From nobody Thu Aug 13 21:48:02 2020 Return-Path: X-Original-To: pearg@ietfa.amsl.com Delivered-To: pearg@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 283023A0CE3 for ; Thu, 13 Aug 2020 21:48:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.847 X-Spam-Level: X-Spam-Status: No, score=-2.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.949, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7Ru8Ly5iueV for ; Thu, 13 Aug 2020 21:47:57 -0700 (PDT) Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FB6E3A0CE2 for ; Thu, 13 Aug 2020 21:47:57 -0700 (PDT) Received: from xse95.mail2web.com ([66.113.196.95] helo=xse.mail2web.com) by mx13.antispamcloud.com with esmtp (Exim 4.92) (envelope-from ) id 1k6Rcy-0001cd-CP for pearg@irtf.org; Fri, 14 Aug 2020 06:47:47 +0200 Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4BSWBx2vH1z5PFG for ; Thu, 13 Aug 2020 21:47:37 -0700 (PDT) Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1k6Rcv-0005UM-9E for pearg@irtf.org; Thu, 13 Aug 2020 21:47:37 -0700 Received: (qmail 29594 invoked from network); 14 Aug 2020 04:47:36 -0000 Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.0]) (envelope-sender ) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 14 Aug 2020 04:47:36 -0000 To: Shivan Sahib Cc: pearg@irtf.org References: From: Christian Huitema Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH Message-ID: <541251e2-ac1a-65e7-48ea-479c95669baa@huitema.net> Date: Thu, 13 Aug 2020 21:47:35 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------28D766D3C9569690A933B290" Content-Language: en-US X-Originating-IP: 66.113.196.95 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 66.113.196.95/32 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.95/32@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: unsure X-Spampanel-Outgoing-Evidence: Combined (0.15) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0X2OOYwfFINEXkW0Te3GMuqpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDpaUm5TrTL2ku6BQx2IM1+5j9 EvBvwu01uVCaGVBWGqssl8JaOGnOXJRQ66K9TzXl2rBNMmEsKEibQwSU1xBeOHButNDpi1WUXRkr He1vFsYm1aGKgRFqmjZjxZofiz4rQ7DUikvvhnqSt6XcO8nI1ryme9ldZJ7uNXfg/GfS8fUvP/L5 rCqHDsKZM+xa1iwJX+gRCHfMVnsAk591zk0uilUI+ZL4xWiN8NS6C+dmX6OEdA4u1aThyWrQ/ou2 +v/lmX4Em37yFgrCB6NHRn1g+f3uncIqYSL3lhh5c81YyJqFoLZMmkWsaurVZfvqROaDnDtHb8z5 dpPkEuJ8Snwqla7jUnW3hy14Yji8fo+4xCnSRo4Rcu5Z37rMuDjCny5fE9ykbJ7I9co1MAEE3ruN Xsm8UJsAPvDcVSKtDCYkioPY5Qx4fJOk03R5fJtf/Dv/dkIzS7m4GUpXCY1Y3j3ilU9uaDsIPkO9 NcV2UWdi7ra+rrj30v/JTatH2hEh4Llyje/8SDTqzyyw95u13AfNih3Uh+/QabGgUnNojmjro0uH gbVpRK3T9+h2PwMALJBCHcKXI7/zhcAzUi+8pV34j7dCp3Zd9clP8wSiJZWbJCg35R5vCGCRun6Y x0PkyFKG8H7Gzn6WgjbeynSmx+6tmjXg724gFzhHYUe+7aKm0vVUd86wwnusnZnGoWHGm4StTi+J 2sBvM/O0p+zizleC4lU8fDj1CnRx+r4b/1Q/PZ/c2FYQHphnIbdNngJ1KssbvOnCUbNPgcPcQwzM gKHyQxUo+ql2ySTkvEFH/23XMww2BnTTFGX5/yI4Ky+1ZJcbGqc5H4PEZHeoI/d6LWFf332z7LMw LGdoi9FMQ5j9dQUvMi1YKAun15JQSJLyCT5k+MTObVKxHy/dols381l9r9ft9daDonlwd6LnuX+J u10= X-Report-Abuse-To: spam@quarantine11.antispamcloud.com Archived-At: Subject: Re: [Pearg] About hiding in crowds X-BeenThere: pearg@irtf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Privacy Enhancements and Assessment Proposed RG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 04:48:00 -0000 This is a multi-part message in MIME format. --------------28D766D3C9569690A933B290 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Sorry about the 404. I messed up with the GitHub project, and did not realized it was set as "private". Fixed now. If you want to work on an Internet draft, I am happy to collaborate. -- Christian Huitema On 8/13/2020 3:59 PM, Shivan Sahib wrote: > Thanks for the note Christian. I remember that a similar point was > brought up in the /"What can you learn from an IP?" /paper presented > by Nikita Borisov at ANRW 2019 last > year: https://dl.acm.org/doi/10.1145/3340301.3341133, video of > presentation: https://youtu.be/pEnT2BJvyv0?t=106  > In the discussion after, it was brought up that IPv6 could make things > better (more to choose from, so less stickyness if servers wanted) or > worse (less incentive to have the same IP address for multiple > services). There was also some discussion around what > > * the CDNs can do  > * the websites can do, and > * clients can do > > Sara and I were chatting today and we reckoned this was an > architectural consideration (with research input) for Internet > privacy. It seemed to us that a first step might be to write up the > concern and possible solutions in an Internet Draft.  > > Thanks also for the blog post > ; > I tried checking out https://github.com/private-octopus/centraldns but > got a 404.  > > On Mon, Aug 10, 2020 at 4:25 PM Christian Huitema > wrote: > > A lot of the privacy extensions recently developed amount to > "hiding in > crowds". For example, SNI encryption assumes that multiple servers are > accessible through the same IP address. If the SNI is hidden, outside > observers won't know which one was accessed. DNS encryption makes the > same assumption in an indirect way. It assumes that we gain privacy by > hiding the DNS exchange that maps www.example.com > to an IP address. This > is fine, except for the fact that most servers have their own IP > address. You can hide the DNS exchange, you can hide the SNI, but > outside observers will still be able to understand which servers > you are > accessing by simply looking at the address header. If we want real > privacy, we will need something else! > > How do I know? I started with the Majestic Million list of domain > names, > and resolved 25,000 of these names, and found out that on average a > given IP address was shared by about 1.21 names, as explained in: > https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/). > And then I resolved the next 25000 names to be more sure of the > results. > The average increased slightly, from 1.21 to 1.22, which does not > change > the results much. 74.6% of domains use an address that is unique to > them, 8.7% use an address shared by 2 domains, and only 8% use an > address shared by 10 or more servers. DNS encryption and SNI > encryption > do bring privacy for a minority of connection, for which it may > well be > important. But they do not improve privacy in 75% of the cases. > > I understand that privacy-warriors can use VPN, proxies or Tor. But > these tools are far from perfect -- see the recent Sybil attacks > against > Tor, or the outveiling of shady business practices by many VPNs. > In any > case, these tools at best provide "privacy for a few active > users". But > that leaves aside the bulk of Internet users. Thus my question for > this > program: how would we provide privacy for the masses? > > -- Christian Huitema > > > -- > Pearg mailing list > Pearg@irtf.org > https://www.irtf.org/mailman/listinfo/pearg > --------------28D766D3C9569690A933B290 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Sorry about the 404. I messed up with the GitHub project, and did not realized it was set as "private". Fixed now. If you want to work on an Internet draft, I am happy to collaborate.

-- Christian Huitema

On 8/13/2020 3:59 PM, Shivan Sahib wrote:
Thanks for the note Christian. I remember that a similar point was brought up in the "What can you learn from an IP?" paper presented by Nikita Borisov at ANRW 2019 last year: https://dl.acm.org/doi/10.1145/3340301.3341133, video of presentation: https://youtu.be/pEnT2BJvyv0?t=106 
In the discussion after, it was brought up that IPv6 could make things better (more to choose from, so less stickyness if servers wanted) or worse (less incentive to have the same IP address for multiple services). There was also some discussion around what
  • the CDNs can do 
  • the websites can do, and
  • clients can do
Sara and I were chatting today and we reckoned this was an architectural consideration (with research input) for Internet privacy. It seemed to us that a first step might be to write up the concern and possible solutions in an Internet Draft. 

Thanks also for the blog post; I tried checking out https://github.com/private-octopus/centraldns but got a 404. 

On Mon, Aug 10, 2020 at 4:25 PM Christian Huitema <huitema@huitema.net> wrote:
A lot of the privacy extensions recently developed amount to "hiding in
crowds". For example, SNI encryption assumes that multiple servers are
accessible through the same IP address. If the SNI is hidden, outside
observers won't know which one was accessed. DNS encryption makes the
same assumption in an indirect way. It assumes that we gain privacy by
hiding the DNS exchange that maps www.example.com to an IP address. This
is fine, except for the fact that most servers have their own IP
address. You can hide the DNS exchange, you can hide the SNI, but
outside observers will still be able to understand which servers you are
accessing by simply looking at the address header. If we want real
privacy, we will need something else!

How do I know? I started with the Majestic Million list of domain names,
and resolved 25,000 of these names, and found out that on average a
given IP address was shared by about 1.21 names, as explained in:
https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/).
And then I resolved the next 25000 names to be more sure of the results.
The average increased slightly, from 1.21 to 1.22, which does not change
the results much. 74.6% of domains use an address that is unique to
them, 8.7% use an address shared by 2 domains, and only 8% use an
address shared by 10 or more servers. DNS encryption and SNI encryption
do bring privacy for a minority of connection, for which it may well be
important. But they do not improve privacy in 75% of the cases.

I understand that privacy-warriors can use VPN, proxies or Tor. But
these tools are far from perfect -- see the recent Sybil attacks against
Tor, or the outveiling of shady business practices by many VPNs. In any
case, these tools at best provide "privacy for a few active users". But
that leaves aside the bulk of Internet users. Thus my question for this
program: how would we provide privacy for the masses?

-- Christian Huitema


--
Pearg mailing list
Pearg@irtf.org
https://www.irtf.org/mailman/listinfo/pearg
--------------28D766D3C9569690A933B290--