Improving Anonymous Networking

all right welcome to my talk uh sound alright alright uh i hope to shine some light on the world of the development of uh so-called dark nets and anonymity networks because i think in our industry we mainly hear about them from like an ocean and like incident response sort of perspective of like oh these you know they're posting stuff these dark night markets so we got to investigate it and yeah so we don't typically think about the other side of it too much but i have a passion for this stuff so i i have spent a lot of time thinking about it um this talk won't be too technical uh because uh i think most people here

probably have don't have like computer science degrees so i can answer any more technical questions like get more specific at the end and i'd like to give a thanks to our sponsors and the organizers for putting on this con because it's been a lot of fun and without them we couldn't have this happen so a little bit about me um right now i work for an msp that's also just kind of more of a general i.t and security company i've done a little bit of reverse engineering as well and i also have kind of dabbling and starting a privacy tech business as a side thing this year and so i made like an sms uh

provider that was like focused on privacy and i've done some like secondography research and i also love to hike and i'm actually a ballerina dancer a little though i haven't done that too much recently and this is actually my third version of this talk but i've made like changes on every time i've given it because of just continued work on my projects so uh this talk is gonna start with my philosophy on technology and then i'm gonna go over some requisite concepts which will honestly be kind of a crunch thing because i don't have a time to teach a whole semester uh university course in 30 minutes and then i'm gonna go over some of the

biggest existing anonymity networks which isn't an exhaustive list but uh i think like most people are only familiar with four because that's the definitely the most popular one but there are several others that have their own dedicated communities and then i'm going to introduce my own project which i'll get to at the end but i've been working on that for a long time so i'm always excited to talk about that so uh my philosophy with security and privacy is kind of it's pretty capabilities oriented so there's a lot of companies out there like email providers and vpn providers that like say they don't log and they don't keep customer records beyond what's necessary and you know a lot of them are probably

telling the truth but the fact is is if they're in a position to be able to start keeping that data they probably will or someone who compromises them probably well such as like a court order or anything so i think that as a programmer i can help develop systems that help users keep control of their own data using like heavy cryptography and peer-to-peer networking and things such as that it also applies to censorship so you know when someone posts something like really offensive on like facebook say you know a lot of people will finger point and say that the platform is responsible for that content and they they kind of have a point because it's

kind of like inviting like unsavory people into your house or like people who might not be popular like you know if you associate with those people it's not really like that big of a stretch to say that like you're kind of involved with them um i also i'm really big on free software just as any good new in linux because i think while open source software definitely can be insecure and privacy invasive it's easier to audit that and make sure that and that way you actually know what the software is doing even if you don't look into it yourself other people are going to do that especially if it's popular and then i i truly believe that privacy

is a human right and that's been recognized by the u.n and so uh you might think you have like nothing to hide so but you know political wins can always change and horrible things can happen um and if you're running a company and your customers might need privacy like a big example is like dating apps in countries that aren't friendly to like lgbtq people but you can really put them at risk if you don't properly protect your location and such um and like historically a lot of businesses didn't like you know audit their customers i mean even today you can like walk into a gas station and buy stuff so if we use cryptography and other

protections to protect uh customer data with our dartmouth and what is usually called the dark darknet we just don't have that data on hand in order to be stolen so beginning with concepts the biggest concept that you have to wrap your mind around is metadata which i think people have a decent unders like a basic understanding of it but they don't really understand their ramifications fully as as it applies to personal privacy so in the end encryption like signal and whatsapp and i think even like my message and stuff is uh like pretty widely supported but that doesn't really matter because a lot can be inferred if you're if you have a powerful enough adversary just from who

you talk to and when and where you go where you spend money and things like that and you know the there's a very tight public private relationship between companies so i like to kind of assume that if my data that is probably being sold and probably being shared with the government perhaps even without a warrant and anonymity networks are really all about protecting metadata as well as as well as data of course so and then uh just a really quick crash course on onion routing because it's the by far the most popular method of anonymity networks it's basically just a series of proxies that's all it is but let's change encryption so it's like imagine if you

change a bunch of vpn services together it just has a more intelligent like uh somewhat random picking of nodes to use but that's a really complicated topic beyond the scope of this talk there is a onion routing networks are typically fairly centralized and there's reasons for that because you don't want people to just be able to spin up like a thousand nodes and completely take over the network

and so um the main concept when you're uh working on a noun when you're uh excuse me reviewing or working on an anonymity network is the anonymity set and basically that means that like uh let's say um uh i made a post like slandering some of the organizers of this font like i wouldn't do that but like let's say someone did that and they like what they would just one thing they could do is they could look at the log for everyone to use the wi-fi here and if they know that the post was made over four and there was only one person here using tor uh they probably know who that was because they could just like match it to

the mac address so uh the anonymity set would just be one person here and that's a really hard problem to address uh but you know in some cases is a lot bigger like if you're just doing normal web browsing you're basically set with all the other core users in the world and i think like some some things that exist just in normal routing and like radio uh it applies to anonymity networks like um one thing you no longer really think of is like in a really broad sense just like the general like am radio station that your grandpa would listen to uh it's kind of like in a sense an anonymity network like not really but

you know you can't really identify the listeners of these stations and but no one really like thinks of radio stations like that as anonymity numbers and the same applies to just like general ip like you know if you have like a thousand devices behind that and you know there's definitely ways to trace them but you know it's not just as trivial as looking at the ip that's visiting a web server because you don't know which device behind that ip is actually doing it without doing some additional effort and then uh reverse proxies hide websites as well but we don't think of those as you know uh in one of the networks um development of peer-to-peer networks and

in our entity networks this is a ton of graph theories so it's uh i'm not going to get into it in this talk but if you get involved in these projects you kind of need to know it as well as statistics and then there's everyone's heard of decentralization i think with like things like bitcoin and law providers and such but really we have an additional concept to soda to decentralization which is social decentralization so if you uh like let's say like you know cloud player has like thousands of servers i'm sure but they're all controlled by cochlear more or less so it's not really decentralized in the social sense um anonymity networks tend to be pretty

decentralized in the social sense sometimes there are centralized components for various reasons but yeah it's the reason why they provide more protection than just a so-called no log vpn is because there's not just one entity that can just turn on logging or not and then some networks have a lot of state like bitcoin has a lot of state for examples and like similar blockchains so you can't just like easily use bitcoin without without a reliable strong internet connection and yeah that's like that's really crappy for countries that have either like uh no internet or very poor internet or ubiquitous censorship because they can just block your access to like known nodes in the network and

then like like what are we developing these networks for if we can't help people who are in the worst situations i'm not saying uh networks like uh i'm not saying like cryptocurrencies like have no place i'm just saying like it doesn't really provide the full production that i think people need and then there's a very very tight latency and efficiency in on any networks so vpns are for example are typically low latency if you like especially if you pick one that's close by uh i'd say four and itp which is which is similar to four have pretty medium latency and then there's these things called nail mixers and similar networks that have been mostly in the

past just academic but they tend to be pretty high latency on average but it really just comes out to like chance but i'll get more into those uh and then uh pardon the title on the site but uh yeah so anonymity networks are really hard to develop because uh if if you consider like the the biggest set of users that you could be a part of to anonymize yourself would just be like everybody like imagine like every every uh device is just connected to like a global republic satellite broadcast network that would be insanely inefficient so that makes all internet networks imperfect because they can't just broadcast to everyone all the time so the by far the most popular network

is tor and i've made a consistent table for each network that i talk about and i say i talk about the type of network that it is which is onion routing which i already introduced uh tor is pretty decent with its security like they're in the past there haven't been too many really serious like denomination vulnerabilities uh most of the exploits with it have been related to web browsers and the servers and hidden services used rather than the core network itself but contrary to popular belief is actually kind of a centralized network it relies on i believe nine directory authorities to function so in theory if you could shut down these nine people you could

wreak havoc on the network i mean at minimum shut it down and probably use it to spin up a bunch of spying nodes and anonymize people but those knight authorities are located around the world so it's not so bad it's pretty censorship resistant because it has different ways to mask its traffic but like i said you can always censor those nice people uh and then it has really good user experience i would say like not perfect but it's probably the best out of all the popular networks out there because as you can see you know you've probably used it at least once before but homer browser is just basically firefox just hardened so it's pretty intuitive for

most people to use it's just it's just uh slow and gets blocked a lot um yeah passive analysis gets tore users off though aside from vulnerabilities like if you read the extensive uh documentation that the torah project has they they'll tell you like it's not meant to deter an extremely well-funded like state adversary for a long time for example so if you are going to be using it for long term here that goes up like i don't know like a lot originally i think in the time you'll get compromised and then there's itp which is kind of the sister project before but it's it's a more decentralized project both in the way that it's developed and in the way

that um and the way that it functions because it doesn't have those uh centralized directory authorities although it does still have some what they call reseed nodes which is basically how you get connected to the network uh it's also weak to spying attacks aka simple attacks where people just spin up tons of nodes watch the network and go faster adversaries it's more censorship resistant because it doesn't rely on a hard-coded set of received nodes you can just download the bundle from side channels to get connected to the network yeah i'd say it has like pretty poor ux like it doesn't there's not really they've recently published a browser profile for it but it's harder to set up

if you're not familiar with uh software configuration so i wouldn't really recommend it for people who aren't very technical um oh yeah i forgot to mention um since tor doesn't have a consistent way to run programs on it like a farm or something that leads to people making a lot of configuration mistakes so i think it's another network needs to include kind of either semi-official or official app ecosystem and poor doesn't offer that but i2p kind of does if you get the java itp variant there's several plugins that offer a bunch of different things and you can see like this is the default java icop interface which i think has been a little bit cleaned up but it's

still mostly like this and like as you can see there's like a dozen different bugs and it gets even more complicated if you go deeper into the menus so it's it's uh you pretty much have to be like almost a cis admin to run that knife node properly and then there's prenet which is different than both por and i2 theo pretty substantially because it's actually a distributed data store and in a sense it was a little bit like blockchain before there was blockchain because it's a pretty old project uh it's not as like linked together in the series as blockchain is but it has some nice things in common uh it's it's a higher latency than tor

because it's not really meant for instant downloading of content it's mainly meant for slow and persistent storage of data its security has been pretty questionable so there's actually been a very unreported uh legal case where police actually here in missouri were investigating people just for using prenet and the prenet project has a blog post on this statistical analysis that the police were using and according to them it was pretty questionable uh i don't know in depth enough to really comment on who is correct but it's an interesting legal case nonetheless that and anyone who's interested in that kind of politics look into uh it's very decentralized you can actually just use it just with your

friends and kind of deploy your own friend or friend 3. network and that's hard to set up but it makes it one of the most secure if you use it that way and it has about the same user experience as itp and it has an app ecosystem as well but there's only a few that are actually maintained and i wouldn't really recommend it but it does have good onboarding it helps the user set up their software well because most people aren't going to be able to tell what security options they should use instead of being explained in uh plain english and there's a screenshot of the prenet interface which is actually not the home page but you can see a bunch of

links on the side which linked to different configuration options so it's still not very user very good user experience and then probably one of the most modern ones is zero net which isn't exactly an anonymity network but it does support uh some privacy like it does take privacy into account and support store um i would say it's actually less anonymous than just using towards so because you're just going to be consistently seating these sites so and you would get compromised over time if someone was actually interested in tracking you down uh it would be a lot of effort to take down everyone hosting a site though so that makes it very essential ship resistant and if they added a dht which is

basically a way to use torns in a decentralized manner it would be incredibly decentralized but this last i checked i still haven't added the dht so it just relies on a bunch of trackers as it is farm-based it has a very good app ecosystem so you can actually just visit a webs a itp website in a pretty normal manner and it'll run on your computer dynamically but within your web browser interfacing with the xero net api and so this is a lot of people make very useful dynamic websites like uh music streaming sites video streaming sites and so on but that are completely decentralized and just run kind of in this peer-to-peer cloud it has a very flashy interface

on the side you can see a bunch of sites that have uh i don't know if you can read it but like here's a mail link and a blogging platform a form a bunch of different useful sites and it's had a pretty i don't know it's declined in recent years but it's had a pretty interesting and good community and then around the time of snowden leaks people came up with this project called bit message which is uh a little bit like bitcoin but it doesn't involve a blockchain just uh some similar routing to distribute mail messages and this network has been pretty much exclusively used for mail because that's the only thing they've actually implemented

that i can tell it's not really centralized at all it just has some bootstrap nodes and it doesn't have any trusted nodes so it would be pretty hard to take it down it has a massive user experience fail though because even though everyone stores every message it gets sent you have to be online or someone has to be online for you to send a message to them which is really silly because you would think that they could just connect later on and sync the messages and it uses a gossip protocol which i'm gonna mention again uh lately as soon which basically is what it sounds like it's where it's like imagine like gossip when you're from when you were in school like

a rumor will just spread all around the school well instead imagine that was a mail message it couldn't be tampered with and just everyone shared that around well it's really hard to identify who created a message that way uh breyer is pretty similar um but they use the store so it's more anonymous and it's also pretty much exclusively friend of friends so it's not as useful for messaging people that you don't already know but it's also android and maybe ios exclusive but it has really good user experience you just connect to your friends and you're pretty much good to go you can uh create groups and micro blogging like twitter it's a really killer app so if you were going

to use anything that i talked about today i would recommend breyer but you have to get friends to use it too so it is hard and then there's a secure scuttlebutt which some people may have heard of it's not anything on any network but it does use gossip at the end if i have time before i finish i'll show a quick gossip simulation website that demonstrates how a gossip works because i rely on it for my project and i'll introduce soon and then uh bitcoin and ethereum actually use gossip to exchange their uh to exchange new transactions between those so in a sense they actually have some uh decent anonymous networking built into them but they've

poorly built in protection in the spine of that so uh that has led to a lot of transactions being anonymized so some takeaways there's uh a lot of these numbers typically only use uh one routing scheme which makes them very limited for particular uses and so if you can't use something for everything i mean some people will just kind of ditch it like you can't use tor for gaming for example so that one will terrify their whole network partly for that reason uh there's usually like no integration with normal web which in some ways that's not their fault because of uh walled gardens but yeah they don't really tend to compete with like actual social networks and things that people

use which is kind of ironic in my opinion because like i don't know what what is the internet for except for to exchange information with other and they tend to be pretty large and it's monolithic code bases um you know there's not much to add to that i think everyone here is familiar with how complex software gets um yeah the security issues in there can be really bad they can literally get people killed uh i've actually discovered a lot of bugs in various networks and it's yeah it's not it's in a sorry state with a lot of them torah is actually the best i would say in terms of because it's at the most review

so my project is called onion arm or onion relay but i just call it onion and it's basically briar means bit message so he uses gossip for a lot of things and i've tried to make it have a pretty sleek interface that you can access from any device it's it's definitely a work in progress so you can't really use it too well yet but i've been working on it for several years mostly by myself but i've had some help um it's transport agnostic like briar is so both breyer and bunioner will work over lan or in bluetooth once i actually had that but i've added lan and tour so even if there's no internet like a

natural disaster you can uh still use it and you don't need to expose your ip to use the network it works behind floor by default so it's kind of like layered anonymity it's like a network built on an error in any network um some and in some more detail it has like i have made a consistent binary format for exchanging messages all messages are encrypted which before i was actually thinking about having plain text messages but i decided i had too much like liability for people running the software on the network uh same time for gossip is actually pretty good you would think that sending a message to everybody would be pretty crappy but it's better than just normal

broadcast a lot better it's uh if you know any time complexity from like a basic computer science class the like time complexity for that it's just oh uh a blog end so like if you have a million nodes it doesn't take um much longer than like 100 million nodes to exchange the message and messages can be tampered with as well and then uh i've added some deniability uh i've been experimenting with dummy messages that are just pretty good i'll just contain garbage and that way like you can't just observe someone sending a message from their computer and then correlate that to someone who received the message so there's some deniability there i still need to work on that more though you can

probably break it if you try hard um yeah and you can just kind of you can you don't even have to publish a note onto the network you can just remotely access another node and uh upload stuff forwards or and because of that it's hard to even pedal out all the notes on the network i've tried to keep it very simple so i've like tried to make an elegant api and i've kept the concept of nodes separate from users and separate from the plugins i've actually made a fairly novel ddf which is a very while delay function which is similar to bitcoin's proof of work but it only works in on one cpu core at a

time so you can't like accelerate it with gpus which allows like lower power devices to be more uh more competitive with spammers so you wouldn't really get a lot from expanding the network other than just frustrating some people and wasting your electricity so i think going into the future it should be fairly resistant to spam but i have other ways to tackle that too with uh web of trust solutions which i'm still working on and um by default everything gets synced to every node but you can actually i've added the ability to filter by like types of content so if you're only interested in mail you can pick that for example and ignore everything else

and then i've added the ability for you to establish direct connections with your friends as well which this allows you to create denial of service resistant hidden services that you need permission to even discover so like the address for a service is generated on the fly for each client which creates higher latency for the initial connection but i think the benefits that way is that and then i've created a pretty straightforward onboarding process so you can actually kind of helps you pick your settings based on your threat model and what you want to do and it like sets up consent for how your device should be used in the network and i've used a uh

container and micro service approach which is in opposition to all the other networks i talked about today so it's a bit of a big monolithic code base i have a bunch of small projects that kind of fit together like legos kind of like a lot of uh corporate people use today to deploy their complex services for their customers that makes it a little more complicated for someone to set up but you can always use i'm thinking about making like thin clients that people can just connect to so kind of get the best of both worlds with that and then my future plans um this is a non-exhaustive list but i want to integrate it with

monero and have some more native apps for uh google and have some like a way to install plugins in a sandbox way so like if someone publishes like a little website or program you can just easily install that and not be at too much risk um and i want to solve zuko's triangle which basically means like you can't have a fail like i say like a domain name that's seeming human meaningful as well as decentralized and secure like the idea goes definitely up to but some people have solved that usually with blockchains but i don't know that's pretty hard problem i think it conflicts with some other goals too so we'll see and uh real quick you can see some

screenshots like here's like my mail program it's it doesn't interface with standard email but the like set up with it is pretty similar you just uh add your preference and your address book and then you can mail them and then here's like a message board where that supports both them fully anonymous and pseudonym anonymous posts and um yeah i need people to help me i need like testers i need other programmers i need people to like tell other people who would be interested in helping out with this sort of thing so you can check out the project on github but i'm kind of rewriting a lot of stuff so it's not really live right now but if you want to test it out with

me you can get in touch with me as well and then um yeah so please provide feedback on my talk and conference or anything else

you