Anonymous CommunicationMartijn Terpstra & Max Tijssen
Introduction1. Definition of anonymity
2. Reasons
3. Problems
4. Legal issues and implications
5. PETs
6. Crowds
7. I2P
Definition of anonymity
● The state or quality of being anonymous (Dictonary.com).
● Level of anonymity
Definition of anonymity● Anonymity vs pseudonymity
● K - anonymity (Harvard)
● Untraceability
● Unlinkability
Uses of AC
Uses of AC
- Privacy protection- Bypassing oppressive regimes- Whistleblowers (Wikileaks, Snowden)
Uses of AC
- Ability to discuss taboo subjects- Cybercrime (Silk Road)
Issues with AC
● Law enforcement
● Legitimate aims of service providers
● Lack of repercussions for the users
Legal issues and implications
● Certain rights have to be constrained in a society
● Untraceable and unreadable communication
● Produces legal issues and solutions
Art 8. Convention of Fundamental Rights of the European Union
Article 8 – Right to respect for private and family life1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in
accordance with the law and is necessary in a democratic society in the interests of national security, public
safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of
health or morals, or for the protection of the rights and freedoms of others.
Whistleblower laws● Recommendation CM/Rec(2014)7 on the protection of whistleblowers
● Council of europe. Not european union! Up to members how and if to implement.
12. The national framework should foster an environment that encourages reporting or disclosure in an open manner. Individuals should feel safe to freely raise public interest concerns.
18. Whistleblowers should be entitled to have the confidentiality of their identity maintained, subject to fair trial guarantees.
Implementation whistleblower legislation
● Dutch (Adviespunt klokkenluiders)○ Anonymous whistleblowing strongly discouraged. Information received
from such a source has lower chance of being acted on.
● UK○ Not (or less likely) protected by Public Interest Disclosure Act
● Portugal○ Anonymity waived if a suspected person is charged.
Data Retention DirectiveArticle 3
Obligation to retain data
1. By way of derogation from Articles 5, 6 and 9 of Directive
2002/58/EC, Member States shall adopt measures to ensure that
the data specified in Article 5 of this Directive are retained in
accordance with the provisions thereof, to the extent that those
data are generated or processed by providers of publicly available
electronic communications services or of a public communica-
tions network within their jurisdiction in the process of supply-
ing the communications services concerned.
Data Retention Directive1. Member States shall ensure that the following categories of
data are retained under this Directive:
(a) data necessary to trace and identify the source of acommunication
(b) data necessary to identify the destination of acommunication
(f) data necessary to identify the location of mobile communi-
cation equipment:
2. No data revealing the content of the communication may be
retained pursuant to this Directive.
Legislation changesHow to deal with anonymity?
● French law (proposed but not enacted)○ Force people to register with their true identity
● US○ U.S. Supreme Court Justice Scalia :“The very purpose of anonymity is
to facilitate wrong by eliminating accountability”[Framkin 1995]. ● UK
○ Banning Tor is neither acceptable nor technically feasible● Sweden
○ Service providers only responsible if messages are clearly illegal.
PETs
Server based Peer to Peer
TOR GNUnet
Crowds I2P
ShadowWalker
Freenet
NetCamo
Crowds
- Users are grouped into crowds- Provides k-anonymity
Crowds
- A user is represented as a Jondo- Jondos contact a server called a Blender- Once a Blender has formed a crowd of
random users, the Blender informs the Jondo's of the crowd they are in
Crowds
- A Jondo will then send his request to a random user in the crowd (possibly himself)
- Any Jondo receiving a request will randomly either send it to yet another Jondo or send it to its destination
- Encryption of messages between Jondos with a key shared by only those two Jondos
Crowds
- The endpoint does not know the origin of a request
- Malicious users could do a denial of service attack
I2P
- Invisible Internet Project- Layered encryption- Garlic routing
I2P
- Mostly focused on hidden services
- Both sender and receiver are anonymous
I2P
- Unidirectional tunnels
- Each node build an inbound and outbound tunnel
Tunnels
- All tunnels are unidirectional- Each party builds 2 tunnels, one inbound,
one outbound- Tunnel creators may use any peers in the
network in any order (and even any number of times) in a single tunnel
I2P
I2P
- Communication through garlic messages- Multiple garlic cloves can be combined into a
single garlic message- Each garlic cloves comes with its own
delivery instructions
Tunnel creation
- List of peers is made based on speed and capacity, updated regularly
- Client picks top tier peers randomly for tunnel creation
Servers
- Identified by cryptographic keys- No DNS
NetDB
- NetDb is distributed via the floodfill algorithm- Floodfill routers- RouterInfos- LeaseSets
RouterInfo
- The router's identity- The contact addresses- When this was published- A set of arbitrary text options- The signature of the above, generated by
the identity's DSA signing key
LeaseSet
- documenting a group of tunnel entry points (leases) for a particular client destination.- The tunnel gateway router (by specifying its identity)- The tunnel ID on that router to send messages with (a 4 byte number)- When that tunnel will expire.
I2P compared to tor
- I2P is designed for hidden services- Unidirectional tunnels- No clear distinction between client and
server- Less popular (k-anonymity), not much
research compared to tor
Conclusion
AC has many uses, both legitimate and illegitimate.
Produces and helps with legal issues.
Many different PETs, all with their own advantage and disadvantages.
TOR refresher- Uses layered encryption to pass through several nodes before reaching destination
- With enough nodes (3) between start and end no single node knows both the start and end.
TOR refresher
- Prevent man in the middle sniffing
- Hides identity
- Uses own protocol: use of tor is obvious to third party
- End point vulnerability
- (Perhaps explanation of current technical attacks)