diff options
| author | Christian Grothoff <christian@grothoff.org> | 2019-04-20 21:45:25 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2019-04-20 21:45:25 +0200 |
| commit | 32485c3b58983ada1943b3fa27eac3b0cff2a9da (patch) | |
| tree | 1e439c5054194faef2f52a86f16a7c13f5f5aa20 /doc/handbook/chapters/keyconcepts.texi | |
| parent | 5fab02b10baef639121723aacf3b1351e5db8003 (diff) | |
| download | gnunet-32485c3b58983ada1943b3fa27eac3b0cff2a9da.tar.gz gnunet-32485c3b58983ada1943b3fa27eac3b0cff2a9da.zip | |
try to address #5660:
Diffstat (limited to 'doc/handbook/chapters/keyconcepts.texi')
| -rw-r--r-- | doc/handbook/chapters/keyconcepts.texi | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/doc/handbook/chapters/keyconcepts.texi b/doc/handbook/chapters/keyconcepts.texi index 4b49a7ffb..4900ed328 100644 --- a/doc/handbook/chapters/keyconcepts.texi +++ b/doc/handbook/chapters/keyconcepts.texi | |||
| @@ -15,7 +15,7 @@ The second part describes concepts specific to anonymous file-sharing. | |||
| 15 | * Accounting to Encourage Resource Sharing:: | 15 | * Accounting to Encourage Resource Sharing:: |
| 16 | * Confidentiality:: | 16 | * Confidentiality:: |
| 17 | * Anonymity:: | 17 | * Anonymity:: |
| 18 | * Deniability:: | 18 | * Deniability:: |
| 19 | * Peer Identities:: | 19 | * Peer Identities:: |
| 20 | * Zones in the GNU Name System (GNS Zones):: | 20 | * Zones in the GNU Name System (GNS Zones):: |
| 21 | * Egos:: | 21 | * Egos:: |
| @@ -165,16 +165,20 @@ and Bart Preneel. Towards measuring anonymity. | |||
| 165 | (@uref{https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf, https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf})) | 165 | (@uref{https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf, https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf})) |
| 166 | that can help quantify the level of anonymity that a given mechanism | 166 | that can help quantify the level of anonymity that a given mechanism |
| 167 | provides, there is no such thing as "complete anonymity". | 167 | provides, there is no such thing as "complete anonymity". |
| 168 | |||
| 168 | GNUnet's file-sharing implementation allows users to select for each | 169 | GNUnet's file-sharing implementation allows users to select for each |
| 169 | operation (publish, search, download) the desired level of anonymity. | 170 | operation (publish, search, download) the desired level of anonymity. |
| 170 | The metric used is the amount of cover traffic available to hide the | 171 | The metric used is based on the amount of cover traffic needed to hide |
| 171 | request. | 172 | the request. |
| 172 | While this metric is not as good as, for example, the theoretical metric | 173 | |
| 173 | given in scientific metrics, | 174 | While there is no clear way to relate the amount of available cover |
| 174 | it is probably the best metric available to a peer with a purely local | 175 | traffic to traditional scientific metrics such as the anonymity set or |
| 175 | view of the world that does not rely on unreliable external information. | 176 | information leakage, it is probably the best metric available to a |
| 176 | The default anonymity level is @code{1}, which uses anonymous routing but | 177 | peer with a purely local view of the world, in that it does not rely |
| 177 | imposes no minimal requirements on cover traffic. It is possible | 178 | on unreliable external information or a particular adversary model. |
| 179 | |||
| 180 | The default anonymity level is @code{1}, which uses anonymous routing | ||
| 181 | but imposes no minimal requirements on cover traffic. It is possible | ||
| 178 | to forego anonymity when this is not required. The anonymity level of | 182 | to forego anonymity when this is not required. The anonymity level of |
| 179 | @code{0} allows GNUnet to use more efficient, non-anonymous routing. | 183 | @code{0} allows GNUnet to use more efficient, non-anonymous routing. |
| 180 | 184 | ||
| @@ -192,7 +196,7 @@ In particular, we assume that the adversary can see all the traffic on | |||
| 192 | the Internet. And while we assume that the adversary | 196 | the Internet. And while we assume that the adversary |
| 193 | can not break our encryption, we assume that the adversary has many | 197 | can not break our encryption, we assume that the adversary has many |
| 194 | participating nodes in the network and that it can thus see many of the | 198 | participating nodes in the network and that it can thus see many of the |
| 195 | node-to-node interactions since it controls some of the nodes. | 199 | node-to-node interactions since it controls some of the nodes. |
| 196 | 200 | ||
| 197 | The system tries to achieve anonymity based on the idea that users can be | 201 | The system tries to achieve anonymity based on the idea that users can be |
| 198 | anonymous if they can hide their actions in the traffic created by other | 202 | anonymous if they can hide their actions in the traffic created by other |
| @@ -235,7 +239,7 @@ Even if the user that downloads data and the server that provides data are | |||
| 235 | anonymous, the intermediaries may still be targets. In particular, if the | 239 | anonymous, the intermediaries may still be targets. In particular, if the |
| 236 | intermediaries can find out which queries or which content they are | 240 | intermediaries can find out which queries or which content they are |
| 237 | processing, a strong adversary could try to force them to censor | 241 | processing, a strong adversary could try to force them to censor |
| 238 | certain materials. | 242 | certain materials. |
| 239 | 243 | ||
| 240 | With the file-encoding used by GNUnet's anonymous file-sharing, this | 244 | With the file-encoding used by GNUnet's anonymous file-sharing, this |
| 241 | problem does not arise. | 245 | problem does not arise. |