Can remote port forwarding compromise my anonimity while using VPN?

Discussion in 'privacy technology' started by Bolt, Mar 20, 2010.

Thread Status:
Not open for further replies.
  1. Bolt

    Bolt Registered Member

    Joined:
    Feb 12, 2010
    Posts:
    7
    Perfect Privacy offers remote port forwarding for all their accounts (see details here: https://blog.perfect-privacy.com/2009/06/30/perfect-privacy-remote-port-forwarding/). However, by ensuring that each user needs to use several particular ports in order to, say, get a high ID on eMule, they could unmistakably link traffic going through those particular ports to a single one of their users. Am I correct here? Would it therefore be wiser not to do port forwarding in order to improve anonimity at the expense of getting a low ID?
     
  2. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    I don't see how it would make a difference, unless they only log your activity when you use remote port forwarding. Otherwise they either log you or they don't.
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Port Forwarding = Not Anonymous. The traffic is entirely attributable to a single computer and can be followed back to the source by observers. This can also be a source to execute exploits as it is virtually a direct connection to your computer.
     
  4. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Please explain? I understand that traffic would be attributable to a unique machine, but I don't see how it could be traced back further than the VPN provider. Traffic between the VPN provider and the client is in an encrypted tunnel and does not reveal the ports used.
     
  5. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    VPN + port forwarding is the equivalent of not using any anonymity provider at all. Port forwarding reduces anonymity to pseudonymity because it eliminates crowding. Pseudonymity is the protection you already had from your normal public IP address. Ex: It is synonymous to you, directly attached to your machine, but your named identity is not stated, and anyone with a warrant can get your real identity from your ISP. Using VPN + port forwarding results is the same properties.

    All traffic on that IP is necessarily yours. Who "you" are is not publicly advertised, but we can be sure it is yours. Bonus: It also means I'm free to directly attack your machine from the internet, eliminating the firewall protection a VPN provides!
     
  6. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Nope, I'm still not seeing it.

    Harsh. You still have an IP address that isn't yours, you're still going across an encrypted tunnel. The only difference is that you have a port that accepts incoming connections. Anything you connect to is going to know the VPN provider egress address either way, anything you connect to is still going to be transferring stuff to you, the only difference is that you can be contacted on a specified open port. I don't see how that removes any anonymity at all.

    How? Your ISP doesn't have any more information if you use port forwarding since all traffic through them is encrypted. Your VPN provider doesn't have any less information since you're going through their endpoint they know what ports your using whether transient or mapped.

    That's just not true. All they are giving you exclusivity on the ports not the IP address. Just like on a NAT router, they are opening specific ports for specific clients, but others may still be on that address. (even if you did get an exclusive address I don't see how that would reduce anonymity, either way the VPN provider can, if they preserve logs, identify you. transient port use can be logged and identified just as easily as static ports).

    You are correct, but then your's saying that there is never a need to open a port. Might not be for you, but for many people there are, servers of various kinds, some games (especially servers), and P2P are just three broad examples of why people have to open a port for incoming traffic. And you know, depending on the port and the service, say a game or bittorrent, it's not really that big a deal.
     
  7. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Encryption has nearly nothing to do with anonymity. Encryption is content protection. Anonymity is context protection. You could have an encrypted pipe to a million nodes, but if i can trace the encrypted traffic back to you, the traffic is not anonymous, it is attributable to you. Let me break that down real quick: Context is like an envelope around a letter. I can't see the letter itself, that is the content. On the envelope I can see where it is going, where it has been, what its size is, postage, weight, date, etc. I don't know what is inside it, but with enough context clues i can guess at the content. Anonymity protects the who, where, when, why. Encryption protects the what.

    In your model, i can't see what is in the data inside the encrypted tunnel, but I can attribute the traffic to a unique entity, and thus it is not anonymous because the anonymity set has been wiped out and replaced with a pseudonym: your new IP and port == you.

    As your ISP, I may not be able to see your torrent or other data in plaintext, but I still know your traffic source and destination between you and PP. If i am a big operator and have access to IXs or core routers, I can not only see the data going into PP, but also coming out. It would be just like watching a python swallow a basketball using a netflow analysis, and just as easy to follow.

    Exclusivity on the port is the same as exclusivity on the IP, you just took all the crowding and split it apart. Presume they crowd the IP space, but then they don't crowd the port space. Let's put that into a model and evaluate the anonymity set. Let us say in the normal internet, 1 person = 1 IP. In an anonymity network, you get crowding and 1000 persons = 1 IP. Then it is not attributable, presuming all traffic exits off the same or rotating/split ports. Now let us say you split that IP address apart using port forwarding: 1 person = 1 port. Each user has their own port on the IP address. Now it no longer matters to watch the IP address, I just watch the port traffic because it is all split up for me per user, and the anonymity is gone because I can now attribute each stream of port traffic to a unique entity.

    You may want to open a direct port forward, but as soon as you do you are saying "this is my traffic, all traffic through this port is mine". The traffic is then attributable, and merely needs to be assigned to an identity, which can be done through a number of techniques inside or outside the provider when port forwarding is being used.
     
  8. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Right, but whether there is a port open or not doesn't change anything. Encryption does make a difference. If some third party wanted to determine the originator of certain traffic coming out of a VPN provider, then they simply can't match it up to incoming traffic by content since it is encrypted. If they don't have access to the VPN providers equipment or logs they have to resort to traffic analysis. If the particular traffic they are trying to identify is small while the amount of aggregated VPN traffic is large that can be difficult.

    If you can see my VPN traffic then you always can see the source and destination, and can attribute it to a unique entity. Thus by your definition it's never anonymous. Opening a port doesn't change anything. As I mentioned before. You should probably read the document the OP referred to on Perfect Privacy and port forwarding. They do not assign a static IP and the open ports you get are determined by the IP you receive for a particular session.

    But the fact is all TCP traffic has a source and a destination, all VPN traffic is subject to traffic analysis, and opening an inbound port doesn't make that any harder or any easier.

    Yes, traffic analysis, I don't disagree, but opening an in-bound port doesn't make it easier. And it would be more like watching a python sallow a bucket of ping pong balls and trying to identify a particular one. The more traffic there is the more difficult that becomes.

    You can say it belongs to a unique entity, but it doesn't give you any further info in identifying that entity. And if you have a sniffer on the egress of the VPN where you can look at traffic on ports, then you can still determine the same thing whether they are mapped ports or not. You are still using an IP, you are still using ports, a sniffer can still look at the packets and separate the flows and determine each connection. If you have access to the line then it doesn't matter if the port is mapped or transient, you can get the same amount of information either way. If mapping a port is pseudoanonymity then so is not mapping a port since you get just as much information about the originator of the connection either way.

    No you're saying "this traffic is someone's", there still isn't anything else pointing to the originator. And who are you saying it to? Someone with a sniffer watching traffic in and out of the VPN provider? They can do just as effective traffic analysis on communication flows that don't require an open port as ones that do. You still haven't told me one thing that opening a port does that makes it easier to identify a specific user. Traffic analysis in no way depends on an open port. When someone logs on to Perfect Privacy they are going to be assigned a random IP, whether they use a staic mapped port or not and traffic on that IP can be looked at by flows and whether the mapping is static or not. You can say, "ah, traffic on mapped port 12345 tells me that belongs to a specific user", but unmapped traffic on port 12678 also belongs to a specific user. and neither flow, just because it's mapped or unmapped, is easier to correlate with a specific VPN tunnel.
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Common misconception. The data has a start, finish, size and the data stream has a structure, regardless of encryption. If you have the encrypted and unencrypted portions of both traffic, they can be matched up.

    Fallacy of human perspective. This is hard for a human to do, because a billion bytes move in a moment. This is trivial for a computer to do. This seems difficult to us, but think about it: How many people are transmitting at relatively the exact same time within a few ms, a similar size, data stream, begin, and finish. At the speed of our eyes, it is impossible. For a computer, you're the only one who looks like the data they are trying to match up.

    No, this true with bad anonymity providers. An observer of both entry and exit traffic cannot trivially correlate streams when multiplexing is employed. Perfect Privacy does not do multiplexing.

    Sigh... It reduces anonymity to pseudonymity. This is why we need that anonymity metric i'm working on.

    It depends on entirely on your point of observation, network access, observer intention, and technical capability. Attribution means not-anonymous. Dedicated ports or dedicated IPs means direct traffic means attribution means not anonymous.

    No. not at all. Fallacy of human perspective. You saw a thousand bits pass in the flash of a moment. A computer saw a thousand bits pass over the period of a trillion years, with each packet slowly moving and lightyears apart from each other. Identification to a computer is trivial. Stop thinking at human-speed. :)


    Now you are getting it! That is why it is PSEUDONYMOUS and NOT ANONYMOUS. PSEUDONYMOUS protection means it might as well be your real IP because I don't get much of an identity with that either... unless I have a warrant to the uplink provider, in which case your pseudonymous identity at PP would link back to your pseudonymous identity at your ISP and link back to your computer. Had you had anonymity, i wouldn't be able to link your anonymous identity back to your pseudonymous real IP address.

    M-M-M-Multiplexing!
     
  10. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    No use for me to keep going on like this, I don't see any way that a mapped ported reduces anonymity over a transient port, and if it does then you can't explain it. So I'm calling end to this discussion on the grounds of futility.
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Hmmm. Let's put it like this: everything's natural state is to be not anonymous. Communication seeks non-anonymity like water flowing down a hill. Things do not naturally become anonymous, it is like a special state of matter that can only be achieved under certain controlled conditions in a nuclear lab. Remove any of those conditions and you have a state that is less than anonymity.

    Port forwarding removes the condition of crowding and reduces the anonymity set from all users down to a single user. This reduction in the anonymity set downgrades the maximum context protection level from anonymous to pseudonymous. This is because the data traveling on the port is merely aliased to a single entity (uncroweded), and cannot be confused with a single stream of data to multiple entities (crowded).

    When you understand the difference between anonymity and pseudonymity, your quest will be over.
     
  12. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Nope, still not doing it. If you have a sniffer on the egress side of the VPN provider then everything coming out can be separated by flows and attributed to a single computer. Just because one flow is on an open port doesn't make it more or less attributable to a single host. If I'm sniffing flows on transient ports aaaaaa/bbbbbb I know that's all traffic from a single computer. If I sniff traffic on a flow on ports ccccc/ddddd and ddddd is an open port I don't get any further information. Give me a scenario with some communications and an eavesdropper with whatever capabilities you want and give me specifics within that scenario, and tell me what further specific information can be gleaned if a port is open, otherwise we're just wasting time here.
     
Loading...
Thread Status:
Not open for further replies.