[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Latency Costs of Anonymity



-----BEGIN PGP SIGNED MESSAGE-----

From: Wei Dai <[email protected]>
> The points Tim makes here are quite good.  However, I'm more concerned 
> with a slightly longer time scale, when people focus less on FILES, 
> but more on CONVERSATIONS and INTERACTIONS.  It is then that latency 
> becomes more problematic.

I think this is a good point.  We have had some discussions about getting
anonymity with web browsing.  The "mix" or "remailer" concept doesn't
work so well there as the connections are very short, so there is less
chance of multiple communications going on at one time.

OTOH I have heard discussions of asynchronous transfer mode, ATM, as a
new packet-based network technology that could support high bandwidth
communications.  All messages, presumably even streams like video
signals, get broken into fixed-size packets, which make their way through
the network and are reassembled into a stream on the other end.  The
individual packets may not all take the same path through the network.
(I am far from an expert on ATM so I welcome corrections to this
description.)

This technology does sound like mixing could work pretty well to provide
anonymity.  There is some price in bandwidth and latency but ATM is so
fast that probably several steps of chaining and mixing would be
possible.  Naturally such mixes would have to be hardware based due to the
rapid speeds of the packets.  So this would be kind of a "souped up"
version of our current email remailer network, with vastly greater
bandwidths and switching speeds.

Another possibility with connection-based communications would be
Chaum's DC-Nets.  These are networks where message source cannot be
determined.  They do face potentially severe costs in terms of
bandwidth, though, depending on how much anonymity you get.  As both
mixes and dcnets have bandwidth costs, I wonder if it is provable that
anonymity implies such costs.

> Can anyone give me an estimate of when truly anonymous video conferencing 
> will become possible?  This is not just to help me make the point, but 
> I'm really wondering.
> 
> Wei Dai

I think it may be more useful rather than speaking of "true" anonymity
to think of factor-of-N anonymity.  This reflects the bandwidth costs.  I
would guess that, if you have a packet-based video converencing system,
that today you could probably get factor-of-2 anonymity with custom
hardware, and perhaps even more than that.

One other point I would make, based on Wei's original post, is that no
doubt anonymity does exact some costs.  However this does not mean that
it is uncompetitive.  It also may have, in some circumstances,
advantages.  People may be more frank and critical when they are shielded
by anonymity.  I've read articles about companies which introduce
electornic "suggestion boxes" where people can post anonymously, and
upper management is often shocked at the results.  It is too early to
judge how much of a net benefit or harm anonymity will be in general.

Furthermore, it is likely that the net advantage will differ depending on
the business or organization.  At one extreme, a group working with
illegal or restricted technology would probably benefit more from
anonymity.  I think it was Keith Henson who posted a story here a couple
of years ago that he was working on, involving some kind of underground
protest group which organized itself using crypto anonymity.  So it is
really not a question of whether anonymity is good or bad, but rather
whether its costs outweigh its advantages in a particular situation.

Hal Finney
[email protected]

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBLw8c9xnMLJtOy9MBAQFZBgH/R1c3FLHECJiEHDoUl/gUPaBIVzd3kvVz
Uv2jqFwJxSFQjnrb1wtGT7vLjNOOXJ7uYpBNJU+ZfPSKOvPgGFD8yQ==
=+6iw
-----END PGP SIGNATURE-----