Slashdot Mirror
NymIP: Anonymity At The IP Layer
Eloquence writes: "NymIP is a new project that aims to set a standard for Internet anonymity at the IP level. It was started by Zero Knowledge Systems, but is now led by Harvard's Scott Bradner, an IETF member. Some of the biggest players in the field participate in the project, which will be introduced at the 49th IETF Meeting that starts today." Comments especially sought from anyone who attends that meeting.
... they know they are doing something they shouldn't be doing. If no one was breaking the rules, then there'd be no problem. By that logic, when you shut your doors when going to toilet, you have something to hide, you must be doing something wrong. Why not let the well meaning authorities have cameras in your bathroom and your bedroom if you have nothing to hide? Why not let whole neighborhood watch you on the monitors as well? You are not breaking any rules, so why not?
You may know TCP/IP fairly well, but you don't know cryptography very well. It is possible for two parties to agree on a common random value without exchanging that value. This is the basic idea put forth in the Diffie-Hellman Key Exchange. Once you have a random number known to the two parties trying to communicate and no one else, you can use that number as an address to route the packets through the network. I don't know if this is what the research group has in mind but it is a possibility. Yes, there are some problems with this system, in particular the initial key exchange is not anonymous, but this makes it much harder to trace the actually data transfer.
The other thing too keep in mind is this: no matter what protocol you're using over the Internet, you can find out where the packets are coming from and going to. This includes ssh (Secure Shell), tunneling, normal TCP/UDP connections and even spoofed packets. This is done by running sniffers on each interface on a router (starting with the target that's being DoSed or whatever) and seeing which interface these packets came in on. You find out what that interface is connected to and start sniffing there. Repeat this process enough times, and you'll find out the source and destination of any packet.
In theory this will work, but once you cross an administrative domain, i.e. from one ISP's network to another ISP's network, you will find that they are so willing to co-operate. Read Cliff Stoll's Cuckoo's Egg for a real world example. It took him over two years to track someone, not because of technical problems, but because of adminstrative problems.
A company I used to work for had three different operating units with three different data centers in one building. To set up sniffers on the networks took two weeks of meeting and getting sign-off from data-center managers, since the managers didn't want their networks touched unless it was to fix a production problem in their network.
The Economics of Website Security
So I guess its up to the guy I shoot in the head to duck the bullet then?
I agree completely that we need to make privacy, security, and anonymity standard practices--to do otherwise draws attention to those of us who do use these tools consistently.
I also relish the thought of some three letter agency expending millions of CPU hours on my correspondence, only to find picayune (love that word--thanks) stuff :).
CEE5210S The signal SIGHUP was received.
Now no one can trace my mad fr1st postering sk1llz!!
B0mb-0mb hax0ring instructions are as follows:
Oh crap... forgot to czeck "Post Anonymously"
end communication
This looks like a good cause, but the first thing I noticed is there aren't any technical details to be found, from links on the page referenced, or even in the mailing list archives.
The other thing that makes me wonder is "how can this thing actually work?".
I know TCP/IP fairly well, and this doesn't make sense to me. I want to establish a TCP connection to another host (packets are going both ways), so how can I stay anonymous when the remote host needs to send packets back to me? It has to go from router A, to router B, etc and then back to my computer.
The only way around this issue is if a proxy is used, and I don't think this will work because someone has to provide massive amounts of bandwidth for these anonymous connections, and whoever is in control (or can gain control) of the proxy server would see everything.
The other thing too keep in mind is this: no matter what protocol you're using over the Internet, you can find out where the packets are coming from and going to. This includes ssh (Secure Shell), tunneling, normal TCP/UDP connections and even spoofed packets. This is done by running sniffers on each interface on a router (starting with the target that's being DoSed or whatever) and seeing which interface these packets came in on. You find out what that interface is connected to and start sniffing there. Repeat this process enough times, and you'll find out the source and destination of any packet.
To get IP traffic the sender needs to know what IP you are at, if they can get your IP they can log it. Proxies can disguise this, but you still need to trust the person running the proxy.
Running an anonymiser is a great way to conduct man in the middle attacks, particularly since you know anyone using an anonymiser is doing something they don't want people to find out about.
--
enterfornone - logging in for a change
I see your point, but I think your analogy is flawed.
While pedestrians can't put on a "Generic Pedestrian Mask," neither are all of their actions logged. Some of your actions are logged--video cameras will log that you walked into a store, credit card purchases create a paper trail as well--but you can avoid most of them (pay cash) and the ones that you can't avoid (security cameras) don't tie your action explicitly to your identity. They may have an image on tape of you walking into 7-11 to buy your copy of Juggs Magazine, but they don't know who that image represents without extensive research.
Furthermore, people don't just go for anonymity because they're doing something they shouldn't be doing. If you think you might have HIV, and you're looking at HIV information sites in a panic trying to figure out what to do and whether you're going to die, you have every moral AND LEGAL right to anonymity.
Also, it's not just concern about governmental monitoring that motivates people to go anonymous. I would argue that some cracker who wants to extort money from you is just as big a concern, as is the private investigator hired by your ex-spouse to dig up dirt on you.
And I don't buy the statement that "government organizations have better things to do than worry about what some joe schmoe is reading about." Plenty of non-paranoid types will agree that the government does a hell of a lot of grab-bag signal interception and analysis, i.e. Echelon.
Monkeytreats
It is interesting to note the tradition anonymity has in American Politics. Tracts like Paine's Common Sense were originally published anonymously. And after the revolution, highly influential papers like those in the Anti-Federalist Papers were penned under names like "Centinel" and "Federal Farmer".
Anonymity can serve as a check on the power of government (not to mention the wraith of the masses). There is a compromise, of course. If one can speak anonymously, one is safe to publish lies and slander. And it's rapidly coming to mean that you can publish hard-core kiddy porn and nuclear weapon schematics too.
Oh, well. Nobody said freedom was perfect. The alternative is to place your trust in your government, and hope no utterance you make ever comes to be regarded as seditious.
Me? Well, I guess it's enough to note that my real name isn't "Skald" :-)
"The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton