Will this defeat a global adversary?

Discussion in 'privacy technology' started by Ulysses_, Jan 5, 2013.

Thread Status:
Not open for further replies.
  1. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Let's say all traffic in the world is monitored and recorded by a three letter agency. Any attempt at anonymity against this global adversary is hopeless with TOR, as traffic timing will eventually reveal to the global adversary who connects where.

    However, what if everybody sends streams of random data to each other continuously, and the actual data is encapsulated within these streams when the data is to be transmitted. If the servers know where the data starts and ends within each stream, does the global adversary know that too, and can therefore break the anonymity by timing comparisons?

    Surely the adversary cannot own ALL servers in the world but only a percentage, given a percentage A% how many hops are enough to reduce the probability of the anonymity being broken to 1 in a 1000 or less?
     
    Last edited: Jan 5, 2013
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,423
    Seriously, if your wanted by a three letter agency it's time to get off the internet and head into the mountains. Can they break TOR? Most likely. Can they break encryption? Most likely.

    If you want anonymity turn off your PC .
     
  3. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    I'm not wanted, it's just a technical challenge. Why won't what I suggested work?
     
  4. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Because they can systematically place nodes around people of interest to see if its you, until they move their node cluster on top of you, see your data and confirm its you.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    The level of padding required for constant traffic among all nodes would be impractical. Also, adding new nodes would be complicated, and trivially detectable.

    That said, it seems that the Tor Project is considering better padding. See -http://www.mail-archive.com/tor-bugs@lists.torproject.org/msg27756.html- for example.

    The best defence against timing attacks is high latency.
     
  6. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    An additional layer or four might be added:
    Layer 1 - utilise several WiFi nodes beaming from the originating computer to Access Point 1 then to another on a different network and then another etc. (Keep in mind the distance record for WiFi is over 380km/237mi. at a sustained 3Mbs.)
    Layer 2 - utilise a small programme which delays by random time each transmittal from the originating computer.
    Layer 3 - optionally be connected to more than one network at a time and transmit only some requests through each switching networks often
    Layer 4 - utilise a different cryptographic algorithm for each transmittal having arranged for syncing with the receiving points ahead of time (each receiving point would switch encryption methods and codes often and each being very long)
     
  7. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,423
    What you want can't be achieved easily. you need lots of money which I doubt you have. Even the best hackers get caught, so with that in mind tread carefully. I might add the world is a very nasty place, so use the information you learn carefully.

    I'm all for open discussion, everything should be open for discussion but these threads give people false ideas about anonymity and privacy.
     
  8. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    Are criminal botnets any harder than TOR for a global adversary to investigate/de-anonymize?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Not at all.

    The latest most-hidden botnets use Tor ;)
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Let's say this is not correct (i.e. science fiction). And that's it.
    Problem solved.
    Mrk
     
  11. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    If a global adversary exists, then why haven't all criminal botnets been de-anonymized and their operators arrested?

    Perhaps because botnets are run by the same criminals that run most governments behind the scenes.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hanlon's razor: Never attribute to malice that which can be adequately explained by stupidity.

    Conspiracies do not work because people are plain incompetent, hence the conspiracies.

    Mrk
     
  13. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    And what is the stupidity explanation for botnet operators not getting caught pronto despite claims in this thread that anonymity is hopeless against a global adversary, what is the explanation for that?

    Global adversary not interested in criminals but all citizens?
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    It is your claim, and it is incorrect. If you think government clerks anywhere have the means to pull off anything more than getting confused by how to print their documents, you are deluding yourself, hence the razor. Conspiracies cannot work because if the sheet stupidity of everyone involved.

    I'm done debating implausible whatifs.

    Mrk
     
  15. Ulysses_

    Ulysses_ Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    207
    You are not debating, you are just saying things that apply to another universe or something: technically hopeless clerks in charge of tracking internet criminals? Not common sense in this world.
     
    Last edited: Jan 7, 2013
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    TLAs aka "global adversaries" obviously do exist. But their capabilities, while undoubtedly massive, are highly uncertain. And that's very intentional. They are very cautious about disclosing anything that reveals their capabilities, and/or limitations in them. I doubt that breaking up criminal botnets would be worth the risk, unless those botnets were working for strategic opponents.
     
  17. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,423
    Operation "Olympic Games" proves they have the will, the money to do covert operations or conduct cyber war.

    Now Government may be the image of inefficiency but if it's one thing they have been doing for years and has served them well is to hire out to contractors.

    Which they likely did in operation "Olympic Games"
     
  18. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Anyone who thinks that 3-letter agencies (both U.S agencies and their foreign counterparts, many of whom play nice with ours) don't have the capability to tap most, if not all electronic signals and networks, they're living in past times. The only thing really keeping it at bay is the same thing that started it, politics. Conspiracy theories, well, they are what they are, and most are BS. But surveillance by these agencies is not one of them. One only needs to remember AT&T to know they're very interested and capable of doing a lot. Also, one needs to remember that on Facebook alone resides a bit over 1 billion people..in a world of a little over 7 billion (without getting into the fake account numbers). That's a lot of data in one place and these agencies are crawling all over FB. Why is warrant-less wiretapping so hard to get out of law? It's probably because these agencies are doing the pushing behind the scenes for one thing, for another the locked off server rooms that were found in AT&T have more likely than not been built at other large ISPs as well (smaller ISPs being much easier to get to cooperate with them). Am I NSA? No I'm not. But it would make no sense to tap AT&T and not others.

    Olympic Games is a genius move, and is likely a testing ground of sorts for upcoming operations. Cyber-warfare has been going on for some time, even before Stuxnet came along. But Stuxnet enabled and the lessons from it will enable warfare to change drastically. The whole "clerk" argument means nothing here, as the men and women behind these operations are no clerks. Government as a whole can be stupid and knee-jerk reactive, but the truly smart ones that don't get scandals named after them or show up on CNN, they can change the game. There are no real technological roadblocks in the way, just the political risk involved. For now, some of this can be avoided by using nothing but VPNs/TOR (hoping the VPNs don't get spooked by threats and you don't run into any bad TOR nodes). But we have no guarantees this will be true 5, 10 years from now. Are they "after" everyone? No, not at all. But that doesn't mean they don't have the ability if they want it. Really the tech we as users are embracing has done more to assist them than any new toy the NSA or DARPA has come up with. If you think about it, they don't have to try especially hard now to get the data they may want.
     
    Last edited: Jan 7, 2013
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    https://www.wilderssecurity.com/tos.php
     
Loading...
Thread Status:
Not open for further replies.