

Anomos: Censhorship-resistant, Anonymous BitTorrent (Made by a HN'er) - mis
http://anomos.info/wp/2009/06/04/presenting-anomos/

======
evgen
Making a quick glance a the source code, it seems that this is basically
fusing a simple mix-network into a torrent swarm. The clients have basic
anonymity from each other (at the cost of a significant bandwidth cost due to
the relaying) and the tracker acts as an oracle to hand out paths through the
mix network so that peers can exchange blocks.

Here are some basic problems that come to mind:

* The tracker is a SPOF and making its role in the whole operation a distributed one at some future point will be _very_ difficult. If I want to "censor" this system I just DDoS the tracker and suddenly peers can't find each other.

* The tracker is using a simple weighted graph using Dijkstra for the shortest path from A to B. This is good for the swarm resources, but bad for attack resistence. If I want to probe the network and figure out who is who then I start taking out nodes I have connected to and see how the graph re-balances itself to adjust to this disruption. Instead of making the minimum path length a fixed number it should at least include a bit of randomness in the path length to increase the time it will take an attacker to completely map out the network in this fashion.

* The pipes are still not fixed bandwidth and always full. There is no cover traffic here, so in addition to the node by node mapping probe described previously a sufficiently powerful adversary can still black-box large chunks of the network and trivially match up the flows among nodes. Since the relaying has no delay at all this task is made significantly easier. When it comes to anonymity protocols you can trade bandwidth for security (full pipes with a chaffing/winnowing approach to pick real messages out of the cover traffic) or you can trade time for security (packet delay and re-ordering at relay nodes makes large-scale analysis harder), but you have to at least pick one.

Cute, but definitely not secure from TLAs, large network providers, or quite
probably from a determined amateur with access to several widely dispersed
boxes.

Now here is the real irony in all this: BitTorrent was a stripped down version
of MojoNation that eliminated the centralized bandwidth accounting, crypto,
peer chunk relaying, and persistence all in the name of moving bits quickly.
Over the past six years everything but the persistence has slowly been layered
back on through different efforts...

~~~
mis
Hello, evgen!

Thanks for showing interest in our project, this is exactly the type of
feedback we're after!

Your first and third criticisms are very valid.

The first one can hopefully be mitigated by more groups running open trackers,
so that there are more places to DDoS.

As for the second, having a central hub actually gives us a lot of room to
control the network structure. The path lengths are _not_ intended to be fixed
by any means. However, we wanted to get the bare minimum amount of features in
place quickly so we could tie our first beta release in with the 20th
anniversary of Tienanmen. With the central tracker, we can control the amount
of connections per ip, run blockslists and reshape the network periodically as
we see fit.

As for the third point, I don't have an answer for you yet. We're still
experimenting to minimize tradeoffs in performance.

