Countries for Anonymous Internet

Discussion in 'privacy technology' started by SteveTX, May 2, 2009.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    But wouldn't they have this same ability in every country?

    And in Russia how often would they actually follow the netflows back to the source or destination? with the size of Russia there would probably be thousands of encrypted tunnels going thru those 2 main internet exchanges.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    In a multiplexed network they need more than just international collusion, they will need to try to fight the multiplexing with expensive traffic analysis. And sorting through billions of netflows in a second is relatively simple for a computer, so not having multiplexing is dangerous.

    It's like following a current. You place a rubber duckie in the water and see where the data flows from and to. Except you have a billion duckies.
     
  3. blatnoy

    blatnoy Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    29
    Anyone have any idea what Canada's data retention/logging policy is?
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    No DR / DL in Canada
     
  5. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    How about Mongolia?
     
    Last edited: May 12, 2009
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    In Mongolia they have no internet, but all yaks are wiretapped.
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    Attached Files:

    • map.JPG
      map.JPG
      File size:
      43.6 KB
      Views:
      438
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Multiplexing is where you pull all of the data streams apart and then wrap them together again, correct? Like maybe unwrapping the strands of a rope.....and then you re-wrap the strands in a different order?

    You have also mentioned lag obfuscation. Does that have to do with the timing or frequency as it goes into and out from a particular server, making it more difficult to identify which connection went where?

    I seem to remember you mention that the connection is decrypted and then re-encrypted before it is sent to the next server. Is that correct?
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Imagine your stream from your computer, through our network, to your destination, is like a tube of colored jello. Cherry red jello data. Everyone other user has their own color as well.

    Your jello data reaches our entry node, and everyone's jello is put into a blender. Green, red, blue, yellow, whatever. What comes out is black and pretty nasty. This is multiplexing.

    It then gets sent across from one of our nodes to another node. That end node separates all the black gunk and turns it back into your red, green, blue, yellow streams of jello data. This is demultiplexing.

    If you need to really visualize it, watch this.
     
  10. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Greenland?
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for that Steve. You are really good at explaining these things for someone with no technical background.
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Iceberg retention, naturally.
     
  13. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    Actually Mongolia does have internet.
     
  14. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    Given Steve's comments regarding yaks, I think his post was somewhat facetious :)

    It is more likely that Mongolia is not somewhere you'd want to host any kind of server due to lack of significant infrastructure required for this exercise.

    Plus the yaks would keep chewing on the cables :(
     
  15. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    According the map Arran provided, Mexico, Brazil and Thailand would be the most privacy-friendly countries (marked green - I assume green is the best, though the legend explains red, orange and yellow colour but says nothing about green).

    Choosing a good jurisdiction is critical IMO. Personally, I would never use a VPN whose servers are in the USA or, God forbid, UK. As someone already said, the best countries for this purpose are those that are the least expected to cooperate with western countries authorities. That's why many vote Russia, Iran, Venezuela. I would add Cuba and Libya (if the local laws and infrastructure permit it).

    The country choice also highly depends on what purposes a user intends to use a VPN service for. For example, if somebody uses an anonymity service primarily for P2P, then probably Canada would be OK. If a Chinese opposition follower wants to blog anonymously then a USA server will do. If American family man wants to watch porn, Russia is perfect. If a European anarchist wants to fight EU bureaucracy than even China is good enough.

    Were I to propose a perfect chain, then it would probably be something like Venezuela - Ukraine - Brazil. :isay:
     
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    This way of thinking about anonymity is living in the dark ages. Proxy chains do not provide anonymity, and nor does linking remote countries in them. Time for someone to address this pervasive misinformation.

    to everyone: If you are depending on anonymity by proxy chains or magical thinking such as "remote countries have to cooperate to track me", you are not anonymous, and your provider is lying to you. Anonymity is achieved through anonymity techniques, not putting data out of the supposed reach of some other person or entity.

    Those things are very easy to defeat for any legitimate adversary, and many illegitimate adversaries. (August 1st, everyone.)

    Anonymity requires that the provider runs encrypted filesystem, stores no user data, doesn't create user logs, has a 2+ hop network, knowledge of upstream provider data channel properties (Internet Exchangers, Peering, info sharing, etc) and either is unobservable high-latency (i2p / mixmaster) or multiplexed low-latency, and must have sufficient crowding, and many other complicated factors.

    The reason I'm asking about countries, and maybe this is the next question, is what difference does it make? And would it matter if the remote node was the entry node, and the exit node was in some non-remote country, such as the one you live in? Why?
     
  17. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    SafetyFirst its actually the countries with marked the colour White who has the least monitoring. By the way there has been people in NZ busted with downloading child porn via P2P with the help of Brazilian Police informing NZ Police and giving them information. This would indicate that Brazil authorities do monitor internet to a certain degree and cooperates with other countries. So Brazil would not be a good place.
     
  18. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Steve, thanks for the quick reply.

    I didn't talk about open proxies. I assumed a quality anonymization service with all the proper techniques in place, like crowding, multiplexing and everything else you propose. That is conditio sine qua non.

    My point was that these hops better be in countries that don't give a damn what my government wants to know. I simply believe that no privacy service located in the USA or UK can resist the TLA pressure. Big brother has all the power. Nobody can assure me that some VPN provider will defeat NSA.

    That's why I want the nodes to be both legally and physically out of their reach.
     
  19. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    My understanding of the map you posted was that green countries are the least monitored and the white countries were not included in the testing.

    The example you give about police in Brazil and NZ cooperating is common today. It is to expect that in such cases different nations LE will help each other.
     
  20. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    hmm you cauld be right that the white countries were not tested. but all the white countries are poverty 3rd world countries and I can't see them bothering about monitoring the internet.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    Steve if you have time are you able to post a picture of how a 2 hop ssh proxy works? and why you need 2 hop+? Because it has always been my understanding that a encrypted tunnel connected is "Totally Secure" between your home computer and the proxy server Box. Is that not the case? If not then wouldn't internet Banking be a major security issue?
     
  22. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    SSH won't be anything, that would just be a chain, which is as good as just a single node. No need for 2 hop SSH, you can't really get anonymity there.

    encrypted Proxies != anonymity.

    Privacy vs. Anonymity
     
  23. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    I like using SSH to connect from work to home to surf via the web without snooping IT checking the servers for where I go, not that it's bad at all, but because it's none of their business. I get privacy but not anonymity with my SSH server.

    Same thing with my Usenet provider... I connect via SSL so I am private but my ISP knows to whom I am connecting when I use Giganews's servers.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.