diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-04-20 21:45:25 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-04-20 21:45:25 +0200 |
commit | 32485c3b58983ada1943b3fa27eac3b0cff2a9da (patch) | |
tree | 1e439c5054194faef2f52a86f16a7c13f5f5aa20 /doc/handbook/chapters/keyconcepts.texi | |
parent | 5fab02b10baef639121723aacf3b1351e5db8003 (diff) | |
download | gnunet-32485c3b58983ada1943b3fa27eac3b0cff2a9da.tar.gz gnunet-32485c3b58983ada1943b3fa27eac3b0cff2a9da.zip |
try to address #5660:
Diffstat (limited to 'doc/handbook/chapters/keyconcepts.texi')
-rw-r--r-- | doc/handbook/chapters/keyconcepts.texi | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/doc/handbook/chapters/keyconcepts.texi b/doc/handbook/chapters/keyconcepts.texi index 4b49a7ffb..4900ed328 100644 --- a/doc/handbook/chapters/keyconcepts.texi +++ b/doc/handbook/chapters/keyconcepts.texi | |||
@@ -15,7 +15,7 @@ The second part describes concepts specific to anonymous file-sharing. | |||
15 | * Accounting to Encourage Resource Sharing:: | 15 | * Accounting to Encourage Resource Sharing:: |
16 | * Confidentiality:: | 16 | * Confidentiality:: |
17 | * Anonymity:: | 17 | * Anonymity:: |
18 | * Deniability:: | 18 | * Deniability:: |
19 | * Peer Identities:: | 19 | * Peer Identities:: |
20 | * Zones in the GNU Name System (GNS Zones):: | 20 | * Zones in the GNU Name System (GNS Zones):: |
21 | * Egos:: | 21 | * Egos:: |
@@ -165,16 +165,20 @@ and Bart Preneel. Towards measuring anonymity. | |||
165 | (@uref{https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf, https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf})) | 165 | (@uref{https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf, https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf})) |
166 | that can help quantify the level of anonymity that a given mechanism | 166 | that can help quantify the level of anonymity that a given mechanism |
167 | provides, there is no such thing as "complete anonymity". | 167 | provides, there is no such thing as "complete anonymity". |
168 | |||
168 | GNUnet's file-sharing implementation allows users to select for each | 169 | GNUnet's file-sharing implementation allows users to select for each |
169 | operation (publish, search, download) the desired level of anonymity. | 170 | operation (publish, search, download) the desired level of anonymity. |
170 | The metric used is the amount of cover traffic available to hide the | 171 | The metric used is based on the amount of cover traffic needed to hide |
171 | request. | 172 | the request. |
172 | While this metric is not as good as, for example, the theoretical metric | 173 | |
173 | given in scientific metrics, | 174 | While there is no clear way to relate the amount of available cover |
174 | it is probably the best metric available to a peer with a purely local | 175 | traffic to traditional scientific metrics such as the anonymity set or |
175 | view of the world that does not rely on unreliable external information. | 176 | information leakage, it is probably the best metric available to a |
176 | The default anonymity level is @code{1}, which uses anonymous routing but | 177 | peer with a purely local view of the world, in that it does not rely |
177 | imposes no minimal requirements on cover traffic. It is possible | 178 | on unreliable external information or a particular adversary model. |
179 | |||
180 | The default anonymity level is @code{1}, which uses anonymous routing | ||
181 | but imposes no minimal requirements on cover traffic. It is possible | ||
178 | to forego anonymity when this is not required. The anonymity level of | 182 | to forego anonymity when this is not required. The anonymity level of |
179 | @code{0} allows GNUnet to use more efficient, non-anonymous routing. | 183 | @code{0} allows GNUnet to use more efficient, non-anonymous routing. |
180 | 184 | ||
@@ -192,7 +196,7 @@ In particular, we assume that the adversary can see all the traffic on | |||
192 | the Internet. And while we assume that the adversary | 196 | the Internet. And while we assume that the adversary |
193 | can not break our encryption, we assume that the adversary has many | 197 | can not break our encryption, we assume that the adversary has many |
194 | participating nodes in the network and that it can thus see many of the | 198 | participating nodes in the network and that it can thus see many of the |
195 | node-to-node interactions since it controls some of the nodes. | 199 | node-to-node interactions since it controls some of the nodes. |
196 | 200 | ||
197 | The system tries to achieve anonymity based on the idea that users can be | 201 | The system tries to achieve anonymity based on the idea that users can be |
198 | anonymous if they can hide their actions in the traffic created by other | 202 | anonymous if they can hide their actions in the traffic created by other |
@@ -235,7 +239,7 @@ Even if the user that downloads data and the server that provides data are | |||
235 | anonymous, the intermediaries may still be targets. In particular, if the | 239 | anonymous, the intermediaries may still be targets. In particular, if the |
236 | intermediaries can find out which queries or which content they are | 240 | intermediaries can find out which queries or which content they are |
237 | processing, a strong adversary could try to force them to censor | 241 | processing, a strong adversary could try to force them to censor |
238 | certain materials. | 242 | certain materials. |
239 | 243 | ||
240 | With the file-encoding used by GNUnet's anonymous file-sharing, this | 244 | With the file-encoding used by GNUnet's anonymous file-sharing, this |
241 | problem does not arise. | 245 | problem does not arise. |