems will |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
102 add an additional tower in order to triangulate in all three dimensions.) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
103 Two intersecting circles will normally intersect (touch or cross over each |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
104 other) at two points. Three intersecting circles will rarely intersect |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
105 at more than a single point. Therefore, as long as the towers can safely |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
106 assume that the phone is broadcasting a uniform signal in all directions, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
107 they can safely claim to have triangulated his position. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
108 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
109 Now, let's see if we can apply triangulation to our own problem space. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
110 We know that there are approximately 6 billion people on our planet, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
111 so we're starting out with a population of 6 billion candidates. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
112 (Obviously, we're assuming that aliens don't have anything interesting to |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
113 do on our ICANN-dominated Internet, and so for all intents and purposes |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
114 don't count.) Now, there are many "dimensions" in which these people |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
115 are organized. (A dimension is simply a metric where each individual |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
116 has a potentially measurable coordinate.) For example, everybody has |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
117 a gender. Everybody lives in some country. Everybody has some level |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
118 of computer expertise, some level of Mathematical education, some set |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
119 of familiar authors, some set of favourite bands, some color skin and |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
120 some length hair, etc. Now, as you're able to intersect coordinates in |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
121 different dimensions, you can start eliminating unlikely candidates and |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
122 focusing on the likely ones. For example, the number of males is quite |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
123 high (on the order of 3 billion or so), the number of people in Portugal |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
124 is quite high, the number of 15-year-olds is quite high, the number of |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
125 stay-at-home parents is quite high, the number of people who are still |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
126 married to their first wife is quite high, and the number of parents with |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
127 two kids is quite high, but the number of Portuguese males around age 15 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
128 who stay at home to care for their two kids while their first wife is out |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
129 working is very low (probably well under 1000 - low enough for you to be |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
130 able to go door-to-door looking for him, if you'd recognize him by face). |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
131 Clearly, by triangulating coordinates between a variety of dimensions, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
132 we're able to take the intersection of a variety of sets, which is quite |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
133 small when the sets have little in common (which is normally true when |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
134 there's no causal relationship between the sets in question). |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
135 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
136 Therefore, if you're that guy and you don't want others to find you, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
137 you probably shouldn't give away too many facts about yourself. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
138 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
139 =head2 Countermeasures |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
140 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
141 Remember when we talked about the cellular phone geolocation problem, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
142 where we noted that the towers need to assume the phone is broadcasting |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
143 the same value (in this case, the same starting signal strength) in |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
144 all directions? Obviously, a phone without an omnidirectional antenna |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
145 could point a different directional antenna at each nearby (or even far |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
146 away) tower, and transmit a highly focused signal at an arbitrary power |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
147 level to each tower, and thereby confuse the towers. Alternatively, it |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
148 could even work backwards through the triangulation algorithm in order |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
149 to figure out a set of inputs that would cause the towers to geolocate |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
150 the phone "accurately" as being kilometers away from its true location. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
151 It should come as no surprise, then, that similar techniques work in |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
152 our own problem space. For example, how do you know that the guy is |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
153 really male? Given the other dimensions, wouldn't you say he's more |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
154 likely to be a female? |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
155 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
156 =head2 Verification |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
157 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
158 Going back to our cellular phone geolocation problem, we left off |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
159 with our phone fooling the towers into thinking it's someplace else. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
160 However, we didn't take into account that the towers themselves may |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
161 have directional antennas scanning around on a regular basis in order |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
162 to detect precisely this type of fraud. If the phone is supposed to be |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
163 southwest of one of our towers, why is its signal coming in from the east? |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
164 Not surprisingly, certain verification techniques may be applicable in |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
165 our own problem space. For example, suppose you somehow got a list of |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
166 all candidates, and then combed all of Portugal door-to-door looking |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
167 for the guy, and didn't find him? What if he told you that he was a |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
168 licensed pilot, but you couldn't find any pilot matching his description? |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
169 The goal of a verification algorithm is to assess the probability of |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
170 our data sources being correct. The goal of a verification algorithm |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
171 is to tell us how likely it is that we've been fooled, not to find the |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
172 right answer. (Obviously, a verification algorithm may itself reveal |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
173 additional information that we can then triangulate with. For example, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
174 the towers employing directional antennas can geolocate our phone with |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
175 the directional antennas (using the law of intersecting lines), without |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
176 even relying on the omnidirectional antennas. Therefore, the verification |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
177 algorithm in this particular case not only verifies the likelyhood of the |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
178 triangulation, but actually provides its own alternative triangulation |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
179 dataset.) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
180 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
181 =head2 AnoNet |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
182 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
183 On AnoNet, the single most important factor in securing your anonymity is |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
184 precluding verification. If an adversary can't verify his data about you, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
185 then he's trivially vulnerable to countermeasures, making it difficult for |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
186 him to trust the results of his triangulation (and making it difficult, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
187 therefore, for him to even justify the cost of triangulating in the |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
188 first place). |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
189 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
190 For example, you probably don't want to recycle a nickname you |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
191 use elsewhere, since a simple Google search may give adversaries |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
192 a verification tool to use against anything they learn about you on |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
193 AnoNet. You also want to make sure that the public IP address you use |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
194 for peering doesn't geolocate your exact location (try MaxMind's online |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
195 tool, for example). A good way of getting around this one is to get a |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
196 VPS (Virtual Private Server) before peering with too many other guys. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
197 There are plenty of cheap ones (well under 10EUR or 10USD each month), |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
198 and you can easily get a VPS in a different country. An even better |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
199 way of getting around this is to peer over i2p, if you don't mind |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
200 installing Java on your routers. If you're lucky, your ISP may |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
201 SNAT outgoing traffic from its users, giving you a certain amount of |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
202 "built-in" protection. If you're not comfortable giving a peer your IP |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
203 address and none of the above is an option, you may consider peering |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
204 using TCP over tor or something. In addition, it's also possible to |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
205 exchange data using DNS, so if each of you has access to a DNS server |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
206 and some method to automatically load TXT records into it, you can |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
207 tunnel a VPN over it without either of you giving away his IP address. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
208 (This particular method can also get around restrictive firewalls, which |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
209 may be independently useful.) Other things you probably don't want |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
210 to advertise are your name (especially not your full name), location, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
211 age, marital status, occupation, school, and hobbies. Under normal |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
212 circumstances, it's safest to assume that anything you tell anybody |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
213 on AnoNet may be used by anybody else on AnoNet for triangulation or |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
214 verification attacks, and so the only reliable method of preventing |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
215 these types of attacks is to avoid leaking any verifiable information |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
216 to anyone on AnoNet. When that's not feasible, try to avoid giving |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
217 multiple pieces of information to individuals. For example, if you're |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
218 coming in with UFO's CP, it's probably unwise to use his IRC server. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
219 (It's also smart not to come onto IRC as soon as you connect, since |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
220 then UFO can guess that the guy who just joined IRC is probably the |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
221 same guy who just connected to his CP. To protect your anonymity from |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
222 the organizers of a darknet, it's imperative that you peer with someone |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
223 (preferably not an organizer) ASAP after joining. The more often you |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
224 come in through the CP, the higher the probability that an organizer |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
225 will find you. If you've come in over the CP more than a few times |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
226 before getting peered, you'll probably want to at least change your IRC |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
227 nickname before rejoining IRC after peering, so the darknet organizers |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
228 at least can't trivially connect your IcannNet IP address with your |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
229 AnoNet nickname. If a darknet's organizers try to put you through a |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
230 "hazing" period before they'll allow anybody to peer with you, that's |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
231 a strong indication that they don't care much for I<your> anonymity. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
232 They may tell you that "nobody here trusts you enough yet to give you his |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
233 IP address," but that's (at best) just a thinly veiled way of saying that |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
234 "nobody here cares enough about your anonymity to have bothered to get |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
235 himself a VPS for peering." By making it difficult for new users to join, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
236 they're effectively dooming their darknet into forever being a small and |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
237 incestuous club, a fraternity if you will, where everybody gradually gets |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
238 to know everybody else quite well (since static analysis works quite well |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
239 against rigid structures). An anonymity-preserving darknet makes it easy |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
240 for users to enter and exit at will, with the organizers keeping minimal |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
241 (or no) tabs, in order to resist static analysis.) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
242 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
243 =head2 AnoNet2 vs. The Competition |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
244 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
245 AnoNet2 aims to provide the best anonymity feasible with TCP/IP, through |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
246 a variety of techniques: |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
247 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
248 =over |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
249 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
250 =item minimizing required direct information disclosure |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
251 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
252 Most TCP/IP-based darknets require new users to submit a fair amount of |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
253 information up-front. Non-anonymizing darknets like dn42, for example, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
254 expect users to sign up for a wiki account to register resources, to join |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
255 a mailing list for operational discussions, etc. (dn42, incidentally, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
256 deserves special mention, as the resource database has recently been |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
257 migrated over to a decentralized resdb-like registry. In addition, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
258 there's now an NNTP gateway to the mailing list reachable from inside |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
259 dn42, making it feasible to avoid giving away much information.) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
260 So-called "anonymizing" darknets, by comparison, tend to turn these types |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
261 of expectations into policy requirements. A case in point is AnoNet1, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
262 where new users are expected to go through a "hazing" process for 2-4 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
263 weeks before anybody is supposed to peer with them. During the "hazing" |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
264 process, the new user is expected to answer questions like "what brings |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
265 you here?" from an informal panel of existing members, and is expected |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
266 to "participate in the discussion" for a couple of weeks to prove that |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
267 he's serious about joining AnoNet1. (The official excuses range from |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
268 avoiding "drive-by peerings" to preventing infiltration by law enforcement |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
269 officials. The former commands a high price relative to the nuisance |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
270 factor of a temporary peering, while the latter is just plain laughable.) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
271 AnoNet1 also requires members to maintain their resource registrations |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
272 on a centralized wiki, making certain information available to crzydmnd. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
273 There is only one official client port (run by Kaos), and users are |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
274 discouraged from setting up additional ones. AnoNet2 gets this part |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
275 right by making it very easy for new users to join, and to peer as early |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
276 as technically possible. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
277 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
278 =item avoiding centralization of critical infrastructure |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
279 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
280 Most TCP/IP-based darknets have a fair amount of centralized |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
281 infrastructure. Centralized infrastructure is problematic, since it |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
282 creates a single point of control (or evesdropping), making it easy for |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
283 the operator to learn information that's not intended for him, and/or |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
284 alter transmissions that aren't intended for him. Typical examples are |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
285 things like resource databases, chatrooms, DNS, routing infrastructure, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
286 documentation stores, forums, mailing lists, and public Web pages. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
287 AnoNet1 is a model of centralized infrastructure, with centralized |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
288 mechanisms in-place for pretty much all of the above minus routing |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
289 (and even routing is quite centralized on AnoNet1, due to their peering |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
290 policies). Even dn42 (whose primary claim to fame is decentralization) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
291 retains centralized mechanisms for IRC, wiki, mailing list, and public |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
292 Web pages. AnoNet2 has only a single point of centralization, in the |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
293 public Web pages here, and even they are easy for anybody on AnoNet2 to |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
294 modify (although there's still a centralized point of control over what |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
295 ends up getting published here and what doesn't, a point which has never |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
296 been used so far (a fact that's very easy to prove in a decentralized |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
297 way), and which will hopefully never be used). In addition, users are |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
298 encouraged to set up their own public Web pages and to put links to them |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
299 here, in order to further reduce centralization of AnoNet2's Web presence. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
300 In addition to protecting your anonymity, this level of decentralization |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
301 makes it far more likely for AnoNet2 to survive a splitbrain condition |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
302 (where some bad guys take a number of central users out of the picture, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
303 leaving a few disconnected fragments with critical services missing), |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
304 something that an anonymity-preserving darknet always has to plan for. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
305 If AnoNet1 were to become split, the "non-central" side would most |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
306 likely wither away and die (a statistical fact that AnoNet1 used to |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
307 try and destroy AnoNet2 before it ever got off the ground), whereas if |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
308 AnoNet2 splits, the individual fragments should have no problem carrying |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
309 on indefinitely as independent darknets, and little difficulty merging |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
310 back together again if their paths cross at some point in the future. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
311 What git and monotone do for software development, AnoNet2 does for |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
312 darknet development. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
313 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
314 =item not requiring resource registration |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
315 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
316 AnoNet1 had a very powerful idea, of allowing people to mark a resource |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
317 "reserved" without specifying who has reserved it, but like most good |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
318 ideas in AnoNet1, this one also turned out incompatible with what |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
319 AnoNet1 has become. AnoNet2 takes this idea one step further: not only |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
320 can you easily leave out the "owner" field in a resource registration, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
321 but you can even leave out the registration completely, and let someone |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
322 who happens to notice the resource in use (presumably, someone who's |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
323 scanning to make sure a resource is available before using it himself) |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
324 add it himself as "apparently in use." |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
325 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
326 =item not requiring resource exclusivity |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
327 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
328 In fact, AnoNet2 takes it a step further, by having no conflict resolution |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
329 policy for resources. This means two users can use the same IP address, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
330 for example, and leave it up to routing to decide who "wins." (Under |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
331 normal circumstances that's not likely to happen, since at least one of |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
332 the users will almost certainly prefer to renumber rather than fighting |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
333 it out with the other guy. If they both want to fight it out, though, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
334 there's no AnoNet2 rule that either of them is violating by refusing |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
335 to "talk it out," even if it's trivial to prove which guy's claim came |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
336 first.) This is intended to be useful during darknet merges, but it can |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
337 also aid in anonymity protection for cooperating users who agree among |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
338 themselves on some algorithm to determine who gets the resource when, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
339 or perhaps they use the split routing to their advantage, SNATting (or |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
340 proxying) through each other for locations they can't reach directly |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
341 (or even for locations they I<can> reach directly, if they really |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
342 want to confuse an attacker - and themselves, if they're not careful). |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
343 The same thing goes for ASNs, domains, nicknames, etc. Static analysis |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
344 against any of these resource types is not guaranteed to yield useful |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
345 information (i.e., excessive triangulation may yield strange results), |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
346 and with only a little bit of coordination, a group of users can achieve |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
347 true anonymity, if that's really what they want. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
348 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
349 =item avoiding bandwidth requirements for peering |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
350 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
351 Not everybody can afford a VPS, but everybody should be able to enjoy his |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
352 anonymity, not just as a leaf, but also as a transit. Conversely, many |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
353 users will want more path diversity, even if it means using slower links. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
354 Therefore, AnoNet2 defines no rules about minimum bandwidth for peering. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
355 Individual users can obviously do whatever they want, but there's no |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
356 official policy for them to use as an excuse. There's nothing wrong |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
357 with a transit node being on dial-up. If you prefer speed over path |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
358 diversity, just tell your router to avoid any path going through that ASN. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
359 By the same token, if you have both VPSes and dial-up links and you want |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
360 to make it easy for people to implement different policies for routes |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
361 passing through each of them, it's probably wise to use different ASNs. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
362 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
363 =item avoiding I<all> censorship |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
364 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
365 AnoNet1 officially sanctions some censorship, and unofficially practices |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
366 much more. The problem is that once you start complexifying the |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
367 definition of censorship, where do you draw the line? AnoNet2 has a very |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
368 simple definition of censorship: interfering with communications of which |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
369 you are not the (I<the>, not I<an>) intended recipient. AnoNet2 doesn't |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
370 impose anybody's morals (nor anybody's legal system) on you, so feel |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
371 free to communicate anything you want. If we don't like what you say, |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
372 we can always just ignore you. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
373 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
374 =item avoiding arbitrary restrictions on freedom |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
375 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
376 Working around restrictions wastes resources, so those who are determined |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
377 to achieve their goals will still achieve them, while the rest of us |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
378 suffer the consequences of a legal framework. To avoid wasting your |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
379 resources working around AnoNet2 rules, AnoNet2 simply avoids defining |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
380 any rules. Anything goes. If you manage to annoy enough people (and |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
381 you'll probably have to put in a serious effort, if you really want to |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
382 annoy enough of us), you'll most likely wind up forking AnoNet2, which |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
383 is probably what you'd want in that case, anyway. |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
384 |
5100b1fb4f5c
added "anonymity" section to a2.o
Nick <nick@somerandomnick.ano>
parents:
diff
changeset
|
385 =back |