Re: [freehaven-dev] eternity USENET comparison

[Brian T Sniffen <brians@MIT.EDU>]

Adam Back <adamb@zeroknowledge.com> writes:

> - Eternity USENET actually provides pretty aggressive
> Reader Anonymity: consider how hard it would be to track
> down which internet users read a given alt newsgroup post.

I don't need to be able to tell who's reading it to violate reader
anonymity; I just need to be able to, given two people one of whom is
a reader, pick the reader substantially more than half the time.  That
is, I just need to be able to tell if Bob is a reader, given some Bob.
So if I suspect bob@mit.edu of being a reader of the Eternity USENET
system, I compromise news.mit.edu and wait.  If I get a connection
from him, I know which groups he's reading, which files he's getting,
all that sort of thing.  It's not a matter of tracking down which
internet users read a given post; it's a matter of watching a user and
determining if he reads a given post.

> The confusion may come from the availability of two modes of
> use of the Eternity USENET client: local proxy, and public
> proxy.  The public proxy is just to give people something
> to play with without having to install software.  The local
> proxy version provides reader anonymity.

Perhaps I'm misunderstanding this, but isn't "local proxy" essentially
the same as "reading all of alt.anonymous.messages"?  In that case I'd
say reader anonymity is blown in the same way: if I compromise a bunch
of USENET servers, I find out who all of the readers one step
downstream are, and what they're reading.

> - Eternity USENET doesn't provide server anonymity, but
> it doesn't need to because all USENET servers are coopted
> into being servers, and there are many of them.  It doesn't
> provide server anonymity for public proxies, but service
> remains available to local proxies if public proxies are
> taken down.

It does need to.  "Taking down all of USENET" and "dumping huge
quantities of useless spam into alt.anonymous.messages" are both
viable attacks given the lack of server anonymity.  Given some
document that I know was just published, it's very easy for me to
query a USENET server as to whether it posesses that document, then
compromise that server and remove the document.

I also think that you wouldn't get "all USENET servers" -- in a world
where this sort of service is being used as much as it needs to be,
the quantity of encrypted binary traffic would be staggering.  Server
operators are going to drop the group like a ton of bricks.

> - Also Eternity USENET provides document anonymity, the
> USENET article can be encrypted with a key derived from the 
> URL.  

Sure, but a USENET server still has the URL as an identifying mark,
right?  Even if I can't read the document, if two people fetch it from
a server A, A can tell that they both fetched the same document.

> Also for Eternity USENET public proxies they have the
> option of encrypting their cache contents based on URL which
> provides weak deniability -- at least it doesn't currently
> know the URL, or stored document contents, though it must 
> see the URL and content during access as there is no client
> software in this mode.

I'm not actually sure if that counts as document anonymity... if it's
isolated, sure.  But if I know what document I'm giving you, that's
not an anonymous document.  Visualize a system where each server has a
few bits of each document, and each bit on a server is part of several
documents. When I fetch a document out of the system, I get a bit from
this guy, a bit from that guy... none of the servers knows what
document I'm rebuilding.


The Eternity USENET proposal may actually get a few of the above on
computational grounds... I could see the argument that reader and
server are computationally anonymous, though I'd want to think about
it some more before being certain.

-Brian