Free Software, Free Internet, Anonymity & Tor Andrew Lewman - - PowerPoint PPT Presentation

free software free internet anonymity tor
SMART_READER_LITE
LIVE PREVIEW

Free Software, Free Internet, Anonymity & Tor Andrew Lewman - - PowerPoint PPT Presentation

Sep 10, 2023 408 likes •933 views

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb 2011 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how

slide-1
SLIDE 1

Free Software, Free Internet, Anonymity & Tor

Andrew Lewman andrew@torproject.org 24 Feb 2011

slide-2
SLIDE 2

What is anonymity?

slide-3
SLIDE 3

Anonymity isn’t cryptography

  • Cryptography protects the contents in transit
  • You still know who is talking to whom, how often, and how

much data is sent.

  • This is the core of traffic analysis.
slide-4
SLIDE 4

Anonymity isn’t steganography

Attacker can tell Alice is talking to someone, how often, and how much data is sent.

slide-5
SLIDE 5

Anonymity isn’t just wishful thinking...

  • ”You can’t prove it was me!”
slide-6
SLIDE 6

Anonymity isn’t just wishful thinking...

  • ”You can’t prove it was me!”
  • ”Promise you won’t look”
slide-7
SLIDE 7

Anonymity isn’t just wishful thinking...

  • ”You can’t prove it was me!”
  • ”Promise you won’t look”
  • ”Promise you won’t remember”
slide-8
SLIDE 8

Anonymity isn’t just wishful thinking...

  • ”You can’t prove it was me!”
  • ”Promise you won’t look”
  • ”Promise you won’t remember”
  • ”Promise you won’t tell”
slide-9
SLIDE 9

Anonymity isn’t just wishful thinking...

  • ”You can’t prove it was me!”
  • ”Promise you won’t look”
  • ”Promise you won’t remember”
  • ”Promise you won’t tell”
  • ”I didn’t write my name on it!”
slide-10
SLIDE 10

Anonymity isn’t just wishful thinking...

  • ”You can’t prove it was me!”
  • ”Promise you won’t look”
  • ”Promise you won’t remember”
  • ”Promise you won’t tell”
  • ”I didn’t write my name on it!”
  • ”Isn’t the Internet already anonymous?”
slide-11
SLIDE 11

..since ”weak” isn’t anonymity.

  • ”You can’t prove it was me!” Proof is a very strong word.

Statistical analysis allows suspicion to become certainty.

slide-12
SLIDE 12

..since ”weak” isn’t anonymity.

  • ”You can’t prove it was me!” Proof is a very strong word.

Statistical analysis allows suspicion to become certainty.

  • ”Promise you won’t look/remember/tell” Will other parties

have the abilities and incentives to keep these promises?

slide-13
SLIDE 13

..since ”weak” isn’t anonymity.

  • ”You can’t prove it was me!” Proof is a very strong word.

Statistical analysis allows suspicion to become certainty.

  • ”Promise you won’t look/remember/tell” Will other parties

have the abilities and incentives to keep these promises?

  • ”I didn’t write my name on it!” Not what we’re talking about.
slide-14
SLIDE 14

..since ”weak” isn’t anonymity.

  • ”You can’t prove it was me!” Proof is a very strong word.

Statistical analysis allows suspicion to become certainty.

  • ”Promise you won’t look/remember/tell” Will other parties

have the abilities and incentives to keep these promises?

  • ”I didn’t write my name on it!” Not what we’re talking about.
  • ”Isn’t the Internet already anonymous?” Nope!
slide-15
SLIDE 15

Anonymous communication

  • People have to hide in a crowd of other people (”anonymity

loves company”)

  • The goal of the system is to make all users look as similar as

possible, to give a bigger crowd

  • Hide who is communicating with whom
  • Layered encryption and random delays hide correlation

between input traffic and output traffic

slide-16
SLIDE 16

Low versus High-latency anonymous communication systems

  • Tor is not the first system; ZKS, mixmaster, single-hop

proxies, Crowds, Java Anon Proxy.

  • Low-latency systems are vulnerable to end-to-end correlation

attacks.

  • High-latency systems are more resistant to end-to-end

correlation attacks, but by definition, less interactive.

slide-17
SLIDE 17

Low-latency systems are generally more attractive to today’s user

  • Interactive apps: web, instant messaging, VOIP, ssh, X11,

cifs/nfs, video streaming (millions of users)

  • Multi-hour delays: email, nntp, blog posting? (tens of

thousands of users?)

slide-18
SLIDE 18

Low-latency systems are generally more attractive to today’s user

  • Interactive apps: web, instant messaging, VOIP, ssh, X11,

cifs/nfs, video streaming (millions of users)

  • Multi-hour delays: email, nntp, blog posting? (tens of

thousands of users?)

  • And if anonymity loves company...
slide-19
SLIDE 19

What is Tor?

  • online anonymity, circumvention software and network
  • open source, free software (BSD 3-clause & GPLv2 licenses)
slide-20
SLIDE 20

What is Tor?

  • online anonymity, circumvention software and network
  • open source, free software (BSD 3-clause & GPLv2 licenses)
  • active research environment:

Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston U, Harvard, MIT, RPI, GaTech

slide-21
SLIDE 21

What is Tor?

  • online anonymity, circumvention software and network
  • open source, free software (BSD 3-clause & GPLv2 licenses)
  • active research environment:

Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston U, Harvard, MIT, RPI, GaTech

  • increasingly diverse toolset:

Tor, Torbutton, Tor Browser Bundle, TAILS LiveCD/USB, Tor Weather, Tor auto-responder, Secure Updater, Orbot/Orlib, Tor Check, Arm, Nymble, Tor Control, Metrics, TorBEL, etc...

slide-22
SLIDE 22

Who is The Tor Project, Inc?

The 501(c)(3) non-profit

  • rganization dedicated to the

research and development of tools for online anonymity and privacy

slide-23
SLIDE 23

Tor is a low-latency anonymity system

  • Based on technology developed in the Onion Routing project
  • Privacy by design, not by policy (no data collected)
  • Commonly used for web browsing and instant messaging

(works for any TCP traffic)

  • Originally built as a pure anonymity system (hides who is

talking to whom)

  • Now designed to resist censorship too (hides whether someone

is using the system at all)

  • Centralized directory authorities publish a list of all servers
slide-24
SLIDE 24

Tor code stats

stats from ohloh.net

slide-25
SLIDE 25

Tor code stats

stats from ohloh.net

slide-26
SLIDE 26

Tor hides communication patterns by relaying data through volunteer servers

Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node

Tor Network

Web server Tor user

Diagram: Robert Watson

slide-27
SLIDE 27

Tor hides communication patterns by relaying data through volunteer servers

Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node

Tor Network

Web server Tor user

Tor Node Tor Node Tor Node Exit node Entry node Middle node

Diagram: Robert Watson

slide-28
SLIDE 28

Tor hides communication patterns by relaying data through volunteer servers

Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node

Tor Network

Web server Tor user

Encrypted tunnel Unencrypted TCP Tor Node Tor Node Tor Node Exit node Entry node Middle node

Diagram: Robert Watson

slide-29
SLIDE 29

Tor hides communication patterns by relaying data through volunteer servers

Diagram: Robert Watson

slide-30
SLIDE 30

Vidalia Network Map

slide-31
SLIDE 31

Measuring the Tor Network

  • Measuring metrics anonymously
  • NSF grant to find out
  • Archive of hourly consensus, ExoneraTor, VisiTor
  • Metrics portal:

https://metrics.torproject.org/

slide-32
SLIDE 32

How many people use Tor?

It’s an anonymity system.

slide-33
SLIDE 33

How many people use Tor?

It’s an anonymity system.

slide-34
SLIDE 34

Seriously, how many people use Tor?

slide-35
SLIDE 35

How is Tor different from other systems?

slide-36
SLIDE 36

How is Tor different from other systems?

slide-37
SLIDE 37

How is Tor different from other systems?

slide-38
SLIDE 38

Hidden services allow privacy enhanced hosting

slide-39
SLIDE 39

Did you catch that url?

slide-40
SLIDE 40

Hidden services, in text

  • Distributed Hash Table (DHT) Directory
slide-41
SLIDE 41

Hidden services, in text

  • Distributed Hash Table (DHT) Directory
  • Rendezvous points
slide-42
SLIDE 42

Hidden services, in text

  • Distributed Hash Table (DHT) Directory
  • Rendezvous points
  • Anonymity for both the server and client
slide-43
SLIDE 43

Operating Systems leak info like a sieve

  • Applications, network

stacks, plugins, oh my....

slide-44
SLIDE 44

Operating Systems leak info like a sieve

  • Applications, network

stacks, plugins, oh my.... some call this ”sharing”

slide-45
SLIDE 45

Operating Systems leak info like a sieve

  • Applications, network

stacks, plugins, oh my.... some call this ”sharing”

  • Did you know Microsoft

Word and OpenOffice Writer are browsers?

slide-46
SLIDE 46

Operating Systems leak info like a sieve

  • Applications, network

stacks, plugins, oh my.... some call this ”sharing”

  • Did you know Microsoft

Word and OpenOffice Writer are browsers?

  • www.decloak.net is a

fine test

slide-47
SLIDE 47

Mobile Operating Systems

  • Entirely new set of challenges for something designed to know

where you are at all times.

  • Orbot: Tor on Android.

https://guardianproject.info/apps/

  • Tor on iphone, maemo/meego, symbian, etc
  • Tor on Windows CE, http://www.gsmk.de as an example.
  • Guardian Project, https://guardianproject.info/
slide-48
SLIDE 48

How can coding help?

slide-49
SLIDE 49

How to get involved?

https://torproject.org/volunteer

slide-50
SLIDE 50

Supporters

slide-51
SLIDE 51

Credits

  • Thank you to Steven J. Murdoch,

http://www.cl.cam.ac.uk/users/sjm217/, for the research and basis for the latter parts of the presentation.

  • Photographer and Diagram credits as listed throughout the

presentation.