[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Network Analysis of Overlay Networks, Capabilities, Fill Traffic [was: VPN less safe?]



On Tue, Jan 26, 2016 at 3:09 PM, juan <juan.g71@xxxxxxxxx> wrote:
> On Mon, 25 Jan 2016 10:25:20 -0500
> Paul Syverson <paul.syverson@xxxxxxxxxxxx> wrote:
>
>
>> "20,000 In League Under the Sea: Anonymous Communication, Trust,
>> MLATs, and Undersea Cables" available at
>> http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0002/popets-2015-0002.xml?format=INT
>
>
>         As far as I can see, most if not all of the paper deals with a
>         way to organize information about 'network topology' but
>         there's no concrete data regarding which
>         systems/relays/cables/people/IXPs/ASs/whatever are
>         'compromised'.
>
>         ...though the section on cables and cooperation between so
>         called nation states seems to suggest that virtually all the
>         world's infrastructure is 'compromised'?

The USA and Soviets have decades experience tapping cables
around the globe in a cold war sense.
The USA/FVEY has top secret blackops and administrative via corp
partnership and various legal and extralegal access to extensive cable,
hardware, and organizational assets around the globe.
It is simply foolish to not assume that the world is highly
compromised by these actors.
Snowden and all the other surveillance and bigdata news and political
rhetoric have been telling you that for over a decade now.
You might be safe if you are in a locale untouchable by these actors,
conduct all your activities in that locale, and have no similar local
adversaries.

>         Also, is there a more concrete analysis of what can be
>         achieved by monitoring traffic on those cables?

Did you just push a bunch of packets over time into your ISP and
have google send replies back? Well, they can see both ends, so
they saw that traffic pattern in and out, and back in and out, so
they know who's talking to who and when.

> Specifically,
>         how easy it is for your government to find users and especially
>         servers in the tor network or similar networks (i2p, freenet
>         etc)

In addition to simple taps, they can also deploy passive or
active nodes in any of these networks at will. And use all
the tools to perturb things in favor of their efforts.

Tor and other networks are good at hiding endpoints (users, servers)
from each other, keeping traffic content encrypted over the wire, letting
you anonymously publish and consume stuff among other users that
isn't really of interest to (against) such adversaries (and thus won't get
you killed or jailed or disappeared (but will still get you databased
for life)),
and getting around some censorship. That's probably about it.

However when it comes to such global (and regionally lucky) passive
adversaries, and adversaries operating the networks themselves, I
seriously doubt anyone can say with a straight face that these
networks protect against network analysis... who is talking to
who and when.

It would be harder for that analysis to succeed against networks
that filled between all the nodes with fill traffic when unused and
not needed for user traffic. (And in the sense of Tor, between clients
and some number of guards). But that's hard to design so that it
is functional. And no one in the overlay network / messaging field
really seems to be trying it. Mindset, OMG bandwidth, probably
buzzkills most research before it gets started.

Here's some recent mostly tor specific threads if anyone's interested,
plus whatever else has come up whenever I've mentioned this.

https://lists.torproject.org/pipermail/tor-dev/2016-January/010257.html
https://lists.torproject.org/pipermail/tor-dev/2016-January/010290.html


>         There's also mention of 'user beliefs' and 'trust'. That
>         strikes me as weird. You seem to be saying that routes
>         can be choosen according to users' beliefs, not according to
>         real world facts? It doesn't matter if system X is hostile,
>         what matters is what the user believes about system X?

Users often have better knowledge of the laws, operations and
general feel in their countries and locales and areas of expertise
than a handful of distant project maintainers largely based
in one geopolitical exposure might have. You can download
science, but you need more than that to win a street fight.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk