[Pearg] About hiding in crowds

Christian Huitema <huitema@huitema.net> Mon, 10 August 2020 23:25 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 657BB3A0E64 for <pearg@ietfa.amsl.com>; Mon, 10 Aug 2020 16:25:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGPyBLHqOPOJ for <pearg@ietfa.amsl.com>; Mon, 10 Aug 2020 16:25:06 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D82D33A0E66 for <pearg@irtf.org>; Mon, 10 Aug 2020 16:24:58 -0700 (PDT)
Received: from xse297.mail2web.com ([66.113.197.43] helo=xse.mail2web.com) by mx165.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1k5H9r-0004KV-RQ for pearg@irtf.org; Tue, 11 Aug 2020 01:24:49 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4BQX9g6BS2z1xXB for <pearg@irtf.org>; Mon, 10 Aug 2020 16:24:39 -0700 (PDT)
Received: from [10.5.2.17] (helo=xmail07.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1k5H9j-00031v-OU for pearg@irtf.org; Mon, 10 Aug 2020 16:24:39 -0700
Received: (qmail 8342 invoked from network); 10 Aug 2020 23:24:39 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.61]) (envelope-sender <huitema@huitema.net>) by xmail07.myhosting.com (qmail-ldap-1.03) with ESMTPA for <pearg@irtf.org>; 10 Aug 2020 23:24:39 -0000
To: pearg@irtf.org
References: <f49c190e-91a8-eaba-5069-4f39b95c75f6@cs.tcd.ie> <b8ab4ccf-ed8a-7b2b-c36d-bfb240aca54b@cs.tcd.ie>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
Message-ID: <f6807aed-d494-4020-4d75-dcf73ad22d4f@huitema.net>
Date: Mon, 10 Aug 2020 16:24:32 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <b8ab4ccf-ed8a-7b2b-c36d-bfb240aca54b@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="YtLBW90hKMSJwbIfv4iL3UbGp751ZjBLx"
X-Originating-IP: 66.113.197.43
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0X2OOYwfFINEXkW0Te3GMuqpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDpaUm5TrTL2ku6BQx2IM1+5j9 EvBvwu01uVCaGVBWGquMGjp8gKynRFO2CQGaTIUu2rBNMmEsKEibQwSU1xBeOHButNDpi1WUXRkr He1vFsZaZad0VL/QynhFAlbT36L8hojBTalhRrscvN0XVCh+owZ6weYgSzquK2hxskqXvy8woCTx LKweTbuJ+19zsyHVGVmhMAaQ/AfCRwRe7yHm5oY+NYmsSGn+svMubxnbgm1cr18FZBEPC2/c16Xd 7sC9aC4xteE1WLqGS9YoqrsZ2DyteN0e+ECCv9/f+GPymkgDVo7QBKA4MctKq4ifYPcXFRL2K3LA EfDXVOdt7wDbusYnuEVWSxKMHbU0zkNM3EElFDaoLuOPKc8gc82pKfhB7T02ZXdoQxMs//iOE4Fl hiCv9TR+UxzLZWL8hwGBjhoI3W+YcuHfP5PkZb5A+wE5qGdpH54Oa3V8I76VOEvlwIVUdYndRiyh yQb8o5SNcNSytLldAWwOQdWXiOxaYDn+YptwQTuNgu0Qw+gDHkw/H8pXXdczUFV19XHNrAd2Zgkv UwPy3x0FYtCNEb10sHyQCLHEvD1OqP6bgZ4L66GcgBg66gs5OuzYxJgw5atIxeNDvjI/CYe5WPy0 +t1RP0az5OdpVfxYhVwU7WTgoOzTmJxMPnetLBJMh51NiRRoHIBcx+RfJhharlTKaH22UolymiK7 x42VjdzChZMe6O/DiWiiIzuXMTE3l4bIsk+O50uj4V5kDYvgqzRsCpJnLzRD08QV3No+S2msRDep v5w/kkG0v17AmegcpQ0tml/sN9lmMy/o83jVXTcfb9k0nLWblJy7uxV6dw8jzlsaNZe6hynMJcjx DydxsJEju76A7X1QIVydqXpZ6MHhiKws9Iiut28r9wo4SqUIg8Yh9hAM0n3LLzx/F2gT3wl8JQJv Bho=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/0vZWzuD8RAiDR9GlhBMyGuuV_5I>
Subject: [Pearg] About hiding in crowds
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 23:25:15 -0000

A lot of the privacy extensions recently developed amount to "hiding in
crowds". For example, SNI encryption assumes that multiple servers are
accessible through the same IP address. If the SNI is hidden, outside
observers won't know which one was accessed. DNS encryption makes the
same assumption in an indirect way. It assumes that we gain privacy by
hiding the DNS exchange that maps www.example.com to an IP address. This
is fine, except for the fact that most servers have their own IP
address. You can hide the DNS exchange, you can hide the SNI, but
outside observers will still be able to understand which servers you are
accessing by simply looking at the address header. If we want real
privacy, we will need something else!

How do I know? I started with the Majestic Million list of domain names,
and resolved 25,000 of these names, and found out that on average a
given IP address was shared by about 1.21 names, as explained in:
https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/)
And then I resolved the next 25000 names to be more sure of the results.
The average increased slightly, from 1.21 to 1.22, which does not change
the results much. 74.6% of domains use an address that is unique to
them, 8.7% use an address shared by 2 domains, and only 8% use an
address shared by 10 or more servers. DNS encryption and SNI encryption
do bring privacy for a minority of connection, for which it may well be
important. But they do not improve privacy in 75% of the cases.

I understand that privacy-warriors can use VPN, proxies or Tor. But
these tools are far from perfect -- see the recent Sybil attacks against
Tor, or the outveiling of shady business practices by many VPNs. In any
case, these tools at best provide "privacy for a few active users". But
that leaves aside the bulk of Internet users. Thus my question for this
program: how would we provide privacy for the masses?

-- Christian Huitema