SLIDE 1
1
2
Motivation
- China blocks Wikipedia; Wikipedia
blocks Tor edits.
- Thousands(?) of Tor users would like
to edit Wikipedia but can't.
- (I'm not saying you must allow Tor
Tor and Wikipedia Roger Dingledine The Free Haven Project 1 - - PowerPoint PPT Presentation
Tor and Wikipedia Roger Dingledine The Free Haven Project 1 - - PowerPoint PPT Presentation
Tor and Wikipedia Roger Dingledine The Free Haven Project 1 Motivation China blocks Wikipedia; Wikipedia blocks Tor edits. Thousands(?) of Tor users would like to edit Wikipedia but can't. (I'm not saying you must allow Tor edits
SLIDE 2
SLIDE 3
3
We have to make some assumptions about what the attacker can do.
Alice Anonymity network Bob watch (or be!) Bob! watch Alice! Control part of the network! Etc, etc.
SLIDE 4
4
Anonymity serves different interests for different user groups.
Anonymity Private citizens Governments Businesses “It's privacy!”
SLIDE 5
5
Anonymity serves different interests for different user groups.
Anonymity Private citizens Governments Businesses “It's network security!” “It's privacy!”
SLIDE 6
6
Anonymity serves different interests for different user groups.
Anonymity Private citizens Governments Businesses “It's traffic-analysis resistance!” “It's network security!” “It's privacy!”
SLIDE 7
7
The simplest designs use a single relay to hide connections.
Bob2 Bob1 Bob3 Alice2 Alice1 Alice3 Relay Bob3,“X” Bob1, “Y” B
- b
2 , “ Z ” “Y” “Z” “X” (ex: some commercial proxy providers)
SLIDE 8
8
So, add multiple relays so that no single one can betray Alice.
Bob Alice R1 R2 R3 R4 R5
SLIDE 9
9
Alice makes a session key with R1
Bob Alice R1 R2 R3 R4 R5
SLIDE 10
10
Alice makes a session key with R1 ...And then tunnels to R2
Bob Alice R1 R2 R3 R4 R5
SLIDE 11
11
Alice makes a session key with R1 ...And then tunnels to R2...and to R3
Bob Alice R1 R2 R3 R4 R5
SLIDE 12
12
Can multiplex many connections through the encrypted circuit
Bob Alice R1 R2 R3 R4 R5 Bob2
SLIDE 13
13
Some problems with IP addresses as authenticators
- AOL has a dozen IP addresses.
- Open proxies, misconfigured computers,
botnets, ...
- Dynamic IPs
- Universities (and countries!) with only a few IP
addresses
- Tor
SLIDE 14
14
SLIDE 15
15
Tor and Abuse
- Tor has hundreds of thousands of active users
these days, and pushes >600Mbps of traffic, mostly web browsing.
- We have our share of jerks, just like the Internet
in general.
- If an anonymity system works well, nobody hears
about it. So “hearsay” is not on our side.
SLIDE 16
16
Bug 550 and its solution (Thanks Tim!)
- Two new config options:
For some IP addresses,
–Let people edit, but only if they're
logged in.
–Don't let people create new accounts.
SLIDE 17
17
Still some problems
- People can create accounts
elsewhere and “spend” them at
- nce.
- People who don't have unblocked
IPs still lose.
SLIDE 18
18
Key concept
- Add speedbumps only for blocked IPs.
Yes, IP addresses can give you a hint, but they're not authenticators.
- 1) edits need to prove that they're
worthwhile; or better,
- 2) accounts need to prove that they're
worthwhile.
SLIDE 19
19
But slowing down users is bad!
- AKA: “it's hard to do CAPTCHAs
that work for blind people”
- You're blocking them completely
right now. At least this way, we let some of them edit.
SLIDE 20
20
How much abuse then?
- “But there will be so much abuse to wade
through, this can't possibly work.”
- If the abuse doesn't go directly to the