On 16/10/2021 06:45, grarpamp wrote:
On 10/15/21, Peter Fairbrother <pe...@tsto.co.uk> wrote:
Nothing about a base layer of chaff prevents
"low-latency browsing" as an application.
Except the increased bandwidth cost. And if you have to have padding
between each node, or on each link, that becomes very expensive.
Suppose you want to download a bloated web page of 4MB in 4 seconds then
your base flow is >1MB/s. Running that 24/7 for a month, that's 2.5 TB
per month. 500 times more than an average user's 50 GB/month..
[there are of course other issues regarding latency in a base-chaff-flow
web system]
Tor has vacuumed up, propagandized, sucked the funds from,
steered via proceedings, and effectively killed all the competitive
research and development in the space for last 20 years.
Yep. Totally agree there.
An entire class of TA is solely based on matching up i/o
across all nodes to find matches. Certain things don't
matter to such matching engines.
Grandma Eggs Suck.
Not if it was a randomly-variable one year delay they couldn't.
If your app is "browsing", or doing any other TCP stream,
yes they can, such streams have other identifiable
traffic characteristics than just arrival and inter packet timing,
such as total size of transfer, TCP ramps, backoffs, etc.
Not even vaguely.
Total size of transfer - compared between whom? UserA and .onion1? But
some on userA's and most of .onion1's traffic will be to other people.
so how does comparing their total size of transfer over a year help?
Plus, with a randomly-variable delay, how do you accurately know the
amount of traffic sent in your year?
TCP ramps - but he doesn't have any close-grained timing info, so how
does the adversary detect when TCP ramps happen?
Backoffs - but he doesn't have any close-grained timing info, so how
does the adversary detect when backoffs happen?
[skip TCP stuff]
All very well, but how do you do anonymous browsing without TCP?
(I actually agree that TCP sucks in this case, but it isn't a total
deal-breaker if the TCP data in the packet headers is encrypted - plus
allowing a little padding and timing jitter here and there. And browsing
without TCP / over UDP is probably doable, but it wouldn't be browsing
as we know it)
The TOR people (well, at least some of them - some may have had other
agendas) wanted to anonymise web browsing as it existed then, a laudable
aim.
However that means TCP, that means low latency, that means low added
cost - remember the 8th law, "A system which is hard to use will be
misused, abused and unused", and that "hard to use" includes expensive
in terms of resources or money or time - and against a gpa that was and
is not achievable.
They "settled" for some kind of anonymity against lesser adversaries,
but their rationalisations of that motive suck.
I don't know of any strict anonymity p2p apps.
Not sure what you mean.
Without a need to trust anyone except the math.
Though there's no such thing as 100% anonymity, security, etc...
there are certainly different comparative magnitudes of it available
today, and higher ones are probably quite achievable with some
work on new alternative models.
Examples?
Peter Fairbrother
