From: Hal Finney <hal@rain.org>
Date: Sat, 3 May 1997 06:19:36 +0800
To: cypherpunks@cyberpass.net
Subject: Re: A new system for anonymity on the web
Message-ID: <199705022121.OAA01551@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back, <aba@dcs.ex.ac.uk>, writes:
> Hal Finney <hal@rain.org> writes:
> > Theoretically, at least for long downloads, passing through multiple
> > slow links shouldn't slow down the transmission, 
>
> I'm not sure that this is so.
> [...]
> When Alice and Bob are online, consider that they are actually using
> their bandwidth most of the time.  I know I do; if I'm not using it I
> hang up, with pay per second phone lines, you're likely to.

Actually here in the U.S. most people have access to unmetered Internet
access these days.  Local and national ISP's are almost always that way,
and AOL offers that option now as well.  I find that I tend to browse in
"flurries", paging around a bit, then settling down to read for a while.

But you're right, I did not consider the interference among multiple
paths running through a jondo.  That issue applies to the higher speed
links as well.  If average path length is n, then on average there
will be about n paths going through each jondo (assuming all "home"
jondos have set up paths).  So the question will be whether the average
person uses more than 1/n of the bandwidth available during the time he
is connected.  This will no doubt depend on the pricing model for Internet
service, as you suggest.

> > just increase the latency.  I don't have a very clear picture about
> > how long it would take to snake in and out of a bunch of people's
> > modem lines en route to the web server.
>
> I'm sure it's going to increase the latency too.  My ping times are
> 200ms from the PPP link alone (ie pinging the PPP server machine
> itself).  Add to this that the members of the jondo / crowds pool may
> not be on the same ISP, and you've got the additional overheads of
> whatever latency is added by the cumulative latency between each of
> the hops in the chain.

Yes, latency would be cumulative, and I just tested mine and found it
was 160-220 ms, about the same as what you saw.  So running through say
5 jondos at the end of modem paths would add about a second of latency.
I think this would be fine if it only happened once per web page, but
almost intolerable if it was once per tiny picture.

> I wonder if you could improve the security of this by trading off
> against some additional bandwidth consumption for the ISP.  Say have
> split the jondo in half, with two cooperating half-Jondos acting as a
> single virtual jondo in such a way that someone with root access on
> one machine but not the other, can't extract any useful information by
> spying on that half of the jondo.

This is an intriguing idea.  Secure multiparty calculation protocols allow
calculations to be made such that neither machine would have access to
all the data.  It is an interesting question how this could be applied
to the anonymous communication problem.

In this specific case, if the Crowds system were enhanced so that
end-to-end encryption was used (which seems very practical and useful),
you could run a jondo on your PC whose only function was to link to
the jondo on the ISP and then set up the additional path through the
jondo net.  The path between your local PC jondo and the end one in the
path would be encrypted, so even root on the local ISP could not see the
contents of what you send down the jondo path.  He might still be able
to see when you were sending and when not, but he couldn't tell where
it was going.

Hal