Matthew Toseland wrote: > You mean from the perspective of invisibility, not anonymity. Their > anonymity is not a problem because you don't know who originated a > request, no?
I'm talking about the anonymity of the other endpoint in 1:1 communication. If you know someone's location, you may be able to guess their identity or at least narrow it down to a particular country, city, university etc. > In terms of invisibility... I can see that exposed topology can give you > a certain amount of information if you have detailed information on the > underlying social fabric. You usually don't though... Exposing the topology could create other problems, but in this case I'm just talking about the information that's revealed by knowing someone's location. > Perhaps. I was hoping to do some bundling - each node has another node > which it routes starting requests to, including incoming ones. That sounds good - the more stable the better, because each time you use a new path there's another chance of one of your packets passing through a node controlled by the attacker. > I'm still not sure I get that. Let's say you're talking to an attacker at location X who wants to find out your identity. The attacker controls several nodes scattered around the network, as well as the node at X. The node at X isn't talking to anyone else. If a packet heading for X passes through one of the attacker's other nodes at Y, the attacker knows you're probably further "uphill" than Y. (Probably, not certainly, because packets don't have to move downhill at every hop.) If all your packets take the same path to X, then even if the attacker controls every node on the path, your anonymity set contains all the nodes uphill from you. But if your packets travel to different starting points before starting their journey to X, then your anonymity set only contains the nodes that are uphill from you with respect to *all* the starting points. As the number of starting points increases, the anonymity set shrinks very quickly. (Exponentially?) > Well sure but you just said the locations are exposed anyway! The locations of the people you're corresponding with, yes. But the locations of your neighbours' neighbours could also be interesting, especially if you can tell when they join and leave the network (as I think you mentioned in another thread). Cheers, Michael
