 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> Overview and code:
> http://code.google.com/p/phantom/
>
> Actual useful descriptive paper:
> http://www.fortego.se/phantom-paper.pdf
>
> Very well-written paper. How to have a completely anonymous overlay
> network on the internet. Some very interesting techniques in there, even
> if the project per se never takes off.
>
Interesting. No comment though until I have read all 68 pages :-) (It's
Sunday)
John
--
"Eppur si muove" - Galileo Galilei
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 08-Nov-08 18:46, Darren New wrote:
> Overview and code:
> http://code.google.com/p/phantom/
>
> Actual useful descriptive paper:
> http://www.fortego.se/phantom-paper.pdf
>
> Very well-written paper. How to have a completely anonymous overlay
> network on the internet. Some very interesting techniques in there, even
> if the project per se never takes off.
>
I read parts of i.e. I skipped the implementation part. Some comments
about the issues and motivations:
- IP owners try to restrict the use of any technology that *could* be
used to transmit content that they own.
This seems to be the major motivation of this paper. It is yet another
scheme to circumvent the financial consequences of IP. There are two
sides to this. Like most of us here I do admit that especially in the US
some established industries seem to have bought legislation to postpone
innovation with all the associated risks that somebody else may get a
piece of the cake. Yet, like all of us here I do know that there are
also legitimate IP cash flows. I am not yet prepared to give up the
latter because I sometimes disagree with the former. The author OTOH
takes a dogmatic point of view that any exchange is allowed irrespective
of content.
- The internet is used for SPAM, viruses, trojans, identity theft etc.
No mention of that as far as I can see, apart from his reassurance that
it has been taken care of. But I don't see any substantiation of that.
- Content on the internet may contain child porn, attack plans from
terrorist groups and other things that any government wants to block.
No mention of that as far as I can see, apart from his reassurance that
it has been taken care of. But I don't see any substantiation of that.
- Content on the internet may contain information that some governments
might want to block.
Claimed to be solved by this protocol, however page 19: '(remember, it
is not a secret that you are connected to the anonymous network, only
who you are communicating with on this network, and what you are
communicating!). Unless this protocol is used in a myriad of other ways,
if you live in a country that restricts the internet to sites that they
agree with, being connected to this network will be a problem. Besides
you can be pretty sure that cross border anonymous communication will be
impossible too.
- Companies try to restrict bandwidth use by restricting traffic to work
related activities.
This is an on going problem. I think companies have a point if the block
e.g. youtube. If you can use another protocol to circumvent that at the
extra expense of a bit more overhead, I would not be happy as a company.
There is also the related problem of leaking of IP (trade secrets) and
privacy information. The firewall of my hospital is already leaky
enough, I don't need another tunnel, thank you very much.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
stbenge wrote:
> I didn't read the pdf. I have no patience for those things.
tldr.
> The idea reminds me of the Xnet, an encrypted internet within the
> internet as portrayed in the book "Little Brother."
Thank you. I'm always on the look out for good new sci-fi. :-)
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> - IP owners try to restrict the use of any technology that *could* be
> used to transmit content that they own.
>
> This seems to be the major motivation of this paper.
I think that's one motivation. The other, of course, is being executed
for what you write online. :-)
> - The internet is used for SPAM, viruses, trojans, identity theft etc.
>
> No mention of that as far as I can see, apart from his reassurance that
> it has been taken care of. But I don't see any substantiation of that.
I think he means that you won't be able to send anonymous spam through
the system onto the general internet. Nobody is going to be using this
to threaten political figures via email without getting identified,
because nothing that's anonymous will actually go onto the non-anonymous
internet without someone specifically approving it.
> - Content on the internet may contain child porn, attack plans from
> terrorist groups and other things that any government wants to block.
My search of the document revealed none of the words "child" nor
"terror" nor "government". I'm not sure where in the document you saw that.
> - Content on the internet may contain information that some governments
> might want to block.
>
> Claimed to be solved by this protocol, however page 19: '(remember, it
> is not a secret that you are connected to the anonymous network, only
> who you are communicating with on this network, and what you are
> communicating!). Unless this protocol is used in a myriad of other ways,
> if you live in a country that restricts the internet to sites that they
> agree with, being connected to this network will be a problem. Besides
> you can be pretty sure that cross border anonymous communication will be
> impossible too.
Near the end of the paper, he recommends that it run over the normal SSL
mechanisms on the normal 443 port number, to make it difficult or
impossible to distinguish this traffic from normal e-commerce type
traffic, and to make it financially difficult to filter it out
automatically.
> - Companies try to restrict bandwidth use by restricting traffic to work
> related activities.
>
> This is an on going problem. I think companies have a point if the block
> e.g. youtube. If you can use another protocol to circumvent that at the
> extra expense of a bit more overhead, I would not be happy as a company.
Except that youtube would have to explicitly serve their content onto
the anonymous network. Not that they couldn't, but if you're going to
have an anonymous protocol at all, this is exactly the sort of thing you
can't stop - some particular group of people getting to particular stuff.
> There is also the related problem of leaking of IP (trade secrets) and
> privacy information. The firewall of my hospital is already leaky
> enough, I don't need another tunnel, thank you very much.
You already have one. SSL is a killer in this regard. That fight was
lost 15 years ago, as soon as people started tunneling inappropriate
content over HTTP explicitly to bypass firewalls. Why do you think Java
.code files get served as application/octet-string instead of something
that actually says it's Java?
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 09-Nov-08 19:14, Darren New wrote:
> andrel wrote:
>> - IP owners try to restrict the use of any technology that *could* be
>> used to transmit content that they own.
>>
>> This seems to be the major motivation of this paper.
>
> I think that's one motivation. The other, of course, is being executed
> for what you write online. :-)
>
>> - The internet is used for SPAM, viruses, trojans, identity theft etc.
>>
>> No mention of that as far as I can see, apart from his reassurance
>> that it has been taken care of. But I don't see any substantiation of
>> that.
>
> I think he means that you won't be able to send anonymous spam through
> the system onto the general internet. Nobody is going to be using this
> to threaten political figures via email without getting identified,
> because nothing that's anonymous will actually go onto the non-anonymous
> internet without someone specifically approving it.
I doubt that. We do have servers in the regular internet that will hide
the IP address of a client already. The same will happen if this gets
implemented. Some machines (many of them actually, knowing or unknowing)
will connect this anonymous world to the real world. And that will also
happen with youtube and the 18+ variants of that, servers will accept AP
traffic and pass it on as genuine IP traffic to youtube.
>> - Content on the internet may contain child porn, attack plans from
>> terrorist groups and other things that any government wants to block.
>
> My search of the document revealed none of the words "child" nor
> "terror" nor "government". I'm not sure where in the document you saw that.
There isn't anything in there about that and that was my point. Just
above) exploiting this anonymity to commit serious crimes like those in
and taken care of in the design of the protocol too, in one of the most
clean and beautiful of ways possible.' That is the only reference of
misuses of the internet anonymity that I could find.
>> - Content on the internet may contain information that some
>> governments might want to block.
>>
>> Claimed to be solved by this protocol, however page 19: '(remember, it
>> is not a secret that you are connected to the anonymous network, only
>> who you are communicating with on this network, and what you are
>> communicating!). Unless this protocol is used in a myriad of other
>> ways, if you live in a country that restricts the internet to sites
>> that they agree with, being connected to this network will be a
>> problem. Besides you can be pretty sure that cross border anonymous 7
>> communication will be impossible too.
>
> Near the end of the paper, he recommends that it run over the normal SSL
> mechanisms on the normal 443 port number, to make it difficult or
> impossible to distinguish this traffic from normal e-commerce type
> traffic, and to make it financially difficult to filter it out
> automatically.
Didn't see that, not sure if that would matter.
>> - Companies try to restrict bandwidth use by restricting traffic to
>> work related activities.
>>
>> This is an on going problem. I think companies have a point if the
>> block e.g. youtube. If you can use another protocol to circumvent that
>> at the extra expense of a bit more overhead, I would not be happy as a
>> company.
>
> Except that youtube would have to explicitly serve their content onto
> the anonymous network.
See above, anyone could provide that 'service' to youtube.
> Not that they couldn't, but if you're going to
> have an anonymous protocol at all, this is exactly the sort of thing you
> can't stop - some particular group of people getting to particular stuff.
My 'guess' is that it would be used for anything that is not allowed in
the day world and little else. The only other reason to use something
like this would be if it would have provided a mechanism to reduce SPAM
at the same time. I did have some hope that he was on to something when
I read that paragraph at page 7 that I quoted above. Quod non.
>> There is also the related problem of leaking of IP (trade secrets) and
>> privacy information. The firewall of my hospital is already leaky
>> enough, I don't need another tunnel, thank you very much.
>
> You already have one. SSL is a killer in this regard. That fight was
> lost 15 years ago, as soon as people started tunneling inappropriate
> content over HTTP explicitly to bypass firewalls. Why do you think Java
> .code files get served as application/octet-string instead of something
> that actually says it's Java?
I said I knew it was leaky already. The point is that I don't want any
physician to regularly use a tunnel because the technology is so
abundant that you don't know you are doing it. I know how to compromise
the privacy of patients in our hospital, but I know what I am doing and
though about it. So I won't do it. I am deliberately not using tunnels
even though it could make my life a bit easier.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> I doubt that. We do have servers in the regular internet that will hide
> the IP address of a client already. The same will happen if this gets
> implemented. Some machines (many of them actually, knowing or unknowing
)
> will connect this anonymous world to the real world. And that will also
> happen with youtube and the 18+ variants of that, servers will accept A
P
> traffic and pass it on as genuine IP traffic to youtube.
Yes. But servers who do that are doing so at their own risk. In other
words, the point of the protocol isn't to give anonymous access to the
regular internet, but to allow anonymous access between two anonymous
parties. If you set up your own server to share (say) illegal content
between the "normal" internet and the anonymous servers, you could
indeed get in trouble.
> There isn't anything in there about that and that was my point. Just
> above) exploiting this anonymity to commit serious crimes like those in
on
> and taken care of in the design of the protocol too, in one of the most
> clean and beautiful of ways possible.' That is the only reference of
> misuses of the internet anonymity that I could find.
Huh. I wonder what he meant by that. :-) I certainly don't remember
reading anything that would imply there's any content type filtering
going on. Again, I think it was more along the lines of "you can deny
you know anything about what went through your machine" and "nobody can
look at your machine and tell you're forwarding stuff between two
terrorists." Not that terrorsts won't be able to use it, but that it's
safe to set up a server of your own.
Unlike, say, setting up a torrent server, which nowadays can get you in
legal trouble even tho you *don't* have any copyrighted material on the
server.
>> Near the end of the paper, he recommends that it run over the normal
>> SSL mechanisms on the normal 443 port number, to make it difficult or
>> impossible to distinguish this traffic from normal e-commerce type
>> traffic, and to make it financially difficult to filter it out
>> automatically.
>
> Didn't see that, not sure if that would matter.
Yeah. It's more a probabilistic argument, I think. Certainly an ISP
can't afford to shut down port 443 on all their customers.
On the other hand, this means you can't run a normal SSL-enabled web
server and an anonymous web server on the same IP address, so you'd wind
up with places like google having to host two sets of IP addresses
anyway, and an ISP could then attack those connecting to the second set
of google ports, for example.
He has an interesting legal approach to it. Not that I'm confident it'll
work, but it was a cute idea.
He also doesn't address a bunch of things like NAT, asymetric bandwidth,
changing IP addresses, and so on.
> See above, anyone could provide that 'service' to youtube.
Right. But that person can then get sued if what they're doing is illegal
.
> My 'guess' is that it would be used for anything that is not allowed in
> the day world and little else.
Quite possibly, yes. On the other hand, it may help to reduce the amount
of what is "not allowed in the day world." :-)
Really, it's an interesting approach to the problem, even if it doesn't
solve every possible problem, and even if his claims for what it *does*
solve are easy to misinterpret to mean more than he actually sovles.
> I said I knew it was leaky already. The point is that I don't want any
> physician to regularly use a tunnel because the technology is so
> abundant that you don't know you are doing it. I know how to compromise
> the privacy of patients in our hospital, but I know what I am doing and
> though about it. So I won't do it. I am deliberately not using tunnels
> even though it could make my life a bit easier.
Yes, I suppose if you have too many layers, figuring out where leaks are
can be problematic.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 09-Nov-08 21:21, Darren New wrote:
> andrel wrote:
>> There isn't anything in there about that and that was my point. Just
>> above) exploiting this anonymity to commit serious crimes like those
>> consideration and taken care of in the design of the protocol too, in
>> one of the most clean and beautiful of ways possible.' That is the
>> only reference of misuses of the internet anonymity that I could find.
>
> Huh. I wonder what he meant by that. :-)
Yeah, me too.
> I certainly don't remember
> reading anything that would imply there's any content type filtering
> going on. Again, I think it was more along the lines of "you can deny
> you know anything about what went through your machine" and "nobody can
> look at your machine and tell you're forwarding stuff between two
> terrorists." Not that terrorsts won't be able to use it, but that it's
> safe to set up a server of your own.
The only interesting way you could use such a technique to make your
world a little safer might be to use it to disconnect a group of trusted
machines from the rest of the net. Then again, such techniques might
not be completely new.
>> See above, anyone could provide that 'service' to youtube.
>
> Right. But that person can then get sued if what they're doing is illegal.
That would only be illegal if using youtube implies signing an EULA that
you won't carry the stream over to a network using a non IP-protocol.
Which I doubt is the case.
>
>> My 'guess' is that it would be used for anything that is not allowed
>> in the day world and little else.
>
> Quite possibly, yes. On the other hand, it may help to reduce the amount
> of what is "not allowed in the day world." :-)
Not actually, only visibly. Pr0n surfing will continue, but it won't
show up on your stats at the ISP anymore. Bandwidth is taken anyway.
> Really, it's an interesting approach to the problem, even if it doesn't
> solve every possible problem, and even if his claims for what it *does*
> solve are easy to misinterpret to mean more than he actually sovles.
>
>> I said I knew it was leaky already. The point is that I don't want any
>> physician to regularly use a tunnel because the technology is so
>> abundant that you don't know you are doing it. I know how to
>> compromise the privacy of patients in our hospital, but I know what I
>> am doing and though about it. So I won't do it. I am deliberately not
>> using tunnels even though it could make my life a bit easier.
>
> Yes, I suppose if you have too many layers, figuring out where leaks are
> can be problematic.
>
I am more concerned about people with access to privacy information and
no knowledge of what the consequences could be. Using a tunnel is OK,
doing it for vital information on a machine that is connected to the
internet without adequate malware protection or firewall, is not OK.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> The only interesting way you could use such a technique to make your
> world a little safer might be to use it to disconnect a group of trusted
> machines from the rest of the net. Then again, such techniques might
> not be completely new.
I think you want exactly the opposite of anonymity-enforcement for that.
>>> See above, anyone could provide that 'service' to youtube.
>>
>> Right. But that person can then get sued if what they're doing is
>> illegal.
>
> That would only be illegal if using youtube implies signing an EULA that
> you won't carry the stream over to a network using a non IP-protocol.
> Which I doubt is the case.
Right. Especially since this is, technically, an IP protocol. :)
>>> My 'guess' is that it would be used for anything that is not allowed
>>> in the day world and little else.
>>
>> Quite possibly, yes. On the other hand, it may help to reduce the
>> amount of what is "not allowed in the day world." :-)
>
> Not actually, only visibly. Pr0n surfing will continue, but it won't
> show up on your stats at the ISP anymore. Bandwidth is taken anyway.
Re-reading my sentence, I have no idea what I was thinking when I wrote
that. Nevermind.
>> Yes, I suppose if you have too many layers, figuring out where leaks
>> are can be problematic.
>>
> I am more concerned about people with access to privacy information and
> no knowledge of what the consequences could be. Using a tunnel is OK,
> doing it for vital information on a machine that is connected to the
> internet without adequate malware protection or firewall, is not OK.
Sure. And what you probably really want is mandatory access controls.
Any program that opens for reading a file with patient information is
not allowed to write to any program that you (i.e., the sys admin /
"security officer") haven't vetted. Difficult to enforce when it's not
built into the system, tho.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 10-Nov-08 2:04, Darren New wrote:
> andrel wrote:
>> The only interesting way you could use such a technique to make your
>> world a little safer might be to use it to disconnect a group of
>> trusted machines from the rest of the net. Then again, such
>> techniques might not be completely new.
>
> I think you want exactly the opposite of anonymity-enforcement for that.
My initial though was that you could use something like this to have a
part of the internet transparently only accessible to people you trust.
Then again, if the group is large enough someone is going to misuse it
and then you want to know who it was. So you're right this won't work.
But I can think of at least two groups that do want to have a separate
part of the internet without knowing ones true identity. One will make
the world a less safe place and the other will make it a less happy place.
In conclusion: AFAIAC this leaves the set of useful and desirable
applications of this protocol empty. So I guess somebody will implement
something like this.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> My initial though was that you could use something like this to have
a part of the internet transparently only accessible to people you trust.
That's what a VPN is for. :-) And PKI certificates.
> In conclusion: AFAIAC this leaves the set of useful and desirable
applications of this protocol empty. So I guess somebody will implement
something like this.
Heh heh. Sadly true.
Note that in my "this is cool" statement, I meant the techniques and
technology, and not the particular applications. For example, the idea
that you can get anonymity because the guy you're directly connected to
can't tell if you're the endpoint or not is cool.
Of course, given enough laws, even this breaks down, if you can (for
example) confiscate the entire chain of machines one at a time without
any of them going offline long enough to alert the quarry.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
