Re: [Pearg] About hiding in crowds

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Tue, 11 August 2020 12:22 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F08C03A100C for <pearg@ietfa.amsl.com>; Tue, 11 Aug 2020 05:22:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-qV3nbw3vA1 for <pearg@ietfa.amsl.com>; Tue, 11 Aug 2020 05:22:19 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2046.outbound.protection.outlook.com [40.107.22.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FB733A1008 for <pearg@irtf.org>; Tue, 11 Aug 2020 05:22:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YVScuLFtxgdGUi3UzuWlOd1pX0PWkSO+jcJf5LR5DT5F1T5SMrLLRlOlq6oHhzHX4bE4V/zPSP3MsHC70GczqWVd2VOwU3lig6SEEmB75ehd4L90LO1P4iMDAoTF6WzB9RHIraWdks4vgDcpqZPosjFSxbWrwW/nUvNmg8VyQJJshB5n5gts9OEGvq1oua6xV4zFbxXLchLlico1rFKjhZhCYLOGIQmqGwsunroqtyNWQGG+HfZzUWahK7c3G2MBy6bj1eog+XjrGUG9hWBTuK8MQXIuGhjcyPR/EImK6s5fwU8A8bapNy+F13i9fRY1kZhqf6XIJIMF/2aXTxSdIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tDnMfSpyMz+N8a7zTYLjCVfO6BA9g5249oEvfskVkgU=; b=DTyuOs2xUDjsK+ks0cQgdsJJ1LV9UyIXyHAnZG/SAlROdfuPK05XWCwvQM7oYPXa0C0WHSRQGdyNy6OrFf0BXT2YU0OFwNm2isjDaYoIQS/gXRrP2W0PluO7FDQ+mBdf0JhiYtyTArROxi0/a+J75DyS+lQut0Iw6OEsdKnqjF+D7OQ3i6+Eg000QCoG/jFeEhCAu2PGhCxgnRmqLD+Q2Sl/Jsuv4yIutiZfr5AdgkvEKmP8rsY1TZ2RS90JXE68scH0YB65N0D/2YZ5D2xBbB1GDsrG8v2WVg1MZwMmlW/7JSiuedI9TmHri/JShhe/Y8UKPzu5r9GzC33jCOSNEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tDnMfSpyMz+N8a7zTYLjCVfO6BA9g5249oEvfskVkgU=; b=jPVIK1oG8HWbw21kYVrvqxRgTR4OIyD3Y1AKZ+5VLvGZ1Atbjqr4GH8xCh3T5MJ0LLC0kr5Bqh0H/ZI8EUXBuZ7b/eQ06tmWOr7d4S2ZsjvCCa7/Cojj4javLjBsjzwISP/3onghq+8AiLaOQzwmhHAtEVLDZugfx0kiyGQyEjo=
Received: from AM0PR0702MB3713.eurprd07.prod.outlook.com (2603:10a6:208:19::10) by AM0PR07MB6290.eurprd07.prod.outlook.com (2603:10a6:20b:154::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.10; Tue, 11 Aug 2020 12:22:11 +0000
Received: from AM0PR0702MB3713.eurprd07.prod.outlook.com ([fe80::d1f1:397c:7240:92f1]) by AM0PR0702MB3713.eurprd07.prod.outlook.com ([fe80::d1f1:397c:7240:92f1%7]) with mapi id 15.20.3283.015; Tue, 11 Aug 2020 12:22:11 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, Christian Huitema <huitema@huitema.net>
CC: "pearg@irtf.org" <pearg@irtf.org>
Thread-Topic: [Pearg] About hiding in crowds
Thread-Index: AQHWb22W/DD3p+JzRkGaS4Ceu1Hx3KkyrZgAgABJJgA=
Date: Tue, 11 Aug 2020 12:22:11 +0000
Message-ID: <13DDFBEC-132B-4C6A-8071-F370204A23BE@ericsson.com>
References: <f49c190e-91a8-eaba-5069-4f39b95c75f6@cs.tcd.ie> <b8ab4ccf-ed8a-7b2b-c36d-bfb240aca54b@cs.tcd.ie> <f6807aed-d494-4020-4d75-dcf73ad22d4f@huitema.net> <B3F38549-57BE-40D6-9742-3BF7C98A3E64@cisco.com>
In-Reply-To: <B3F38549-57BE-40D6-9742-3BF7C98A3E64@cisco.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.39.20071300
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2003:de:e711:af00:c59a:feb4:9a15:2d07]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9bbc60ec-48e8-4cb3-0be2-08d83df12c77
x-ms-traffictypediagnostic: AM0PR07MB6290:
x-microsoft-antispam-prvs: <AM0PR07MB6290A2C6E7F82DE8243E2A0CF4450@AM0PR07MB6290.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Pcr0n8A2HcjGCg38niEMYVmHKx0plyPMv/4fAYxfah6/DNzJlfCQT4BsTYHBkiOV8tuCQYcUwZGFZWoJw/R2t1BrAELH0YS/7qZFJCBZn68MwATUWlKhvhVo0j02uwJ57UBEtwajcKa4NntDcx0sJcmGfHTUYrqFhlERHDz1W6dsKmUKKJoPV9iPy3hehWlkAiUBzEsJ366H20xo3HiJfpDpwsMGaH3DG9oMqLxS3L5Kns/cW9dlFuErS951osX1zNda0H86r6yGIPJpj9o3q9tnl4NxyAR6/uuh02GTWr7DWtguA/yBQSakPpiksTefmX00TbpRRH/K4pHUUG1+NCzlT+Dz+Ryu1WUFYPKwusF6OqtzCLcSSjC8YpmPMS3RVu/2jwIbaHpYVeS+AjWKgw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3713.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(136003)(346002)(366004)(376002)(396003)(66556008)(66476007)(64756008)(66446008)(15974865002)(5660300002)(316002)(71200400001)(66574015)(8676002)(8936002)(83380400001)(110136005)(4326008)(36756003)(6512007)(6506007)(44832011)(478600001)(2616005)(2906002)(186003)(66946007)(53546011)(33656002)(86362001)(76116006)(966005)(6486002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: FWtDyRZsaAB/uTz7kMDyXVSGBQv/4wBNAFITuJW+tsQuv7eZ6z/w8t/BfUCPz/Afh7jEqA0HWgkMD66T91G3cwt9XIEKxs4+WmsLGkX1+3po/JBfgTyBX/vdarLUYrzgA8jCdDZ96XP9CEWbnJ39xbiKyGJ5ZVRW6itC0B2AIFHg73Ef4tRq3Q78C7rZnGPqo3PCQpBDY/n/XJgKFxRe2yKgoQ+PdcrulVUL3Unk+YIGRVyetflFO0nECIWlI91GmThWXrsFcp2uN8Vkc16ONsEZCkfZollP6HzJ2jeGg5+yEHKtPHA60mtM8NFo4aCZhq/o8Z5GJSjULhvzpdJH6SLeS9BpEm5K3Y5Nup3ZBzkvlC6RxvUZl7p9C9FomaY7dUnwmLaCx1Z0oE9UCKpR+E+IOjOXgOkolDqVAhPjdVYEPf43719d1tmUN/lJhVpwcpwYVg7wvbSsD15r1sWSL6Mq6AB3pt4Uu6v7qewBKzK6rRo+dfcMuDn6ggpyJu1fHm+dvTShq9WiC2NsTgOMkMe4tgIaH4ntbmLY2BeoM1naz5Gg7fJlAd77U16zz3dDI+AbOi4yCH7orkjnjYG/eB65U8L9xoOf6B838KVBo3OPRjmEnUR3VZ0jjEG21BFBxYZluAyqkcngVOsYJofFfob0XVyaKkbyl21PAGDthupOVLXVXuPtA5tL4uPXFddfVvndg6zmWHuzBStVW95l+Q==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <0B79D6AAA52F924C9CE4BB4D68AFC9DC@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3713.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9bbc60ec-48e8-4cb3-0be2-08d83df12c77
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2020 12:22:11.1969 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 84LBxK2PD0zRgymOV4xxqbnLyPKDhbeheeQEcgPt0e9f7555zVvrXSW6iOTkJ2yPx+MpTvSUd9sF0McBiUEobyxTffXythdBkzlbRbLg/nc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6290
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/1wcCvpKa365Eho9RkuvypYgtyAU>
Subject: Re: [Pearg] About hiding in crowds
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 12:22:22 -0000

Hi Christian, hi Eloit,

also you need is address translation by at least one hop in the middle (assuming the observer can only observe one side of the middle point or there are enough simultaneous users). This is one use case for MASQUE.

Mirja


´╗┐On 11.08.20, 12:00, "Pearg on behalf of Eliot Lear" <pearg-bounces@irtf.org on behalf of lear=40cisco.com@dmarc.ietf.org> wrote:

    Hi Christian

    What you describe below is something that Barbara Fraser and I noted some years ago at the STRINT workshop.  We argued at the time that providing points in the network to aggregate traffic was an appropriate approach to both blend and blind.  It requires end user trust in those aggregation points that some might call middle boxes.  This is effectively what Mozilla has done with Cloudflare.  This notion of agency is still something that I think is worth exploring.

    Eliot


    > On 11 Aug 2020, at 01:24, Christian Huitema <huitema@huitema.net> wrote:
    > 
    > Signed PGP part
    > A lot of the privacy extensions recently developed amount to "hiding in
    > crowds". For example, SNI encryption assumes that multiple servers are
    > accessible through the same IP address. If the SNI is hidden, outside
    > observers won't know which one was accessed. DNS encryption makes the
    > same assumption in an indirect way. It assumes that we gain privacy by
    > hiding the DNS exchange that maps www.example.com to an IP address. This
    > is fine, except for the fact that most servers have their own IP
    > address. You can hide the DNS exchange, you can hide the SNI, but
    > outside observers will still be able to understand which servers you are
    > accessing by simply looking at the address header. If we want real
    > privacy, we will need something else!
    > 
    > How do I know? I started with the Majestic Million list of domain names,
    > and resolved 25,000 of these names, and found out that on average a
    > given IP address was shared by about 1.21 names, as explained in:
    > https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/).
    > And then I resolved the next 25000 names to be more sure of the results.
    > The average increased slightly, from 1.21 to 1.22, which does not change
    > the results much. 74.6% of domains use an address that is unique to
    > them, 8.7% use an address shared by 2 domains, and only 8% use an
    > address shared by 10 or more servers. DNS encryption and SNI encryption
    > do bring privacy for a minority of connection, for which it may well be
    > important. But they do not improve privacy in 75% of the cases.
    > 
    > I understand that privacy-warriors can use VPN, proxies or Tor. But
    > these tools are far from perfect -- see the recent Sybil attacks against
    > Tor, or the outveiling of shady business practices by many VPNs. In any
    > case, these tools at best provide "privacy for a few active users". But
    > that leaves aside the bulk of Internet users. Thus my question for this
    > program: how would we provide privacy for the masses?
    > 
    > -- Christian Huitema
    > 
    > 
    > 
    >