Anonymity - easy concept, hard to implement

This is probably going to be the first part of a multiple part series on this topic. I'm kinda tired right now so I will keep it short (or try to) but once again I wanted to make sure I posted today.

I have been reading some of the key papers on anonymous system for a couple of reasons:

- Most of the require some understanding of P2P

- Most of them require some understand of cryptography

- They require some basic understanding of probability

- There are many real systems to try (Tor, FreeNet, GnuNet, I2P, just to name a few and I've tried them all)

- It's becoming a hot topic in politics because of govt firewalls and Wikileaks

The idea behind anonymity is basically to hide either a sender and/or receiver's traffic from an outside observer. The basic way of doing this is through indirection and encryption. With this combination, an observer does not really know what your IP packet contained and where it's going to end up.

Here is a more concrete explanation, I want to ask a girl for her phone number at the club but I'm too shy. So I go to my friend's ear and I say, can you tell this girl that one of your friends like her and would like to have her number. If she was not paying attention before hand, when my friend delivers the message, she has no clue who it was. If my friend came to the club with 10 friends including myself, there is a 1 out of 10 chances that it came from me but she does not know that. This model can be extended to 2-hop friends, basically instead of delivering the message to the girl directly, my friend could deliver the message to one of her friends, and one of her friends delivers that message. So the more indirection would decrease the probability that it came from me.

So concept is simple, use encryption and indirection to make it hard to guess the originator. The hard part is making sure that the girl was not paying attention of the chain of event that lead to her receiving that message. If noone else was talking to each other, it would be easy for her to see me talk to one friend, then my friend to her friend, then her friend talk to her. So most of the work goes in guarding against passive logging attacks. Basically, many different tactics are need to guard against traffic analysis and timing attacks, and predecessor attacks. The main issue is that most things have patterns and a lot of work has to be done to randomize or make everything look the same so that people cannot correlate specific events. That's it for now, I will talk about some of these attacks at another time. I should reread this post to make sure that it makes sense, but like I said, re-reading is for suckas and I only do it when I write papers/emails/instant messages/(well just about everything else) so I'm revolting against re-reading in my blog. BooooooooooooooooooooMMMMMMMM.