Search Mailing List Archives
[liberationtech] Jacob Appelbaum's Ultrasurf Report
mpm at selenic.com
Fri Apr 27 09:35:33 PDT 2012
On Fri, 2012-04-27 at 03:10 -0400, Roger Dingledine wrote:
> On Thu, Apr 26, 2012 at 04:15:04AM +0100, StealthMonger wrote:
> > If the channel has low latency, no hacking can conceal the packet
> > timing and volume correlation at the endpoints. It is high random
> > latency and thorough mixing that gain mixmaster its anonymity.
> > Dingledine and company would agree.
> Your "thorough mixing" phrase is critical here.
> Once upon a time, when we were working on both Mixminion and Tor, we were
> thinking of it as a tradeoff: Mixminion offers some protection against
> end-to-end correlation attacks , but the price is high and variable
> latency; whereas Tor offers basically no protection against somebody who
> can measure  flows at both sides of the circuit, but it's a lot more
> fun to use.
..which reminds me: there may be merit to an architecture that uses a
relatively constant, quantized bandwidth to mask traffic. So for
instance, if you have 12kBps of peak outbound requests (as measured over
the last minute, say, you send a steady stream of 10kBps (mostly noise)
to your entry point so that no one can correlate your inbound requests
with traffic leaving the entry point or arriving at end point. This rate
can be pushed up in fixed increments that disguise actual throughput but
never fall below a minimum that disguises small transactions like IMAP
Providing cover for bursty traffic like web browsing in the reverse
direction is trickier, but is equally doable, provided you can budget
for the bandwidth and/or buffering at the entry points.
One way to mitigate the bandwidth waste is to arrange that some of the
'filler' is actually other people's onion-routed data, which can be done
if clients have more than one entry point and the entry points are
routing data to each other through the clients.
Mathematics is the supreme nostalgia of our time.
More information about the liberationtech