Anonymous CommunicationMartijn Terpstra & Max Tijssen

Introduction1. Definition of anonymity

2. Reasons

3. Problems

4. Legal issues and implications

5. PETs

6. Crowds

7. I2P

Definition of anonymity

● The state or quality of being anonymous (Dictonary.com).

● Level of anonymity

Definition of anonymity● Anonymity vs pseudonymity

● K - anonymity (Harvard)

● Untraceability

● Unlinkability

Uses of AC

Uses of AC

- Privacy protection- Bypassing oppressive regimes- Whistleblowers (Wikileaks, Snowden)

Uses of AC

- Ability to discuss taboo subjects- Cybercrime (Silk Road)

Issues with AC

● Law enforcement

● Legitimate aims of service providers

● Lack of repercussions for the users

Legal issues and implications

● Certain rights have to be constrained in a society

● Untraceable and unreadable communication

● Produces legal issues and solutions

Art 8. Convention of Fundamental Rights of the European Union

Article 8 – Right to respect for private and family life1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in

accordance with the law and is necessary in a democratic society in the interests of national security, public

safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of

health or morals, or for the protection of the rights and freedoms of others.

Whistleblower laws● Recommendation CM/Rec(2014)7 on the protection of whistleblowers

● Council of europe. Not european union! Up to members how and if to implement.

12. The national framework should foster an environment that encourages reporting or disclosure in an open manner. Individuals should feel safe to freely raise public interest concerns.

18. Whistleblowers should be entitled to have the confidentiality of their identity maintained, subject to fair trial guarantees.

Implementation whistleblower legislation

● Dutch (Adviespunt klokkenluiders)○ Anonymous whistleblowing strongly discouraged. Information received

from such a source has lower chance of being acted on.

● UK○ Not (or less likely) protected by Public Interest Disclosure Act

● Portugal○ Anonymity waived if a suspected person is charged.

Data Retention DirectiveArticle 3

Obligation to retain data

1. By way of derogation from Articles 5, 6 and 9 of Directive

2002/58/EC, Member States shall adopt measures to ensure that

the data specified in Article 5 of this Directive are retained in

accordance with the provisions thereof, to the extent that those

data are generated or processed by providers of publicly available

electronic communications services or of a public communica-

tions network within their jurisdiction in the process of supply-

ing the communications services concerned.

Data Retention Directive1. Member States shall ensure that the following categories of

data are retained under this Directive:

(a) data necessary to trace and identify the source of acommunication

(b) data necessary to identify the destination of acommunication

(f) data necessary to identify the location of mobile communi-

cation equipment:

2. No data revealing the content of the communication may be

retained pursuant to this Directive.

Legislation changesHow to deal with anonymity?

● French law (proposed but not enacted)○ Force people to register with their true identity

● US○ U.S. Supreme Court Justice Scalia :“The very purpose of anonymity is

to facilitate wrong by eliminating accountability”[Framkin 1995]. ● UK

○ Banning Tor is neither acceptable nor technically feasible● Sweden

○ Service providers only responsible if messages are clearly illegal.

PETs

Server based Peer to Peer

TOR GNUnet

Crowds I2P

ShadowWalker

Freenet

NetCamo

Crowds

- Users are grouped into crowds- Provides k-anonymity

Crowds

- A user is represented as a Jondo- Jondos contact a server called a Blender- Once a Blender has formed a crowd of

random users, the Blender informs the Jondo's of the crowd they are in

Crowds

- A Jondo will then send his request to a random user in the crowd (possibly himself)

- Any Jondo receiving a request will randomly either send it to yet another Jondo or send it to its destination

- Encryption of messages between Jondos with a key shared by only those two Jondos

Crowds

- The endpoint does not know the origin of a request

- Malicious users could do a denial of service attack

I2P

- Invisible Internet Project- Layered encryption- Garlic routing

I2P

- Mostly focused on hidden services

- Both sender and receiver are anonymous

I2P

- Unidirectional tunnels

- Each node build an inbound and outbound tunnel

Tunnels

- All tunnels are unidirectional- Each party builds 2 tunnels, one inbound,

one outbound- Tunnel creators may use any peers in the

network in any order (and even any number of times) in a single tunnel

I2P

I2P

- Communication through garlic messages- Multiple garlic cloves can be combined into a

single garlic message- Each garlic cloves comes with its own

delivery instructions

Tunnel creation

- List of peers is made based on speed and capacity, updated regularly

- Client picks top tier peers randomly for tunnel creation

Servers

- Identified by cryptographic keys- No DNS

NetDB

- NetDb is distributed via the floodfill algorithm- Floodfill routers- RouterInfos- LeaseSets

RouterInfo

- The router's identity- The contact addresses- When this was published- A set of arbitrary text options- The signature of the above, generated by

the identity's DSA signing key

LeaseSet

- documenting a group of tunnel entry points (leases) for a particular client destination.- The tunnel gateway router (by specifying its identity)- The tunnel ID on that router to send messages with (a 4 byte number)- When that tunnel will expire.

I2P compared to tor

- I2P is designed for hidden services- Unidirectional tunnels- No clear distinction between client and

server- Less popular (k-anonymity), not much

research compared to tor

Conclusion

AC has many uses, both legitimate and illegitimate.

Produces and helps with legal issues.

Many different PETs, all with their own advantage and disadvantages.

TOR refresher- Uses layered encryption to pass through several nodes before reaching destination

- With enough nodes (3) between start and end no single node knows both the start and end.

TOR refresher

- Prevent man in the middle sniffing

- Hides identity

- Uses own protocol: use of tor is obvious to third party

- End point vulnerability

- (Perhaps explanation of current technical attacks)