1997-05-03 - Re: A new system for anonymity on the web

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: hal@rain.org
Message Hash: 42451dd315abd2d2204af3919370fd2e08d79064bd27d62e5b79fef56d3be1f2
Message ID: <199705022343.AAA02698@server.test.net>
Reply To: <199705022121.OAA01551@crypt.hfinney.com>
UTC Datetime: 1997-05-03 00:01:49 UTC
Raw Date: Sat, 3 May 1997 08:01:49 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 3 May 1997 08:01:49 +0800
To: hal@rain.org
Subject: Re: A new system for anonymity on the web
In-Reply-To: <199705022121.OAA01551@crypt.hfinney.com>
Message-ID: <199705022343.AAA02698@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Hal Finney <hal@rain.org> writes:
> Adam Back, <aba@dcs.ex.ac.uk>, writes:
> > When Alice and Bob are online, consider that they are actually using
> > their bandwidth most of the time.  I know I do; if I'm not using it I
> > hang up, with pay per second phone lines, you're likely to.
> 
> Actually here in the U.S. most people have access to unmetered Internet
> access these days.  Local and national ISP's are almost always that way,

Yes I know, and I'm envious :-) My web viewing habits suffered badly
when I was no longer able to use univ equipment to play on a T1 all
day instead of write a thesis.  I suffered withdrawl symptoms.

> So the question will be whether the average person uses more than
> 1/n of the bandwidth available during the time he is connected.
> This will no doubt depend on the pricing model for Internet service,
> as you suggest.

You can't just average it though and get a true picture.  It will
cause degradation of the peak available bandwidth out of your modem.
You metioned browsing in flurries.  If your flurry coincided with
someone else's, you'd get a major slow down.  If someone downloads a
big file, for 15 mins, you're stuck at half speed for that interval.
You'll notice this stuff when you're browsing the web and it will be
annoying as hell!  Your actual available bandwidth will fluctuate
between 1/n and 1 where n is the no. of hops as people change their
bandwidth consumption.

The eternity server model allows anonymous browsing within the
eternity virtual web space.  To the extent that you trust the eternity
server if you have an eternity server running in your shell account
(provided that the webserver is apache).  If it's coming out of the
server's cache you're ok, if it's coming from a newspool on a disk
local to the server, you're ok.  Other than that you'll see the
accesses going out to dejanews or altavista.  But you can't cache all
of usenet some of the most hot stuff which you may not want to be
associated with is the sort of thing eternity is designed for.

Later versions of eternity perhaps can set up pipenets between
eternity servers and exchange cache contents, charge to keep data in
caches, and so form their own anonymous distributed database rather
than relying on news archives.  If you set up a pipenet between the
servers you could do something similar to what you describe below with
jondos.

> > Say have split the jondo in half, with two cooperating half-Jondos
> > acting as a single virtual jondo in such a way that someone with
> > root access on one machine but not the other, can't extract any
> > useful information by spying on that half of the jondo.
> 
> This is an intriguing idea.  Secure multiparty calculation protocols allow
> calculations to be made such that neither machine would have access to
> all the data.  It is an interesting question how this could be applied
> to the anonymous communication problem.
>
> In this specific case, if the Crowds system were enhanced so that
> end-to-end encryption was used (which seems very practical and
> useful), you could run a jondo on your PC whose only function was to
> link to the jondo on the ISP and then set up the additional path
> through the jondo net.  The path between your local PC jondo and the
> end one in the path would be encrypted, so even root on the local
> ISP could not see the contents of what you send down the jondo path.
> He might still be able to see when you were sending and when not,
> but he couldn't tell where it was going.

Viewed from outside the jondo net (where the jondos function on the
ISP) would be an opaque series of pipenets with contiuous bandwidth
consumption and a flurry of connections to web pages sprouting off
different jondos.  Your modem connection would be a small pipenet link
feeding into the large bandwidth jondo pipenet.  The flurrys would be
impossible to correlate with users.  To avoid placing all trust with
one jondo, you'd need bi-directional anonymous WEB traffic within the
jondo net with multiple layers of encryption, so that jondos don't
know where the data is going beyond the immediate hop.

You know we could do this if we were willing to pay for the bandwidth.
The ISPs probably won't like PipeNets though as they oversell and rely
on underutilisation of sold bandwidth.  If it worked out to a
reasonable price for the modem user to browse the web, it might be
viable.

> Yes, latency would be cumulative, and I just tested mine and found it
> was 160-220 ms, about the same as what you saw.  So running through say
> 5 jondos at the end of modem paths would add about a second of latency.
> I think this would be fine if it only happened once per web page, but
> almost intolerable if it was once per tiny picture.

Doesn't netscape do the right thing for what you want here?  I think
it's option to set maximum network connections (default 4) means that
it will open multiple sockets to fetch the images on the page in
parallel.  If you load a page with multiple largish pictures you can
see it happen as they all scroll down scan line- by scan line in
parallel.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread