[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]

Hash: SHA1

On Thursday 15 December 2005 02:35 am, Roger Dingledine wrote:
> On Thu, Dec 15, 2005 at 01:20:19AM -0500, Jeffrey F. Bloss wrote:

> > Prior to this "broad" loggin being in place it would have been necessary
> > for Johnny Law to have some prior knowledge. They'd have to suspect Joe,
> > and then invest the time and resources in logging both Joe and the blog
> > site. Now, they can simply sift through the already collected data
> > looking for people who use Tor connections at the same time the blog is
> > accessed.
> Alas, I think Jeffrey has it right. Tor aims to provide protection in
> a scenario where the adversary cannot observe the whole network (or


I was sort of hoping you'd pipe up with something more along the lines of "you 
don't have a clue what you're talking about, you ignorant rube". ;)

Something that occurred to me is one feature of the Tor network will be 
particularly vulnerable to this sort of broad logging... hidden services.

I can see a scenario where a "questionable" web site is discovered by an 
attacker that can arbitrarily inject requests to that site anywhere in the 
Tor network, and colate that known data with connections to certain nodes 
that seem to go in "odd directions", or nowhere at all.

> As I understand it we're still a ways off from understanding exactly
> what laws will be passed in each country, and only a while after that
> will we start to understand what each law will mean. It may turn out
> to be impractical (or illegal) to put out a blanket query to every ISP
> in Europe saying "please tell me all users who connected to any of the
> following 1000 IP addresses in this 10 second period".

Agreed. It's not happening over night, and we don't know exactly how it will 
wash out in the end. I understand there's already some organized effort to 
challenge the legality of this "edict". But two things we can probably all 
agree on are; this "strengthens" our metaphorical adversary, and if something 
can be abused, it probably will be. :(

> But even so, once we have a sense of what sorts of attacks are likely,
> we can also start looking at some specialized padding techniques for
> Tor users to blend together better without paying too high a price in
> overhead. The goal is not to beat arbitrary statistical attacks, but
> to increase false positives (and maybe false negatives) with respect to
> specific attacks.

Certainly any increase in traffic can't hurt, so continuing to work toward 
making Tor a better product overall would further the cause.

What about generating "dummy connections"? Exit nodes negotiating and tearing 
down random connections seems pretty low cost, and if it's just connection 
times/places that's being logged they shouldn't look too much different from 
real traffic even though there's no actual data being sent.

Exit nodes might even cache destinations and reestablish connections at 
off-peak times. That information could even be shared somehow, and other 
nodes could access "Joe's Blog Dot Com" when Joe is on vacation in 
Saskatchewan or what not.

A bunch of SYN/ACK/RST packets flying around don't really eat up all that much 
bandwidth, do they?

It's just a random thought. I see the bad in caching (logging) connections, 
but to be brutally honest we "informed" consumers assume every exit node does 
exactly that anyway. ;)


> This is reminiscent of the U.S.'s earlier crypto export fiasco, when they
> chose to undermine their position as the world leader in cryptography,
> as well as ensure that the good guys were vulnerable while the bad guys
> were safe. I wonder how this one will turn out.

It's similar, but there's a major difference as I see it. The US eased off 
crypto export because there was a strong financial incentive to do so.  US 
interests were loosing a lot of money being flatly hog tied. I don't see the 
financial incentives here though. Companies won't loose significant revenue 
as a direct result of their connections being logged, and I don't think 
enough people really care about it to the point they'll either leave those 
areas, or refuse to do business there.

Unless you consider the possibility that the data itself could be put to some 
nefarious use that would take aim at the pocketbooks of an entire industry or 

- -- 
Hand crafted on December 15, 2005 at 13:00:32 -0500

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
                                  -Groucho Marx
Version: GnuPG v1.4.2 (GNU/Linux)