[tahoe-lafs-trac-stream] [Tahoe-LAFS] #1010: anonymous client mode
Tahoe-LAFS
trac at tahoe-lafs.org
Tue Sep 8 19:15:32 UTC 2015
#1010: anonymous client mode
-------------------------+-------------------------------------------------
Reporter: duck | Owner: warner
Type: | Status: new
enhancement | Milestone: soon
Priority: minor | Version: 1.6.1
Component: code- | Keywords: privacy anonymity docs anti-
network | censorship forward-compatibility i2p-collab i2p
Resolution: | tor-protocol
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by warner):
In today's meeting, while sketching out the tor-socks-proxy syntax
(ticket:517#comment:34), we talked briefly about how the Accounting
"client ID" would interact with anonymity. In particular, without other
changes, Accounting-enabled Tahoe clients will use the same !ed25519 key
for all connections. There are (at least) three things that might be
linkable, and using Tor/I2P will only remove one of them:
* client IP address
* accounting client-id
* which shares are being accessed
We could change the accounting system to provide a way to use random
client-ids (or none at all), but then storage servers can't enforce any of
their Accounting things. And even with that, clients who always start at
the same rootcap will be linkable by the storage server observing repeated
accesses to the same storage index.
The upshot is that now I'm wondering if a tahoe.cfg flag named `anonymous`
might be better spelled `psuedonymous`, or `ip-anonymous`, or `network-
anonymous`, or something that makes a slightly weaker claim. ''Or'',
should we say that `anonymous=true` also requires that you've added some
other (as-yet undefined) tahoe.cfg flag which disables Accounting client-
ids?
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1010#comment:54>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list