Slashdot Mirror
Fling:Anonymous Protocol Suite
_endgame writes "Fling is a new suite of internet protocols that perform the function of DNS, TCP, and UDP in a manner that's both untraceable and untappable. Fling protects clients from servers, servers from clients, and both from an eavesdropper in-between. The result is that anyone can serve or retrieve any data, without fear of censure."
...this project is less than a week old and consists of some theories bandied about by a developer and he's friend (who is providing the crypto knowledge).
:)
Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.
PS: That said, I wish them luck.
One of the things that always strikes me as interesting about things like this is the posiblities for abuse. No - I'm not talking about things like trading warez, porn, MP3, or whatever the hot semi-illegal commodity of the week is.
I'm more interested in the possible effects for companies that keep wanting to do things like map out the Internet (see article last week here on /. about the group maping the 'net for advertising purposes) but don't want to really tick off admins who's machines they are adding to thier map. Same goes for script kiddies looking for machines (using nothing more than ping to see who responds) but want to keep from possibly alerting the admin at some company they are maping out.
Just a thought - I could, of course, be completely wrong!
Davis Ray Sickmon, Jr - looking for something to read? Check out my three free novels at MidnightRyder.org
This may take the release early release often a little far... Still looks quite young. But on the other hand, it reduces the chances of the project (or sometimes the author) being snuffed out before the public ever gets a chance to kick the tires. If i could encrypt my way out of a paper bag i'd help out with this one...
Seriously though, i think there is a need for a more modern, updated secure way to do this sort of thing. I think it is helpful if people can read what they want without fear of being profiled by evil govenrments (or even worse persistant spammers...) and I think it will allow people a little more freedom to be themselves.
---
Play Six Pack Man. I
This is a great idea, but being the sceptic I am, I have no doubt that another technology would be invented to 'remove' the anonymity that this tries to preserve. It's all a bit like the arms race. I'll make an anti-missle-missile and then you can make something on your missile that jams my anti-missile missile.. etc.... I can't see this set of protocols being implemented, because it isn't in bu$inesses/governments interest to have total anonymity and whether we like to admit it or not, that's the driving force behind the internet these days. M.
In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.
The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!
The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!
Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.
But what it lacks are any suggestions of how the system would scale... will it be like gnutella which now has so many users that the average modem user is struggling just to connect to the network.
Plus if my PC ends up routing mp3 files for other people using my 128k connection I wont exactly be pleased.
Added to this I would expect that there will be quite a reasonable bandwidth overhead given all the layers of encryption.
Certainly as a system for trading textual data it's reasonably sound but then usenet probaly works just as well for most people.
Added to this for a user to keep information persistantly on the network they still must be permanantly connected... which isn't really an option for opressed tibetan monks is it..?
all the anonymous/freenet/ZKS/crypto&privacy projects could really use some convergence and working together. OTOH, I suppose that if there are many, the likelyhood of them all being shut down approaches zero. but. maybe just extreme interoperability....
Returned Peace Corps IT Volunteer
...or is 100% untraceable Internet communication the cyber equivalent of perpetual motion--it would be Very Cool to invent, everyone wants it for various reasons, but the nasty truth is that you just can't get there from here?
The author's justifications are very much anti-tax (he appears to be a serious Randian). One of the unstated reasons that the U.S. government was believed to be anti-crypto was exactly that the widespread distribution of unbreakable crypto would allow the development of an underground untaxable economy. It's interesting that this web site's author comes right out and says pretty much the same thing.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Apart from the music and software industry people attacking this if it ever comes to fruition, wouldn't many systems and networks administrators be wary of it? It seems like something like this would make for some really nice DoS attacks even more untraceable than the current ones already are. So, unless I'm misunderstanding something, I'd expect opposition from a lot more fronts than just the entertainment groups.
It's sort of a hard question, should we introduce new technologies that make it easier for jerks to cause trouble if they're technically superior but don't really cause any huge huge problems? (I know this is a good idea, but how many people have really been censored or persecuted online who wouldn't have been if they used these protocols? From the cases I've seen I don't think this would actually help, but I could easily be wrong).
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
-- http://thegirlorthecar.com funny dating game for guys
I am reminded of Neil Stephenson's comment in Diamond Age about an untraceable communication protocol being the thing that made it impossible for tax collection agencies like the IRS to trace transactions and thereby bring down our current political/social model.
Sure this sounds great in theory, but considering the current state around the world, how would this be received?
The economy is globalizing quickly, and daily interaction across the globe is paramount. So considering China just recently picked Linux over Windows95/98 because it can examine the source code to make sure there aren't any caveats that the US could use to sabotage them in a crisis, and on the other hand, the US is so paranoid about other countries being super-secretive that they delayed the release of Apple's G4 machine because it could perform well in encryption/decryption. Would the US allow China to have this Fling technology? Would it not try to stop certain countries (*cough* Iran, China, Lebanon, North Korea *cough*) from utilizing "super-secure" technology to transport data?
This project may be doomed to the "oh-that-was-a-neat-trick-but-where-is-it-now?" hall of fame from the start.
It's only when we've lost everything, that we are free to do anything...
That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.
Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.
You mean the bit where he says "Here's my public key" and you encrypt your public key to it and send it back to him? Might be succeptable to a man in the middle attack (You need to take additional steps to verify the authenticity of the server) but you can't derive the keys when they're transferred automatically any more than you can derive them when I E-mail you my GPG key. And having my public key buys you nothing (Other than being able to send me encrypted data.)
Hmm... Using doubleclick cookies for encryption keys. That'd be... bizarre... Most of them aren't primes though, so I doubt it'd do you much good.
Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it. Is that guy one hop down downloading a file or is he just acting as a proxy/cache for someone else?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
In an ideal world, producers and suppliers of goods and services would be able to know the needs of its customers as much as possible so that the products could be quickly optimized. If the companies could get this information directly from the consumer, then the rate of evolution could be faster than simply having one company wait until it realizes that its competitor is making more money from a modified version of the product.
It would also be nice if these direct customer queries were as unobtrusive as possible. Telephone surveys in the middle of dinner kinda suck.
These lead to a DoubleClick sort of idea. As I see it, the main problem with DoubleClick isn't that information is being gleaned from your private life, it's that the information can be directly traced back to you. They can claim that they will just use the information in aggregate, but we can't really believe them that they won't abuse the system.
But if they only used an anonymous version of TCP to transfer the data, then we could use technical means (personal firewalls, etc...) to make sure they're keeping their word. So we would get the best of both worlds: privacy, and better products and services.
--
This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself...
Do you mean steganography? Or should we start working on an RFC for SHTP (Shorthand Transport Protocol)?
:)
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
This poses a threat to our ability to Innovate(tm). The Microsoft collective cannot properly satisfy its customers needs without being able to analize its needs. If we cannot freelly embrace the ideas of others due to encryption we cannot extend and expunge them.
We are Microsoft. You will be Innovated(tm). Resistance it futile.
Get over it, tcp is *not* an anonymous protocol, and stuff running over it will allways bring some party under the axe.
-- dieman - Scott Dier
Protection from criminal actions by governments, and more specifically criminals in governments, big business, financial instituations, etc. who use and write the "law" to protect their own limited criminal interests is vitally important. Equally, protection from individuals who use such protection to justify and protect their own individual thievery and rape of the creative elements in the society is important as well.
What we have is a war between the criminal elements that make up and contribute to the current internet and global culture. It is a war between criminal organisations who want to maintain their monopolies, and individuals who have been driven to criminal behavior by the rip offs in the world around them. It becomes a part of the culture. It is extraordinarily difficult to treat everyone you deal with with some sort of "code of ethics" or "code of honor" if you run into the argument that "only losers pay full price", as noted in a recent Salon Article; or you are trapped in the culture of "Net Slaves"
"It is a greater offense to steal men's labor, than their clothes"
caller ID vs. IP numbers
Reasons why an IP address is nothing like a telephone number...
Okay, the reason this isn't doable as you described is because your telephone is, in the main, a switched connection and the Internet is a packet connection.
Internet connections get split up into little segments called packets which are then routed by the best means available at that time. The exact route can vary from day to day (or minute to minute!). Ergo it is important to have the IP number visible to everybody, otherwise nobody knows where to send the replies back to.
Telephone connections (well in theory anyway) are not split up into packets. They exist as a static single connection from end to end (okay purists at the back stop squabbling, yes modern exchanges do use packets, but they also reassemble them to reform the single logical connection). Ergo you can safely hide your telephone number because the connection is already tied down at both ends and, most importantly, doesn't disconnect until the call is over (unlike an Internet connection which is lots of little brief connections and disconnections as packets arrive).
With a telephone, you don't need to know the callers' number, because remote end just replies to whichever line is connected. This wouldn't work with the internet, because the remote end could be receiving packets from thousands of different hosts in a very short time- there is no concept of a one-to-one static connection (not at the transport layer anyway).
And like you said, caller ID is only withheld to the person you're calling. You can be damn sure your telephone company know your number, who you called, and when! Then all the police or GCHQ or whoever have to do is ask your company for a copy of the logfiles.
--
Andrew Oakley - www.aoakley.com
There's been talks of two types of tinting for windshields that I've heard of so far. The first is the same as those automagic shading eyeglasses - dark in the sun light inside. The new materials do change rather quickly, the only problem can occur with the short runs of tunnels or other dark areas, where the material doesn't have time to clear up again. For eyeglasses, at least, this has improved miles from a few years ago. Quicker changing, less yellow color when it should be clear. The second method is an electronic shading system, similar to those crystal windows that are clear or opaque depending on whether or not a current is applied to them. This one gets expensive fast, and the durability and safety concerns are fairly high.
IIRC, in Arizona it is legal to have the tinted front windshield. A friend moved to NJ from there, and they had to get the windshield replaced before they could register the car. Pain in the @$$, that's for sure.
"It's tough to be bilingual when you get hit in the head."
- for i in `cat
/usr/dict/words`; do register $i; register $i.$i; done
And the internet is hereby mine!!! Muhahahaa.The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
Great! Not giving away your IP address is a fantastic idea! As long as we don't need to get information back from the server, it'll work for sure! Exclamation points can make the suckiest idea sound good if used right!
Seriously, though, you need to reveal your IP address so the server can send back the information you requested. That's what servers do.
Friends don't let friends misuse the subjunctive.
Make a hole in your backyard fence that is just large enough for your chickens to get through and eat in your neighbors garden -- and just small enough that your neighbors chickens cannot get through to eat in your garden.
Once you have solved this, the Internet is easy.
When you are dancing with wolves, never limp
Secure protocols will have more overhead because they need certain things beyond simply getting the data to the target. To avoid traffic pattern analysis you try to pad packets to fixed lengths, split streams up and send some junk so that bursts don't stand out, send dummy packets when traffic is low, and so on.
You need secure low level protocols to give yourself a fighting chance at anonymous exchanges. Running such protocols at a higher level over something that is essentially an end-to-end protocol just points out the path used to route the `crypted data. At that point the unfriendly government steps in and has you blocked or arrested.
The same technologies taht allow you to publish your anti-government newspapaer in a totalitarian state allow the distribution of porn and information on controlled substances. Sorry, information is information; differing states have declared diffeerent bits of information "bad" at times, the tools to supress one type can supress all types of information
As for Fling specifically, I noticed that it uses IP4 addresses putting it behind current tech. I'd like it better if it's internal addresses were larger than IP6.
Maybe you should read this guy's horror story about Gnutella before you cheer the idea of Gnutella doing this. If you couldn't trace and track who was doing what, you couldn't retaliate against people blatantly breaking the law. Fling could be a spammer's heaven if it does what it seems to be saying it does -- protecting servers and clients from each other. If you can't know who's screwing with you, you can't know how to stop them.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Ushers will eat latecomers.
IP is just rude.
Is there any torture so subl
I generally agree with arguments for no censorship except for pedophilia. Pedophilia involves mentally and physically abusing children, it is reviled most cultures and for good reason.
The existence of a market for pedophilia means that somewhere in the world a child is being abused to satisfy that market. Censorship reduces this market and frankly I will support it to my dying day.
A persons rights to express themselves should stop short of abusing another person's rights and pedophilia does abuse the rights of others.
Some more:
1) In cases of fraud, you have no proof. After all, if the company is hiding the fact that it's conducting business to commit tax evasion, it's not going to be easy to find evidence that they cheated you.
2) SPAM. How can you stop, filter, or track down SPAM if you don't know where it's coming from?
Also, as you point out, hiding the actual internet transactions themselves isn't going to magically make the IRS not know you're in business. Your physical distribution channels, employee benefits paperwork, and building rent should give you away. I completely disagree with the anti-tax rhetoric he's spewing, but the protocol is dangerous to its own users in ways that he obviously can't see through his extremist world-view. His stance on hard-core pornography and children shows that he also actively refuses to acknowledge some of these problems. I'd love to see what his takes on SPAM and fraud are.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
(Which doesn't mean that the conclusion - censorship is evil - isn't correct, just that the arguments used here to support it are full of holes.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Someone should really patent this, it sounds like wonderful technology. Maybe when I get thru with my WOM (Write Only Memory) patent (I can acheive memory densities that are beyond your imagination!!!) I'll work on this one.
The sad part is, with the current state of the PTO, you probably could patent both of these if you wanted to spend the time and money.
Actually with freenet (as I understand it) you CAN tell where the data is stored. Or rather you can find out some subset of locations where it is stored.
:)
However...observation is not a passive act. Simply observing where the data is stored causes it to propagate to new locations. Thus it becomes like trying to nail jello to a tree...
aint replication a bitch?
"I opened my eyes, and everything went dark again"
Fling destroys forever the ability of anyone to force the content of the information you share. That information will also include ecash - so fling will destroy anyone's ability to control or surveil online purchases, transfers, or holdings
Does the Fling system prevent finding the original sending IP of the message? Yes, but so does classic IP spoofing. Now, we all know that any real sysadmin can get around that by contacting other sysadmins on the packet's path.
The layered encryption is a waste of time --- any idiot with a copy of the Fling source can decrypt the message down to the final level --- and discover all the targeted computer on the path. Plain old PGP would accomplish the same (w/o revealing the 'allied' machines on the route).
And of course there is no server authentication, which makes the utterly useless for ecommerce.
All in all, Fling wastes bandwidth with uneccesary encryption, and offers no real increase in security. Sorry guys. No party today.
I just finished reading the "Philosophy" section of Fling's Sourceforge site and I've got that same creepy feeling I always get whenever I see a Randroid running at full tilt. I get the feeling that many geeks latch onto Rand because she appeals to their revenge fantasies.
I have no disagreement with the personal responsibility aspects of Objectivism -- ultimately, each one of us has to sleep in the bed that he or she made. The "me first always" stance really bothers me though. The blanket assumption that the disadvantaged are that way because they earned it or are lazy and incompetent smacks of the purely greedy kind of thinking that may end up being our ultimate demise.
Want a nervous laugh? Go hit the Ayn Rand Institute's site and check out articles such as Sweatshop Opponents want to Violate Worker's Rights, Against Environmentalism, or my all-time favourite, Why Christmas Should Be More Commercial (Even if you're not religious, don't you think we really overdo that holiday's shopping aspect?).
Want some food for thought? Check out author Paulina Barsook and what she has to say about the kind of libertarianism that many people in high-tech are buying into these days.
I had trouble telling what the technical goals of the project were - are they addressing traffic analysis, or only protecting content? They're describing a bunch of complex shuffling, but don't indicate why they chose those methods and what attacks they're trying to protect against. Some of the earlier projects like Pipenet and Onion Routing found that there are theoretical weaknesses if you only send traffic when you have real traffic, or if you do anything that makes it possible for an eavesdropper to tell what the boundaries between messages are, because the eavesdropper can do enough correlation to identify reasonably accurately where the traffic is going. The alternative is to build connections between sites that always have constant traffic levels, using filler traffic when there's no real traffic. This has a major cost/performance impact that affects the willingness of servers to support this kind of application. By contrast, IPSEC gives you all the privacy you need by encrypting, but doesn't try very hard to block the user identification.
Privacy servers like this also depend on having lots of users - if there are only two people using it, it's easy to tell who's communicating with whom. It's nice to do technology, but you also need to work on a social or business model that encourages lots of people to run the client, and if it's got separate servers, to run servers as well. That's one of the cool things about Zero Knowledge - they've got a model that they hope will achieve this, though whether they succeed will depend on whether they implement it well enough for users to accept it and whether they can market it well enough to really take off. Some things are overnight successes - Hotmail, Napster - while others limp along at a low level for a long time, like the current remailer networks, mainly because they're annoying to administer and responding to complaints when they're abused is annoying. I wish the Fling folks good luck - but there's a lot of work they've got ahead of them to make it working and accepted.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's funny you use the example of drug dealers when talking about trusted businesses. The only kinds of businesses which need to hide themselves from their customers and conduct business secretly are those that have something to hide, whether that be tax evasion or some other illegal dealings. Companies like Amazon.com and eBay will never have to use Fling. When you build a network dedicated to shady dealings, you're not going to have much in the way of people to trust.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
I made it onto slashdot with Fling, and it's been less than a week...
Okay people, some cold hard facts.
One, fling is theoretical at the moment. I don't even have a byte complete protocol, although I expect to within days.
Two, I'm not throwing the doors open to developers until there's enough of a skeleton there for you to see where to put the flesh. Otherwise the project will mire into a mass committee blunderfest. Of course, once the protocol's up, you can make your own versions in parrallel, if you want. This may even be useful, if you're porting it to other OSes or languages.
That said, thanks for the attention, I intend to see this becomes big.
My current focus is on getting a the route ball as small as poss while staying secure. Experienced crypto designers would be welcome help right now.
> We have a constitutional right to anonymity? Just curious?
My take on this is, we have a Constitutional protection for Speech. If you feel that, in order to protect yourself from stigma attached to words you feel _must_ be said, you may do so anonymously.
It's the same principle followed by those who wrote "The Federalist Papers". There were several men who did that, and they all used a common pen name. In that way, they were able to put forth ideas into the going public debate without bringing the Redcoats to their homes to burn them down and kill them, their wives, and their children.
--Corey
Not only will they not deserve liberty or safety, Mr. Franklin, they will be DENIED both!