Piercing network anonymity in real time

leichter_jerrold at emc.com leichter_jerrold at emc.com
Mon May 15 13:14:01 EDT 2006 

| >       The Locate appliance sits passively on the network and
| >       analyzes packets in real time to garner ID info from sources
| >       like Active Directory, IM and e-mail traffic, then associates
| >       this data with network information.
| 
| This is really nothing new -- I've been seeing systems like these,
| though home brewed, in use for years. The availability of good tools as
| a foundation (things like Snort, the layer7 iptables patch, and so on)
| makes building decent layer 8 inference not far from trivial. Calling
| this "piercing network anonymity in real time" is highly misleading; in
| reality, it's more like "making it bloody obvious that there's no such
| thing as network anonymity".
| 
| The best one can hope for today is a bit of anonymous browsing and IM
| with Tor, and that only insofar as you can trust a system whose single
| point of failure -- the directory service -- was, at least until
| recently, Roger's personal machine sitting in an MIT dorm room.
There's a difference between "can be done by someone skilled" and
"your IT can buy a box and have it running on your network this
afternoon".  The first basically means that most people, most of
the time, effectively have anonymity because it isn't worth anyone's
bother to figure out what they are up to.  With the second, information
about who you are, who you talk to, etc., etc., becomes a commodity -
a very *cheap* commodity.  "Safety in numbers" disappears.

It's always been possible to go to town hall and look up public records
like deeds - which often contain things like Social Security numbers,
bank account  numbers, etc.  Skilled experts - PI's - have made use of
this information for years.  There's no difference, in principle, when
that some information goes up on the web.  But that's not how most
people feel about it.
							-- Jerry


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list