Re: [Pearg] About hiding in crowds

Eliot Lear <lear@cisco.com> Tue, 11 August 2020 10:00 UTC

Return-Path: <lear@cisco.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 109353A0F4D for <pearg@ietfa.amsl.com>; Tue, 11 Aug 2020 03:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXROJNxPQwgb for <pearg@ietfa.amsl.com>; Tue, 11 Aug 2020 03:00:29 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C06A3A0F4A for <pearg@irtf.org>; Tue, 11 Aug 2020 03:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3700; q=dns/txt; s=iport; t=1597140029; x=1598349629; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=MiZNM1Y9uj1AXAkTheOsdY5vkFbi2JYBMzVEzE3Dt/0=; b=gigYp0R7k5+TqOrT3WToz5W2htAh3rY5hMiEdsUBhURe2FQyK/fYjYfc GhBF2DYetMa+1ec+fpPcZW+HJbpDHDUpjfxNMeE0TPB0vroQH5q50c8u9 a3IrluUXP2+HrifZNvBPApOBDAjuAnHlKsWeempecNmVF8LjeREo8X3Ko c=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B+BACyajJf/xbLJq1gHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgUqDGVQBIBIsjTeHdSWcEQQHAQEBCQMBASUKBAEBhEwCgjc?= =?us-ascii?q?lOBMCAwEBCwEBBQEBAQIBBgRthVwMhXEBAQEDAUkjCgMFCwsYLlcGE4MmAYJ?= =?us-ascii?q?cIA+xT3SBNIQ7AYEWhGgQgTiBU4tXggCBOAwQgU9+PoJcAYEYhBKCLQSbG5o?= =?us-ascii?q?EgQeCbIMLgS2EK5E2Ax6gEpxrkSGDVgIEBgUCFYFqI4FXMxoIGxU7KgGCCgE?= =?us-ascii?q?BMgkJLBIZDY4wEoNOilg/AzA3AgYIAQEDCY55gjUBAQ?=
X-IronPort-AV: E=Sophos;i="5.75,460,1589241600"; d="asc'?scan'208";a="28659149"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Aug 2020 10:00:25 +0000
Received: from ams3-vpn-dhcp4907.cisco.com (ams3-vpn-dhcp4907.cisco.com [10.61.83.42]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 07BA0OOW028768 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 11 Aug 2020 10:00:24 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <B3F38549-57BE-40D6-9742-3BF7C98A3E64@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_F58832A4-493E-43A1-ADE1-B4A5A0CC9337"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Tue, 11 Aug 2020 12:00:22 +0200
In-Reply-To: <f6807aed-d494-4020-4d75-dcf73ad22d4f@huitema.net>
Cc: pearg@irtf.org
To: Christian Huitema <huitema@huitema.net>
References: <f49c190e-91a8-eaba-5069-4f39b95c75f6@cs.tcd.ie> <b8ab4ccf-ed8a-7b2b-c36d-bfb240aca54b@cs.tcd.ie> <f6807aed-d494-4020-4d75-dcf73ad22d4f@huitema.net>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-Outbound-SMTP-Client: 10.61.83.42, ams3-vpn-dhcp4907.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/rNOt0rjOEkhbLmhrimAabeUBbmA>
Subject: Re: [Pearg] About hiding in crowds
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 10:00:31 -0000

Hi Christian

What you describe below is something that Barbara Fraser and I noted some years ago at the STRINT workshop.  We argued at the time that providing points in the network to aggregate traffic was an appropriate approach to both blend and blind.  It requires end user trust in those aggregation points that some might call middle boxes.  This is effectively what Mozilla has done with Cloudflare.  This notion of agency is still something that I think is worth exploring.

Eliot


> On 11 Aug 2020, at 01:24, Christian Huitema <huitema@huitema.net> wrote:
> 
> Signed PGP part
> A lot of the privacy extensions recently developed amount to "hiding in
> crowds". For example, SNI encryption assumes that multiple servers are
> accessible through the same IP address. If the SNI is hidden, outside
> observers won't know which one was accessed. DNS encryption makes the
> same assumption in an indirect way. It assumes that we gain privacy by
> hiding the DNS exchange that maps www.example.com to an IP address. This
> is fine, except for the fact that most servers have their own IP
> address. You can hide the DNS exchange, you can hide the SNI, but
> outside observers will still be able to understand which servers you are
> accessing by simply looking at the address header. If we want real
> privacy, we will need something else!
> 
> How do I know? I started with the Majestic Million list of domain names,
> and resolved 25,000 of these names, and found out that on average a
> given IP address was shared by about 1.21 names, as explained in:
> https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/).
> And then I resolved the next 25000 names to be more sure of the results.
> The average increased slightly, from 1.21 to 1.22, which does not change
> the results much. 74.6% of domains use an address that is unique to
> them, 8.7% use an address shared by 2 domains, and only 8% use an
> address shared by 10 or more servers. DNS encryption and SNI encryption
> do bring privacy for a minority of connection, for which it may well be
> important. But they do not improve privacy in 75% of the cases.
> 
> I understand that privacy-warriors can use VPN, proxies or Tor. But
> these tools are far from perfect -- see the recent Sybil attacks against
> Tor, or the outveiling of shady business practices by many VPNs. In any
> case, these tools at best provide "privacy for a few active users". But
> that leaves aside the bulk of Internet users. Thus my question for this
> program: how would we provide privacy for the masses?
> 
> -- Christian Huitema
> 
> 
> 
>