anonymity loves company usability and the network effect
play

Anonymity Loves Company: Usability and the network effect Roger - PowerPoint PPT Presentation

Jan 28, 2023 •427 likes •684 views

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The Free Haven Project 1 Overview We design and deploy anonymity systems. Version 1: You guys are studying this in academia, and we're

  1. Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The Free Haven Project 1

  2. Overview ● We design and deploy anonymity systems. ● Version 1: “You guys are studying this in academia, and we're building them. Please study us.” ● Version 2: “Economics of anonymity are still not considered by (many) researchers.” ● Version 3: “If you're thinking of building an anonymity system...” 2

  3. Rump session follow-up. ● Yes, usability is an excellent idea. We're working towards that. ● But we're curious about the effects on security as we make progress on usability. ● (Our notion of usability is very broad – e.g. anything that grows the user base.) 3

  4. Security is a collaboration ● Suppose two encryption programs: – HeavyCrypto is hard to use properly, but more secure if you do. – LightCrypto is easier to use, but can't provide as much security. ● Which should you ask your friends to use to send encrypted mail to you? What if you use both ? ● Security is a collaboration between sender and receiver. 4

  5. Security affects usability ● There are many other cases where usability impacts security (badly labeled off switches, false sense of security, inconvenient security, bad mental models, ...) ● But let's talk about anonymity systems: many people aggregate their traffic to gain security. So now we're talking more than two participants. 5

  6. Formally: anonymity means indistinguishability within an “anonymity set” Alice1 Alice2 Alice3 Bob Alice4 Alice5 .... Attacker can't tell which Alice Alice6 Alice7 is talking to Bob Alice8 6

  7. We have to make some assumptions about what the attacker can do. Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! Etc, etc. 7

  8. Anonymity serves different interests for different user groups. Governments Businesses Anonymity “It's privacy!” Private citizens 8

  9. Anonymity serves different interests for different user groups. Governments Businesses “It's network security!” Anonymity “It's privacy!” Private citizens 9

  10. Anonymity serves different interests for different user groups. Governments Businesses “It's traffic-analysis “It's network security!” resistance!” Anonymity “It's privacy!” Private citizens 10

  11. The simplest designs use a single relay to hide connections. Bob1 Alice1 Bob3,“X” “Y” Relay Alice2 Bob2 “Z” Bob1, “Y” “X” ” Z “ , 2 b o B Bob3 Alice3 (ex: some commercial proxy providers) 11

  12. So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R3 R5 R4 R2 12

  13. But users need to be behave similarly. ● If two users behave entirely differently, they don't provide cover for each other. ● Some partitioning can be avoided by constructing a better anonymity system (see next workshop). ● But some is inevitable: using different protocols, speaking different languages, etc. ● #1: Users need to consider how usable others will find the system, to benefit from a larger anonymity set. 13

  14. But what about users with different security goals? ● Some designs are high-latency, others low- latency. Protect against different threat models. ● So which should you use if you're flexible? ● High-latency: against strong attackers we're in better shape. ● But if few others choose high-latency, we're weak against both strong and weak attackers! ● #2: Choosing the system with the strongest security model may not get you the best security. 14

  15. Options can hurt anonymity. ● Options hurt security: users are often not the best people to make security decisions; and non- default configurations don't get tested enough. ● They're even worse for anonymity, since they can splinter the anonymity set. E.g. Type I remailer padding settings. ● #3: Designers must set security parameters. 15

  16. The default is safer than you think. ● Even when users' needs genuinely vary, adding options is not necessarily smart. ● In practice, the default will be used by most people, so those who need security should use the default even when it would not otherwise be their best choice . ● #4: Design as though the default is the only option. 16

  17. Convenience vs. Security ● How should Mixminion handle MIME-encoded data? Hard to normalize all possible inputs. Demand that everybody use one mailer? ● Tor path selection: some users want quick paths (one hop), whereas two or three hops seems smarter. ● #5: If you don't support what users want, they'll do it anyway -- insecurely. 17

  18. Deployment matters too. ● Example: Since Tor is a SOCKS proxy, you need to configure your applications to point to it. ● This is not intuitive for novice users. ● A larger user base doesn't help security-conscious users unless they can configure things right. ● Need to bundle with support tools that configure everything automatically. ● #6: The anonymity questions don't end with designing the protocol. AKA, “ZKS was right.” 18

  19. 19

  20. Users want to know what level of security they're getting. ● JAP uses its anonym-o-meter. This is a great idea, but we don't think it's a good metric for low-latency systems. ● Tor doesn't really give users a metric. We don't know what they use. ● #7: Give users a security metric, or they'll infer it from something else. 20

  21. Bootstrapping ● Most security systems start with high-needs users (early adopters). ● But in anonymity systems, the high-needs users will wait until there's a user base. ● Low-needs users can break the deadlock. ● #8: If you start your system emphasizing security rather than usability, you will never get off the ground. 21

  22. Perception and Confidence ● Our analysis so far relies on users' accurate perceptions of present and future anonymity set size. ● #9: Expectations themselves can produce trends: the metric is not just usability, but perceived usability. ● So marketing can improve security?? ● (This is made messier because there aren't good technical metrics to guess the number of users.) 22

  23. Reputability: the perception of social value based on current users. ● The more cancer survivors on Tor, the better for the human rights activists. The more script kiddies, the worse for the normal users. ● Reputability impacts growth/sustainability of the network. It also dictates how many strong attackers are attracted. ● #10: Reputability affects anonymity, and a network's reputation can be established early. 23

  24. Anonymity's network effect vs. other network effects. ● Say I have a ham radio and a telephone. I lose nothing other than my investment in the ham radio. Same with VHS and Beta. ● Whereas if I participate in a secure and an insecure anonymity network, even if I make all my decisions well, I still am worse off. ● People use number of customers as a signal -- "But if more customers actually improve the quality of the burger..." 24

  25. Conclusions ● Bad loop: unusability means insecurity. ● Good loop: usability means security. ● We can't just wait to build the most usable and most secure system: people are going to take their actions anyway, on less safe systems. 25

Recommend

Why Johnny Cant Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity

Why Johnny Cant Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity

Why Johnny Cant Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems Greg Norcie Jim Blythe Kelly Caine L Jean Camp February 23 rd , 2014, NDSS Workshop on Usable Security Outline Tor o What is Tor? o What

437 views • 30 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
The effect of DNS on Tors anonymity Benjamin Greschbach KTH Royal Institute of Technology

The effect of DNS on Tors anonymity Benjamin Greschbach KTH Royal Institute of Technology

The effect of DNS on Tors anonymity Benjamin Greschbach KTH Royal Institute of Technology Tobias Pulls Karlstad University Laura M. Roberts Princeton University Philipp Winter Princeton University Nick Feamster Princeton University

708 views • 28 slides
The Effect of DNS on Tors Anonymity Benjamin Greschbach KTH Royal Institute of Technology

The Effect of DNS on Tors Anonymity Benjamin Greschbach KTH Royal Institute of Technology

The Effect of DNS on Tors Anonymity Benjamin Greschbach KTH Royal Institute of Technology Tobias Pulls Karlstad University Laura M. Roberts Princeton University Philipp Winter Princeton University Nick Feamster Princeton University 1

438 views • 42 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) , Daniele E. Asoni , Adrian Perrig (ETH Zrich) , David Barrera (Polytechnique Montreal) , George Danezis (UCL) , Carmela Troncoso (EPFL)

1.98k views • 131 slides
Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Myths about usability testing Copies of Slides U X Day Graz 2013 F ive use rs will find 85% o f the usability pro ble ms Rolf Molich - and o the r myths abo ut DialogDesign usability te sting Do gma 1 Deliverables from

659 views • 18 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

692 views • 58 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Privacy-preserving monitoring of an anonymity network Iain R. Learmonth 3rd February 2019 Tor

Privacy-preserving monitoring of an anonymity network Iain R. Learmonth 3rd February 2019 Tor

Privacy-preserving monitoring of an anonymity network Iain R. Learmonth 3rd February 2019 Tor Project whoami Iain R. Learmonth irl@torproject.org @irl@57n.org Tor Metrics Team Member Background in Internet Measurement Contributing to Tor

612 views • 35 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality of the users experience when interacting with a product or system How usable is the interface? Usability Measures Ease of learning

912 views • 24 slides
USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU

USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU

USABILITY INTRODUCTION USABILITY AND USER INTERFACE DESIGN TO BE PREPARED FOR THIS CLASS YOU WILL HAVE WORKED THROUGH THE LYNDA.COM UX-1 SECTION. FOR THIS CLASS USABILITY WHAT is Usability? WHY is Usability important? USER

611 views • 21 slides
Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington

Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington

CSE 190 M: Web Design and Usability Page 1 Web Design and Usability CSE 190 M (Web Programming) Spring 2007 University of Washington References: J. Nielsen's Designing Web Usability (2) What is usability? usability: the effectiveness with

187 views • 6 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Usability and Eye Tracking Marco Pretorius Usability Manager & Researcher UNISA: School of

Usability and Eye Tracking Marco Pretorius Usability Manager & Researcher UNISA: School of

Usability and Eye Tracking Marco Pretorius Usability Manager & Researcher UNISA: School of Computing Agenda Introduction What is usability? User-centered design Eye tracking Benefits and ROI UNISA usability

931 views • 60 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides

More recommend