Re: [Pearg] About hiding in crowds
Shivan Sahib <ssahib@salesforce.com> Thu, 13 August 2020 22:59 UTC
Return-Path: <ssahib@salesforce.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3AFD3A0B03 for <pearg@ietfa.amsl.com>; Thu, 13 Aug 2020 15:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=salesforce.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vaj8VimFA75k for <pearg@ietfa.amsl.com>; Thu, 13 Aug 2020 15:59:20 -0700 (PDT)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B52C73A0A83 for <pearg@irtf.org>; Thu, 13 Aug 2020 15:59:20 -0700 (PDT)
Received: by mail-il1-x12d.google.com with SMTP id q14so6953925ilj.8 for <pearg@irtf.org>; Thu, 13 Aug 2020 15:59:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salesforce.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=v2mznWS8zrddUGi7pNZQmosfjTts/5gVcbU6jRJPvqM=; b=Lv3CDcb0Bhnskt9ODJL7cn5QQ2+/CPtfqgj2fdqRBPMpK0siz4jTjCHcDnoBEds+7q jy2XfTgK6XMcNRjG3hKvuyk7ZJLX59YxESzzmuZJJeCXsToVWCx2kZYk4QB06ojw7nZb 1qQU31NOV279KMjQnaY1KUdN31uDYF3nL5CIg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=v2mznWS8zrddUGi7pNZQmosfjTts/5gVcbU6jRJPvqM=; b=spJM0de1Owp0D4R+rFRXcdgw70RXVMpJbc+hncr6+kMKPH7mtiCi7D4C6um6ouZjce 551NcWLqXVBWt6BqbW60hN5xiSbCAB0pPh6gF34n45Y3FJBsz94ovVLPpyxgQ/+elTwQ tgw506jWu7qhie+QRPXgy50KqBTOqn9Gf9x+kCzPnCTHPXeuqtnTXTzEx+1FQ1Ursqsm oVCRnaQVjvc9PEk+twcIhC1yTefHJV42ECWT2g1pdq2Xk8RnmweQUGOq9CaSN/SMOz4v 09hM9hZXGnFxE3x4n9cA/4XHeOkniTTLouzwX3el34sL5tz75VqRaZIal/3t/TuDUJLa uVAQ==
X-Gm-Message-State: AOAM533a3NUUc4CheJNhvc83xpThagsRsINj2FZd47K4zr3MK7YNITqZ NXYCwBHEK1S7vucZUrkRaDxPe8eT3MQhD9CUs6yfKsHfoKLb4A==
X-Google-Smtp-Source: ABdhPJyiv8Cs0cVzehlc5fvLgcDgmRtvI+RNKeWvmcDPXgnp82uARLfS8mXHLCdH2qLj+mWpzrPD6vOp+cqU1zf//NQ=
X-Received: by 2002:a92:980f:: with SMTP id l15mr106085ili.51.1597359559782; Thu, 13 Aug 2020 15:59:19 -0700 (PDT)
MIME-Version: 1.0
References: <f49c190e-91a8-eaba-5069-4f39b95c75f6@cs.tcd.ie> <b8ab4ccf-ed8a-7b2b-c36d-bfb240aca54b@cs.tcd.ie> <f6807aed-d494-4020-4d75-dcf73ad22d4f@huitema.net>
In-Reply-To: <f6807aed-d494-4020-4d75-dcf73ad22d4f@huitema.net>
From: Shivan Sahib <ssahib@salesforce.com>
Date: Thu, 13 Aug 2020 15:59:09 -0700
Message-ID: <CAJm22JbkyfpyixwsA0eqcT7UkZ9Gjvc1ofqPqFudyY7SV9k3yA@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: pearg@irtf.org
Content-Type: multipart/alternative; boundary="00000000000023e66405acca413c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/pNV1PB9UMOO40lgN_0FcVcJJPeE>
Subject: Re: [Pearg] About hiding in crowds
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 22:59:30 -0000
Thanks for the note Christian. I remember that a similar point was brought up in the *"What can you learn from an IP?" *paper presented by Nikita Borisov at ANRW 2019 last year: https://dl.acm.org/doi/10.1145/3340301.3341133, video of presentation: https://youtu.be/pEnT2BJvyv0?t=106 In the discussion after, it was brought up that IPv6 could make things better (more to choose from, so less stickyness if servers wanted) or worse (less incentive to have the same IP address for multiple services). There was also some discussion around what - the CDNs can do - the websites can do, and - clients can do Sara and I were chatting today and we reckoned this was an architectural consideration (with research input) for Internet privacy. It seemed to us that a first step might be to write up the concern and possible solutions in an Internet Draft. Thanks also for the blog post <https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/>; I tried checking out https://github.com/private-octopus/centraldns but got a 404. On Mon, Aug 10, 2020 at 4:25 PM Christian Huitema <huitema@huitema.net> wrote: > A lot of the privacy extensions recently developed amount to "hiding in > crowds". For example, SNI encryption assumes that multiple servers are > accessible through the same IP address. If the SNI is hidden, outside > observers won't know which one was accessed. DNS encryption makes the > same assumption in an indirect way. It assumes that we gain privacy by > hiding the DNS exchange that maps www.example.com to an IP address. This > is fine, except for the fact that most servers have their own IP > address. You can hide the DNS exchange, you can hide the SNI, but > outside observers will still be able to understand which servers you are > accessing by simply looking at the address header. If we want real > privacy, we will need something else! > > How do I know? I started with the Majestic Million list of domain names, > and resolved 25,000 of these names, and found out that on average a > given IP address was shared by about 1.21 names, as explained in: > > https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/ > ). > And then I resolved the next 25000 names to be more sure of the results. > The average increased slightly, from 1.21 to 1.22, which does not change > the results much. 74.6% of domains use an address that is unique to > them, 8.7% use an address shared by 2 domains, and only 8% use an > address shared by 10 or more servers. DNS encryption and SNI encryption > do bring privacy for a minority of connection, for which it may well be > important. But they do not improve privacy in 75% of the cases. > > I understand that privacy-warriors can use VPN, proxies or Tor. But > these tools are far from perfect -- see the recent Sybil attacks against > Tor, or the outveiling of shady business practices by many VPNs. In any > case, these tools at best provide "privacy for a few active users". But > that leaves aside the bulk of Internet users. Thus my question for this > program: how would we provide privacy for the masses? > > -- Christian Huitema > > > -- > Pearg mailing list > Pearg@irtf.org > https://www.irtf.org/mailman/listinfo/pearg >
- [Pearg] About hiding in crowds Christian Huitema
- Re: [Pearg] About hiding in crowds Eliot Lear
- Re: [Pearg] About hiding in crowds Mirja Kuehlewind
- Re: [Pearg] About hiding in crowds Shivan Sahib
- Re: [Pearg] About hiding in crowds Christian Huitema