On Wed, Oct 14, 2020, 10:48 PM Peter Fairbrother <pe...@tsto.co.uk> wrote:
> On 14/10/2020 23:59, Karl wrote: > > > > > > On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother wrote: > > > To put some BOTE numbers on that, suppose you want to provide for 1 > > million concurrent users. You have about 150 TB per month user > traffic > > to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 > > Baud. > > > > > > Could you explain your math here? How did 500TB/3 (am I wrong?) become > > 150MB? > > There are 500 raspberry pi's, each on the end of a 1TB/month link. > That's 500 TB/month total traffic, but dividing by 3 we get > approximately 150 TB/month user traffic. > How about more routers if there are more users? > With a million users at any time that's 150TB user traffic per month: > divided by 1 million users that's 150MB per user per month. > > As they are concurrent users (the total number of users is higher, but > at any time 1 million users are using the service) that is 150 million > bytes per month per user divided by 2,592,000 seconds per month, which > is 58 bytes per second per user or 463.32 baud. > > > > Looked at another way, if people always used an anonymity service the > hops would multiply their traffic by say 5 times (3 times as in TOR is > not enough). Covertraffic and file size I'm curious why you believe it to be not enough (two seems good enough to my quick guesses if traffic is constant, but I can't think worth beans); I'm happy to look at a reference. padding traffic would at least > double that, so we would need at least 10 times the normal traffic the > users created. > I propose constant rate: cover traffic reduces as legitimate traffic increases. Would this work, do you think? > And you ned a lot of traffic through your anonymisation network to get > decent anonymity, you need a large anonymity set. > > Web traffic is expensive - making it at least ten times more expensive > is not on, especially if nine tenths of it has to be paid for by someone > else. > > That's not counting the servers etc - getting a pi to handle 386 kB/s > [1] of anonymity traffic is not trivial, I don't even think it is possible. > Mmm might need good bare metal algorithms. Easier to use the client device which has more CPU. > [...] > > > Enforcing TLS is much more reasonable nowadays. (You could add a plugin > > to use http tricks to hide file sizes.). Not what I would focus on once > > it gets nonsimple. > > A good proportion of TOR traffic will be protected by TLS anyway, > especially those sites which you might not want other people to know you > are accessing. > > Visible file sizes are the main anonymity weakness in TOR. > > If you suspect someone you compare the file sizes of the traffic through > their system with traffic through the exit nodes. > Wouldn't using chaff to make your transfer rate relatively constant close almost all of this anonymity attack surface? > In the UK at least it is legally fairly easy for the cops to demand that > info (and most ISPs are legally required to obtain and store that data > anyway) - getting everyone's traffic info where the cops have no suspect > is a little harder, but not impossible. > > Of course the ordinary cops don't use that power, and the people who do > use it don't want it known that they can do it, so you will find that > they make up stories about reused passwords and the like being the > source of their information. > > > Peter Fairbrother > > [1] 1TB/month divided by 2,592,000s/month >