Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity Services and the Law: How to Safely Provide Anonymity Technology on the Internet Len Sassaman The Shmoo Group

Published byNeal Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Anonymity Services and the Law: How to Safely Provide Anonymity Technology on the Internet Len Sassaman The Shmoo Group"— Presentation transcript:

1 Anonymity Services and the Law: How to Safely Provide Anonymity Technology on the Internet Len Sassaman The Shmoo Group rabbi@shmoo.com

2 Introduction to Anonymity Services

3 Network anonymity services Shield the identity of the user Conceal other identifying factors Dissociate users’ actions with identity Do not conceal that those actions occur! Anonymity != privacy

4 Types of Anonymity Services

5 Covert anonymity User is not automatically flagged as a user of anonymity technology. User often has more credibility. Does not attract suspicion. Inconspicuous web proxies. Free web email accounts through proxies. Peek-a-Booty.

6 Overt anonymity User is known to be anonymous. Credibility is more often questioned. Known remailers Anonymizer.com addresses Other services are a mixture of covert and overt anonymity.

7 Who Operates Public Anonymity Services?

8 Commercial Organizations Often provide anonymity services for profit. Have an interest in protecting their customers identities. Usually do not offer strong anonymity – payment hurdles. Ex: Anonymizer.com Ex: Zero Knowledge Systems.

9 Universities and NGOs Offer services “For the good of the community”. Implement theoretical concepts. Possibly have a specific need. Are able to avoid the issue of anonymous payments. Ex: MIT’s nym.alias.net Ex: Voice of America

10 Individuals Much the same as NGOs Believe in the right to anonymity Desire personal use of the technology Wish to demonstrate technical ability Put theory into practice Ex: Mixmaster remailers Ex: Freenet

11 Governments/Militaries Operate anonymous “tip hotlines” Need anonymity for investigation or espionage Wish to undermine foreign government policies Ex: Safeweb and CIA

12 Differences: Commercial vs. Others Commercial anonymity services tend to be weaker Commercial anonymity services tend to be more popular Address passive concerns: –Protect financial data –Hide personal information –Thwart data mining Anonymous communication is secondary

13 Why Commercial Anonymity is Different

14 Hard to sell Payment collection (no anonymous cash!) Cost of operating service Need for a large anonymity set Uncertain demand Legal restrictions Abuse complications

15 Hard to buy Payment rendering (no anonymous cash!) Uncertainty of anonymity strength Availability of service Local network restrictions Ease of use

16 Differences between Strengths

17 Weak anonymity Protection from the casual attacker Spam avoidance Anonymous online forums “Trust the operator or the law”

18 Strong anonymity Protection from ISP snooping Protection from government monitoring Protection in the case of server compromise (hacker-proofing) “Trust the mathematics”

19 Examples Free web mail accounts SSL anonymous proxies Anonymous ISPs Anonymous mail relays Mix-net remailer systems

20 Need for free anonymity Strong anonymity has important uses Commercial solutions are lacking Publicly accessible non-profit anonymity services are the main source of strong anonymity Anonymous digital cash would change this

21 A Brief History of Remailers

22 Mix-nets Paper by David Chaum written in 1981 Described a method of anonymous communication Strong anonymity – no universally trusted authority Return addresses Not implimented by Chaum

23 anon.penet.fi Pseudonym server Based on software created by Karl Kleinpaste Maintained by Julf Helsingius in Finland Operational in the early 1990’s Fairly weak anonymity, but easy to use More than 500,000 registered users Fell victim to a “legal attack” by the Church of Scientology http://www.penet.fi/press-english.html

24 Cypherpunk remailers Borrowed ideas from Chaum Joint work by Eric Hughes, Hal Finney Written in 1992 Improved by Raif Levien, Matt Ghio, and others (statistics generation, latency) Used PGP for encryption and nesting Traffic analysis still possible “Type I Remailers” Type I nymservers exist

25 Mixmaster remailers Implimentation of Chaum’s Mix-net idea Work begun in 1993 by Lance Cottrell Addresses multiple shortcomings in the Type I system Software rewritten in 1998 by Ulf Möller Currently the most widely used remailer software Known as “Type II Remailers”

26 Zero Knowledge Freedom Email services on top of the ZKS Freedom network Strong anonymity, ease of use, and return addresses (persistant pseudonyms) Commercial enterprise that was too costly Possible future as open source?

27 The Mechanics of Strong Anonymity

28 David Chaum’s mix-nets Multi-layered encyption chains Indistinguishable message packets Random reordering at each hops Return address reply blocks

29 Mixmaster A mix-net implimentation Clients available for Windows, Macintosh, Unix Servers available for Unix and Windows Low hardware resource requirements Reliable network connection Mail server capabilities

30 A Mixmaster Packet

31 Journey of a mixed message Chain selection Encryption Padding/splitting Transmission What the operator can see What an outside observer would know Importance of a large anonymity set Cover traffic

32 Flaws in Mixmaster Tagging attacks Flooding attacks Key compromise Need for forward secrecy Reliability failings Ease of use Lack of return address capability

33 Preventing and Handling Abuse

34 Types of Abuse

35 Spam Remailers are ill-suited for email spam High latency, easy detection Open-relays are much better Usenet spam is still a problem

36 Piracy Most remailers block binary transfers Anonymity is decreased by sending large, multi-packet messages Email is a poor medium for file transfer Throw-away shell/ftp accounts, irc, and p2p systems are more popular for warez

37 Targeted harassment Directed abusive messages at individuals Floods from one or more remailers Usenet flames

38 Prevention

39 Stopping abuse Individual remailer block-lists The Remailer Abuse Blacklist –http://www.paracrypt.com/remailerabuse/ Local filtering Do not need to know the ID of abuser Avoid being a target of abuse Spam and flood detection tools for remops Middleman remailers

40 Why a remop can’t reveal abusers’ True Names Only the last hop is usually known No logs No chain information Decryption keys aren’t useful in last hop All chained hops are needed START-TLS forward secrecy

41 Why remops don’t keep logs Disk space / resource drain Local user privacy concerns Not useful for abuse investigations

42 Complications in Dealing with Abuse Complaints Responding to individuals Responding to organizations Responding to ISPs Responding to legal authorities The problem of mail-to-news gateways

43 Inside a Mixmaster Remailer

44 Walk-through of a live system Remailer program location Mail handling Remailer packet handling Logging Abuse processing

45 Interacting with Law Enforcement

46 When LEO’s want answers Explain that you are operating a remailer –(The more overt the anonymity, the easier this is will be) Offer to help as much as you can Offer abuse counter-measures Remember: you do not need to talk to LEOs! Know your Miranda rights. If you are treated as a suspect, it is likely due to technical ignorance on the LEO’s part Last resorts: turn to EFF, ACLU, EPIC

47 First impressions Corresponding website is the first thing an investigator will see Have information on remailers and their benefits available Be friendly with local law enforcement Don’t be a criminal!

48 Personal experiences How I became a remop What I expected My law enforcement inquiries –FBI –US Secret Service What I would do differently now

49 Legal status of remailers First Amendment issues Electronic Frontiers Georgia case UK’s RIP Bill Current US Administration Where remailers might be banned

50 Post “September 11 th ” Media reaction Number of remailers operating Political opinion of anonymity Remailers: Tools against terror What about public libraries?

51 What Can be Improved?

52 What programmers can do Next generation remailers –Security improvements –Mixminion (Type III) User interface enhancements! IETF standardization Mail client support Java web applets –Mixlet

53 What law makers can do Ensure legality of anonymity services Legal protections for remailer operators

54 What the revolutionaries can do Steps to take if remailers are banned in your country Ways of operating remailers anonymously Ways of maintaining anonymity without remailers What happens if the US bans remailers?

55 What the public can do We need more remops We need more stable remailers We need more remailer users User testimonials Use public opinion to our advantage Social benefit of remailers must be known

56 Comments Len Sassaman rabbi@shmoo.com

Download ppt "Anonymity Services and the Law: How to Safely Provide Anonymity Technology on the Internet Len Sassaman The Shmoo Group"

Similar presentations

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Beyond “I Fought The Law” Educating Law Enforcement about Privacy Services Adam Shostack.

Beyond “I Fought The Law” Educating Law Enforcement about Privacy Services Adam Shostack.
Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group

Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics.

Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Behind the Machine “The Good, The Bad, and the Ugly” Copyright © 2008 by Helene G. Kershner.

Behind the Machine “The Good, The Bad, and the Ugly” Copyright © 2008 by Helene G. Kershner.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
CHAPTER THE INTERNET, THE WEB, AND ELECTRONIC COMMERCE 22.

CHAPTER THE INTERNET, THE WEB, AND ELECTRONIC COMMERCE 22.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google