Delivery-Date: Fri, 30 Jan 2015 22:42:47 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8AA0B1E0B2D
	for <archiver@seul.org>; Fri, 30 Jan 2015 22:42:25 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 19A7D32F16;
	Sat, 31 Jan 2015 03:42:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 364EF32AA9
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 03:42:17 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id c8gNIzFb34vw for <tor-talk@lists.torproject.org>;
 Sat, 31 Jan 2015 03:42:17 +0000 (UTC)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil
 [IPv6:2001:480:20:118:118::211])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id F13F632A31
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 03:42:16 +0000 (UTC)
Received: from vpn212046.nrl.navy.mil (vpn212046.nrl.navy.mil [132.250.212.46])
 by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id t0V3gBoI031610
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 22:42:12 -0500
Date: Fri, 30 Jan 2015 22:42:12 -0500
From: Paul Syverson <paul.syverson@nrl.navy.mil>
To: tor-talk@lists.torproject.org
Message-ID: <20150131034212.GA706@vpn212046.nrl.navy.mil>
References: <54CB577A.9000100@riseup.net> <54CB59D5.5040300@riseup.net>
 <54CB5D63.5000108@techwang.com> <54CB689A.3010402@riseup.net>
 <op.xtahyknnbgbjo9@work-pc.lan> <54CC27AE.5060805@riseup.net>
 <CAD2Ti2-32qPOMg+rGnQ=ph23UN08CN0ojsX5bDOzYBhCs-nbiw@mail.gmail.com>
 <54CC3AC2.9080907@riseup.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <54CC3AC2.9080907@riseup.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Subject: Re: [tor-talk] Tor -> VPN Clarification
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Jan 30, 2015 at 07:15:30PM -0700, Mirimir wrote:
> On 01/30/2015 06:48 PM, grarpamp wrote:
> > On Fri, Jan 30, 2015 at 7:54 PM, Mirimir <mirimir@riseup.net> wrote:
> >> JonDoNym / JAP
> > 
> > I'm seeing references to this tool pop up recently in various
> > places. Keep in mind the controversie from years ago
> > and read the label on the tin carefully. That's not to say
> > it's not fit for use once you understand its fitness.
> > https://en.wikipedia.org/wiki/Java_Anon_Proxy
> 
> That is a concern. And although they've arguably addressed it through
> diversification in multiple jurisdictions, they're upfront about
> focusing on business-class pseudonymity.
> 
> In anonymity space, they are far closer to VPNs than to Tor, I think.
> Also, their mixes are fixed. So as with VPNs, there's a one-to-one
> mapping of entry and exit IPs. Furthermore, their userbase is much
> smaller than for Tor and popular VPN services.

That's right. They are using mixes not onion routers. It's a different
architecture with a different threat model. Tor's security is largely
based on having a large and diverse enough set of entry and exit
points to the network that it is hard for a practical advesary to
watch (and possibly disrupt to create a timing signal) both ends of a
connection at once. An adversary that can do so however is assumed to
be able to correlate source and destination. JAP's security is based
on the mix concept, wherein the adversary is assumed able to see both
sides of a connection (which would break anonymity for Tor), but the
timing properties of connections are such that it is difficult to say
which of the concurrent connections on the client side of the mix
correlates with which connection on the destination side.  Creating a
fixed path of mixes (known as a mix cascade) run by different
operators means that there is not a single mix that knows that
correlation. JAP, unlike Tor, is meant to remain secure even if an
adversary can see connections on both sides. To be successful at this
a low-latency cascade like JAP must maintain a constant (or adequately
large) anonymity set of the same persistent clients concurrently and
must use padding and other techniques to prevent natural or induced
patterns from giving away the correlation.

aloha,
Paul
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

