[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-cvs] minor changes to intro

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] minor changes to intro
From: syverson@seul.org
Date: Fri, 13 Sep 2002 15:32:11 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: freehaven-cvs-outgoing@seul.org
Delivered-To: freehaven-cvs@seul.org
Delivery-Date: Fri, 13 Sep 2002 15:32:13 -0400
Reply-To: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/fc03
In directory moria.seul.org:/tmp/cvs-serv4437

Modified Files:
	econymics.tex 
Log Message:
minor changes to intro


Index: econymics.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc03/econymics.tex,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- econymics.tex	13 Sep 2002 17:27:16 -0000	1.4
+++ econymics.tex	13 Sep 2002 19:32:08 -0000	1.5
@@ -136,22 +136,24 @@
 %Thus users
 %who want anonymity and are happy with the Anonymizer decrease the market
 %share of the stronger anonymity systems.
-But many users, particularly
-large organizations, are %sensitive about their transactions and are
-hesitant to use an anonymity infrastructure they do not control. However,
-a system that carries traffic for only one organization does not
-provide much protection at all --- it must carry traffic from others
-to provide cover. Yet those others don't want to trust their traffic
-to just one entity either. The only viable solution which allows all
-the messages to be mixed together is for each group to run a node in a
-shared \emph{strong anonymity} infrastructure. Users with more modest
-budgets or shorter-term interest in the system also benefit from this
-decentralized model, because they can be confident that a few colluding
-nodes are unlikely to uncover their anonymity.
+A limitation of such commercial proxies is that they must be trusted
+completely with respect to protecting traffic information.
+Many users, particularly
+large organizations, would be rightly
+hesitant to use an anonymity infrastructure they do not control.
+However, a system that carries traffic for only one organization does
+not provide much protection at all --- it must carry traffic from
+others to provide cover. Yet those others don't want to trust their
+traffic to just one entity either. The only viable solution is
+to distribute trust. Each organization or other entity runs
+a node in a shared \emph{strong anonymity} infrastructure. Users with
+more modest budgets or shorter-term interest in the system also
+benefit from this decentralized model, because they can be confident
+that a few colluding nodes are unlikely to uncover their anonymity.
 
-More generally, anonymity systems use messages to hide messages. So from
-an anonymity perspective, users are always
-better off going where the noise is provided.
+More generally, anonymity systems use messages to hide messages. So
+from an anonymity perspective, users are always better off going where
+the noise is provided.
 % Whether or not people do so intentionally,
 %   what does this clause mean, paul? -RD
 There may be good anonymity reasons for having fewer
@@ -161,16 +163,15 @@
 
 High traffic is necessary for strong anonymity. High traffic and
 better performance complement each other: a system that processes only
-light traffic must delay service to achieve adequately
-large anonymity sets. Better performance attracts users both for its
-convenience value and the better potential anonymity protection. But
-systems processing the most traffic do not necessarily
-provide the best hiding. If trust is not well distributed, a high
-volume system is a point of vulnerability, both from insiders and from
-attackers who try to bridge the trust bottlenecks. Systems must also
-be robust
-against active attacks, e.g., trickle attacks in which known traffic
-is mixed with targeted traffic \cite{trickle02}.
+light traffic must delay service to achieve adequately large anonymity
+sets. Better performance attracts users both for its convenience value
+and the better potential anonymity protection. But systems processing
+the most traffic do not necessarily provide the best hiding. If trust
+is not well distributed, a high volume system is a point of
+vulnerability, both from insiders and from attackers who try to bridge
+the trust bottlenecks. Systems must also be robust against active
+attacks, e.g., trickle attacks in which known traffic is mixed with
+targeted traffic \cite{trickle02}.
 
 Also, censorship-resistant publishing systems, and to some extent any
 Internet sites that aim to be resistant to DDoS, can benefit from

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Date: [freehaven-cvs] headings for draft and pages.
Next by Date: [freehaven-cvs] alessandro"s reworking
Prev by thread: [freehaven-cvs] headings for draft and pages.
Next by thread: [freehaven-cvs] alessandro"s reworking
Index(es):
- Date
- Thread