[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on latest draft



On Tue, Mar 26, 2002 at 02:43:05PM -0500, Nick Mathewson wrote:
> Sure.  If Eve seesme use one low-latency node, it's more likely that I
> care about latency, and thus more likely that the other nodes I choose
> will also be low-latency.  This helps Eve to perform traffic analysis.
> 
> Hm.  The more I think about it, the more I wonder if we shouldn't just
> specify a 'correct' batching method. :/

We've got to really be sure, before we do this.

Handling heterogeneity of nodes is a common and hard problem in p2p
systems. Some nodes will have lots of bandwidth and processing power,
some much much less. If we set the bar too high or too low, we throw
away resources which we could have used. Since in these anonymity systems
it's really all about anonymity sets and economies of scale, we want to
encourage as many users as possible.

We've got conflicting goals here, not just in terms of efficiently using
node resources, but also in terms of allowing users to decide how much
security they need. From one perspective, a decentralized hard-to-monitor
system means the users must make security decisions, such as how many
and what kinds of nodes to use. After all, only they know the value of
that communication. On the other hand, making all protections and paths
uniform increases the overall protection from the system, because all
messages behave the same.

There are compromises, such as the hybrid free-route-through-cascades
system from our FC02 paper, which uses cascades for local message path
uniformity but users can tune the number of cascades their messages go
through based on how much anonymity they want.

I guess my point is that trying to describe a good batching method is
a whole bundle of sorrows on its own. We shouldn't try to answer it
definitively anytime soon, or it will completely derail us.

--Roger