[Cryptography] Anonymous messaging [was: Email is securable within a coterie]

Sat Dec 7 18:21:37 EST 2013

On 07/12/2013 21:26, Ben Laurie wrote:
>
> You mean anonymity of using TOR is becoming desirable, surely? Because
> everyone is accessing the network.

Yes, in the general sense of accessing any anonymity service 
(including remailers, not only TOR).  I'd used the word 'network' in 
the sense of the 'service' (Tor network, remailer network, etc).

Simply meant that *anonymity* of *accessing* TOR, or the 1st remailer 
in a chain, is becoming desirable [because the first server could be a 
honeypot and reveals the IP address of the accessor, and IP address 
leads to substantially more identifying leakage].

May I add this next clarification, simply because readers of this 
public list have varying depths of experience with security and 
anonymity, and may not be aware of the underlying issues?  TOR and 
remailers attempt to solve the problem of anonymous deposition of 
messages or website access, by routing randomly through other servers. 
  The use of multiple links in a TOR or remailer chain was 
(historically) assumed to make more difficult any association between 
(i) access to the first server, and (ii) the exit node.  But either, 
or both, of the entry and exit servers of that service may themselves 
be honeypots, and, moreover, capable of sharing their traffic data - 
even if operated by different entities - thus facilitating 
identification of the source of anonymous traffic.

The TOR project, in their documentation, makes this risk very clear. 
While it has always been possible for honeypots to masquerade as 
genuine severs, as TOR project explains, it is becoming clear that 
traffic analysis across different honeypots operated by different 
entities is quite possible.  This increases substantially the 
effectiveness of traffic analysis to identify the sources of anonymous 
website accesses or message deposits, etc.

If anonymity is a goal, the anonymity of *use* of such schemes may be 
desirable, to try to protect against that type of traffic analysis. 
Whereas the use of such services is (relatively) easy to achieve, I 
was thinking about whether anonymous access to the first server, 
however desirable, might or might not be attainable.  As already 
mentioned, installing the 1st server on one's own machine might be a 
way forward, but at a security loss.  The opportunity for random 
traffic routing through the remainder of the network is reduced, 
perhaps substantially.  For example, TOR, as I understand it, only 
uses 3 nodes including entry and exit so, when hosting one's own entry 
server, one's own traffic would only be randomly routed through the 
last 2 servers, instead of through a randomly-selected 3 servers, and 
hence might perhaps be more susceptible to traffic analysis.

Back to the topic; yes, I meant access to the anonymising service, 
rather than access to the network, in the internet-wide sense, which 
as you say everyone is accessing.

regards, Ron