Anonymous Living

Big Brother, in various shapes and forms, is watching you, including what you do on the Internet. Encryption is a good tool for combating surveillance, but i’s not enough: The adversary can still see who you are communicating with even though the communications itself is encrypted. This is why resistance against traffic analysis is important. The network security tool Tor is much likely the best currently available software for resisting.

But how effective is it? The excellent new research paper (draft) titled “Sampled Traffic Analysis by Internet-Exchange-Level Adversaries” by Steven Murdoch and Piotr Zielinksi introduces a new class of adversary: The Internet Exchanges (IX’s). It builds on the PET Award nominated paper, “Location Diversity in Anonymity Networks“, by Nick Feamster and Roger Dingledine, which shows that level 1 tier networks (which is the backbone for many ISPs) is a big threat.  Murdoch and Zielinksi points out that there’s an even bigger threat: The points in various countries where ISPs exchange data with other ISPs. The IX’s are, as their paper points out, excellent places to do surveillance and traffic analysis.

Is there any reason to worry about this if you are using Tor? As Murdoch points out in his blog:

“Right now there is no particular need to worry – this paper introduces a new class of adversary, and reduces the cost estimate of the attack, but fundementally end-to-end traffic analysis is not new. There remains much work to be done before implementation of defences can begin, such as verifying the hypothesis on a larger scale and establishing how to perform secure traceroute-based network mapping on Tor. I think this paper shows that this is a promising area of research and I hope it will spur further development.”

But what if you’re not using Tor? “Sampled Traffic Analysis by Internet-Exchange-Level Adversaries” is, imho, specially worth reading if you’re not taking steps to prevent surveillance and traffic analysis on the Internet. To put it simply: Papers who describe threats when you’re using anonymity software really do show you just how vulnerable you are on the Internet when you’re not taking stepts to protect yourself.