 So, you all know Tor, right? It's a really awesome tool for anonymous communication, but sometimes, sadly, it just doesn't work for the use case you have. Maybe you need more bandwidth or something. So this is what this talk will explore. Are there other options in the realm of anonymization networks? So we have Eric here now, a little bit different from what was announced on the schedule, but this is Eric now, and he will give the talk, how Alice and Bob meet if they don't like onions. Please welcome him. Hi, my name is Eric, I welcome you to my talk. I'm from the University of Hamburg, from the Group Security and Privacy, and there we have a long tradition in researching and to anonymization networks, especially John de Nume, where my professor, Professor Friederhardt, has some experience for over, let's say, 15 to 20 years. So let's have a look at the agenda for this talk. First of all, we do some basics about anonymity and strategies to achieve anonymity. We look at different adversaries, and afterwards, we have a look at practical anonymous communication networks, especially at I2P, FreeNet, GNUNet, and John de Nume. But we only for a short period look into current research work and conclude the talk. So what is anonymity? Anonymity is the state that being is not identifiable within a certain set, within a certain group, the anonymity set. We see on the left side Alice, and she is within an anonymity set of SNs who send the traffic towards the ACN, Anonymous Communication Network. So the same is valid for Bob, he is within a set of potential recipients. And therefore, he also can achieve some recipient anonymity. Then there is also the options that both sides of the ACN are anonymous. In this case, we speak of sender recipient anonymity. So and there is also the property of unlinkability, which describes that there are some items of interest, which an attacker is not able to sufficiently distinguish whether these two objects are linked or related to each other. We call this relationship anonymity. If they are the attacker with the red hat, it's not able to distinguish whether the messages which are sent by Alice towards ACN and received by Bob, whether these are related or not. In this case, they can be linked, but there's also the case that they cannot be linked. And like this attacker, he can do some traffic analysis and tries to recognize patterns in the size of the packets, on the timing of the packets, or some aggregated measures like the bandwidth consumption of an entire session, or from the content of the messages. So an important question when we talk about anonymity is who do you trust? And there are different strategies towards anonymity, which try to establish trust. Like for example, there is the strategy of a cover traffic that you send some random traffic to hide your real content within. Quite successful is broadcasting messages that you send your message not to one recipient, but to a lot of recipients, but only the true recipient, let's say Bob, is able to decrypt the message. Then you can also use a trusted third party, what is usually a VPN or a proxy, but it depends on your trust model. If you are fine with trusting your VPN, then you can achieve some sort of anonymity this way. Then later on, we also have a slide for this, like the shuffling and delaying of message, which is done by mix, or mixes, or anonymous remailer. And there are different anonymity systems that try to distribute trust, that you do not have to trust a single entity, but you can trust different parties. They do it by using secure multiparty computation, that is a cryptographic scheme, which is used in the DCNets, the systems for dining cryptography with us. Then cascades of mixes, which are quite typical, we will see that later on. And onion routing and garlic routing, I'm going to show that also on an extra slide. So here we see the basic principle of a one-hop mix. We see that Charlie sends a message towards the mix, and Alice sends two messages towards the mix, and they have a certain order. The order is like, Charlie's message arrives there first, and afterwards Alice blue and Alice orange one. And the mix can have like a threshold that he says, okay, I'm only able to cache three messages. And then he shuffles the messages after the threshold is achieved, and sends them out in a different order and with some latency. So, yeah, and then Taka, who observes here the left and the right side, has some difficulties to link the messages with each other. Then onion routing is explained on this scheme. I think if you are quite familiar with Tor, you might already know it. So you have the sender and the receiver, and Alice sends a message which is encrypted with three layers of encryption. And we see three nodes in the ACN, and the purple or the message is encrypted towards the purple node, and the green node and the blue node. And then while the packet propagates through the ACN, the single layers of encryption are removed by the nodes. So that Bob is also getting the message as expected. So, garlic routing, which is used by I2P is a bit... Yeah, there are some parts in common with onion routing, but there are also quite some stuff different. So first of all, in comparison to the earlier slides, we have a peer-to-peer architecture. That means that Alice, who wants to send a message, can also be used by other nodes, by other peers, to relay messages within the network. So she is actively taking part in the ACN. Then she has an outbound tunnel, which you see with the blue lines. And Bob has an inbound tunnel. So what we see is that these tunnels or channels, they are unidirectional, so messages can only go through in one direction. And special for garlic encryption is that messages can be bundled, similar like a garlic loaf, where you have multiple parts. And so Alice can enter and encrypt her message to Bob, or like multiple messages to Bob, which is afterwards saving some bandwidth. When Bob acknowledged that he received the message, he only has to send it for one time and not multiple times. So the black link there is like a connection between Alice's outbound tunnel and Bob's inbound tunnel gateway. That is like the first node of Bob's inbound tunnel. And this node, actually Alice does not know the real identity or the real address of Bob. She only knows his inbound tunnel gateway, which is the first node of the tunnel. And between these nodes of the tunnel, there's also onion encryption used. So let's have a look at the adversaries. I think maybe you also know them from your computer science class. So there's external adversary who is not taking part in the network. I can only observe the traffic which is going through. Then we have the internal adversary, which is able to gather knowledge from the network, which peers are participating in some encryption keys or whatever he has access to. And he also knows which messages are forwarded this way. So then we have the passive adversary, which is just looking at the things which are passing by. And we have the active adversary, which is able to modify things like he can delete messages, he can modify them or send additional messages. Then we have the local adversary, which is only present in a small part of the network. Or we have the global adversary, which is controlling the entire network. Often we use the global passive observer, which is observing all the traffic which is flowing within the network. Okay, now let's go to the interesting part of the talk. So how did we select the networks which we surveyed? We had a look at what is there. And we noticed that there are a lot of things which are either not implemented or they are not functioning well. Simply, it's not practical to use them. And we noticed that there are four networks, which, except from Tor, there are four networks which are quite easy to use. And they have some active development, which are Jondonium, Freenet, Knunet and I2P. And later on, for the research project, we just thought, okay, what might be interesting that there are actually too many of them and then we just picked some which seem to be interesting to you. So, first of all, let's have a look at I2P. I2P is a low latency, a low latency peer-to-peer network with approximately 70,000 nodes. In comparison to the Tor relays, Tor has around about 7,000 nodes. And I2P, so it's regarding the nodes and every relay or every peer is also like a node in this case. Yeah, it's larger, but Tor in general has more users, a few millions per day. So, I2P does a focus on hidden services. So, it's not intended to use like, a legacy internet, like you are not... There are a few out-proxies, so you can access some normal websites, which like Tageshow or whatever, but actually it's not intended to be used in that way. So, typical I2P applications appear-to-peer applications, which includes like file sharing and bit torrent, web browsing, then email instant messaging, IRC, and file storage. The community of I2P is quite active, and they released during the last years, like every two, every three months, and they are... And you release. So, here we see how Alice and Bob are meeting on I2P. Here, these bars are the nodes of the tunnel, and it's not necessary that they are just three nodes. Actually, everybody, every peer can decide how many nodes he wants to have or she wants to have. So, we see. And the size of the bar shows whether an encryption layer is removed or whether it is added. So, we see that the outbound tunnel removes encryption layers. The inbound tunnel, again, adds them. And we see that for garlic routing, we need like two links. Like every participant needs at least two tunnels, one inbound tunnel and one outbound tunnel for successful communication. Similar to Tor, the lifetime of a tunnel is limited, or both limiting the lifetime to 10 minutes. So, I2P, how does I2P solve the bootstrapping problem? Boots peer-to-peer networks have a problem of how they find out who's already participating in the network. So, I2P and also FreeNet and NUNET, which we will investigate later, they use or they download a public source, which is hard-coded in the software. And there, they download some active or a list of some active peers. And afterwards, yeah, and afterwards they can take part in the network. Then, a special about I2P is that every node collects a local statistic about all the other nodes, which is used later when he wants to build his tunnel or her tunnel, that he can choose to just use the well-performing nodes to establish his tunnel. Then, beside the inbound and outbound tunnel, there are also exploratory tunnels used in I2P, which have the purpose to build, manage and destroy the other tunnels so that this can be done anonymously. And it's being done by sending a tunnel construction request over the exploratory tunnel. And then, if a peer accepts to take part in this tunnel, then symmetric keys are exchanged. And after Alice found the successor of this node, she can send to this node the successor address for the tunnel. So, how does Alice get the contact information of Bob? There are two data structures, especially two data structures in I2P, which is the router info and the lease set. And the router info is information about each peer, where the public key is saved, the identifiers are saved, the contact information, like the inbound tunnel gateway, are saved there. And the lease set is used when you operate a service with an I2P, a hidden service, and then you can publish these inbound tunnel gateways, which are called lease set. And these informations are collected by super peers, or flood-filled peers, as I called in I2P. And this is a distributed hash table, the network database on that DB. So, I2P protects the information which peer operates a certain service. And with some previous knowledge about Bob, let's say, his URL, you can contact him by his lease set, or you know some like his identifier, and then you can request another DB and contact him. So, let's have a look at FreeNet. FreeNet is also a peer-to-peer network. It's smaller, it has around about 10,000 nodes, and it focuses on distributed information storage. So, it's actively developed since 2001, and then there is added optional friend-to-friend topology. So, you can decide whether you only trust your friends, and it's like a whitelist, a whitelist to which peers you want to connect. And typical applications for FreeNet are file storage, static web page, chat, email, social, yeah. So, let's have a look at how Alice and Bob meet there. We see that there are no tunnels, and there's also no onion encryption involved in FreeNet. So, it's like this. Alice asks her neighbor for a certain information, and the neighbor, like she has a key for information she is looking for. And then the neighbor, in this case, does not have the information, and the neighbor asks his next neighbor whether this neighbor has the information, and the neighbor replies, no, I don't have this information. And then, again, the next nodes are asked, and here we see, finally, after we follow all the links, we see that Bob was the only one who replied that he had this information, and with link number 10, he is sending this information towards Alice, and he's not sending this information directly, but he's sending this by the dark red and the green node. And what is special about FreeNet, you might assume that this is rather ineffective, it would be much more effective if you would send it straight to Alice, but by this, also plausible deniability is achieved, that like the dark red node like he also gets the information, and then, for an attacker, it's more difficult to decide where this information comes from and where it has been sent to, since also a lot of other nodes are getting this information, and the anonymity set, like the potential recipients is in this way increased. And this peer-to-peer network does distributed information storage, and if you request information and it was as a reply is successful, then the nodes on the green part, they are caching that information. So when Alice, for the next time, asks, for example, the green node, do we have this information, then this node can already serve this information. And by this method, this information, which is once sent to the FreeNet, it's like censorship resistant cached by the nodes, and like if Bob would be the publisher, he would have no option to delete this message. Afterwards, messages are only deleted, like if they are too old, when they have not been requested for a long time, and so the cache, they are removed from the cache. And each node in the FreeNet provides a few gigabytes, roundabout, to the network to store such information. GNUNET is very similar to FreeNet, but GNUNET, there's also some part, there's a GNUNET foundation, which also intends to develop an alternative network stack, where you also have this hop-by-hop architecture topology. So the primary application of GNUNET is also file storage and file sharing. It's similar to FreeNet, but has an economically inspired trust model. So Relay can decide whether they want to forward a message to one node or to multiple nodes, and there's also the option to trade anonymity versus efficiency. Identical to FreeNet, there's also the friend-to-friend option available, where you only trust the friends you already know. So have a look at how this works. Here we see that Alice is sending a request to the purple node, and the purple node, like this is a pink link, the lower pink link, there are the stats, and she is sending a request to the purple node. The purple node forwards this request to the orange node. And what the purple node did is that he replaced the reply address which Alice sent, Alice sent her own address at the reply address by the address of the purple node. We see that the orange node is not doing this, and then this is why the link is purple. He does not touch the reply address, and so Bob does send the message not to the orange node, but to the purple node. And in this way, we have one node less in this path, and in this way we can trade anonymity versus efficiency. So Jean-Luc, it's another network. It focuses on the Internet, so there are no hidden services available within the Jononume. The Jononume is also known as Java Anon Proxy, or YAP, and it has been researched by the Anon Project. So it's a mixed-based ACN, and the special about the Jononume is the provider model, and there's on the one side a premium service where users have to pay for it. For all the other networks, it's for free, like the usage of those networks is for free, or you can choose also to have free access to Jononume, but there you only have two relays or two hops in a cascade, and for the premium model you would have three. And what is different regarding the provider model is that the operators are known, and they are approved by the company Jononume, and Jononume has 5,000 paying users. So let's have a look at Jononume. Jononume uses a few cascades, and their path is predetermined. So either you use the grey cascade, the green cascade, or the black cascade. And there's no other option to, like by the sender, decide which route he or she wants to take, like it would be possible in I2P and Tor. And Jononume has two services, and the info service, which is providing the user with some performance information about the cascades, how many users are using this cascade, how many bandwidths are still available, and there's the billing service. And what is special about Jononume is that there, the wall you see, and this is like, for example, the Great Firewall of China, that somebody sensors your connection and you are not allowed to connect to Jononume. And you see that they're both blue dice, and there are some black arrows. And the GUI of this Jononume application, you have the option that you allow other users to, that you share your bandwidth with other users in case they are censored. And so now the blue dice with the arrows above is proxying the other user towards the cascade and so that they can avoid that censorship. So because it's quite unique to have a payment service, I have a look at this. So you see that Alice needs to buy some traffic and then this information is provided to the mixed cascade. The mixed cascade checks with the billing service whether Alice had paid. And the billing methods are like an anonymous pay safe card or you can send the cash by mail but also some anonymous forms like bank transfer is possible, which might be not in the interest of somebody who wants to stay really anonymous. And yeah. So let's compare these services or anonymity systems. So we can state that of these practical anonymity systems, including Tor, none of these protect against a global passive observer. But since there's known revelations, we are aware, or at least since there's known revelations, we are aware that secret services cooperate with each other. So at least there's somehow a realistic threat that there exists a global passive observer. So then we saw that each ACN has also some method to resist internal, local, and active adversaries to some extent. And what is special for GNUnet and FreeNet is that they additionally provide their host with plausible deniability in case and that they identified compared to I2P and Tor. And there, if you operate a hidden service and you are identified, then you don't have plausible deniability. So then we can also compare by the use cases. We see that if you want to achieve sender anonymity and legacy internet, you can do this by Tor, John Nuneum, and partially also by I2P. Hidden services can be, if you want to operate a hidden service, you can do this with Tor, I2P, FreeNet, and GNUnet. Then for GNUnet, you have the option that when GNUnet and FreeNet, you can publish information and go offline and never show up in the network again. And the information remains different case like if you operate a hidden service in Tor, I2P, you have to stay online to send those information. Which is also changing the attack surface in this regard. So then anonymous file sharing is possible with I2P, FreeNet, and GNUnet. And partially in Tor, but they usually dislike it. So but for my impression, I got the impression that it's quite a popular application with an I2P, at least. So then let's compare the provider models. There we see the provider models is finally the question, who do you trust? For Tor, you have volunteers who operate a relay. For Jondo Nume, you have a few relay operators which are somehow approved by Jondo Nume. But for I2P, FreeNet, and GNUnet, you have the fact that every peer which is participating in the network is also a provider for the network. So then other properties we might compare is usability, size of the anonymity set, and active community. In this regard, certainly Tor is considerably better than the other alternatives we investigated. So let's have a look at some research work. There is, for example, the Anonix project where they investigate the options of zero effort anonymity, which might be achieved by shuffling of IPv6 addresses. And this assumes that you trust your ISP, the internet service provider, and that he might provide you some anonymity. And then there is also some work going on in improving Jondo Nume. Jondo Nume is at the moment not a real mixed network. So they do not shuffle the messages for latency reasons. So there are ideas to have a real mixed network. Then if we are application-specific and only look at the messages, there is Vuvuzela as a research project which tries to hide those messages and use a lot of noise for this to obscure the metadata. And you see that the messages are sent towards dead drops and later they are retrieved by, for example, Bob when Alice wants to send it. And this approach actually scales quite well with an increase of the number of users. So if you are interested in it, you might have a look at it. And then before today, there was also a talk about Lupix. Lupix has been presented this year. So it's an approach where they use some cover traffic and it's also mixed-net-based. And at least they aim to resist powerful adversaries such as global passive observers. And active attackers. Yeah, but I think that it's not an easy task to achieve. And they have the security goals of a sender, receiver, unlinkability, or a sender and receiver unlinkable by a third party, sender, online observability. So nobody can identify whether the sender is online or offline and receiver unobservability. So my conclusion is that Tor is good, but there are certainly other options which you might want to explore. Then there is no practical anonymity system out there which actually resists a global passive observer. And if we want to achieve anonymity, this will not be possible without security. So I think it's very much appreciated if you go ahead and test these system, report bugs, and send patches to improve them. And your participation in these networks does not only improve your personal privacy, but you will increase the anonymity set and in this regard also improve the privacy of others. So thank you. Thank you for this talk. So we have a good amount of time left for questions so you can come to the microphones if you have one. So yeah, I see someone on microphone four so I can ask you a question. Thanks for your talk. I've got one question regarding GNUnet and FreeNet. Yeah? As far as I understood it, it's quite similar to IPFS in the respect that it's giving some unsensorial data which can be retrieved through the network. And as far as I understood IPFS, that is achieved with a blockchain algorithm. How is it achieved in the caching part in the other two networks? Yeah. OK, we have a successful request. Like the request is forwarded. And finally the link number nine, the neighbor sent this request towards Bob and Bob has this information. And afterwards this information is stored by the nodes on the green line, on the green path. So that's the dark red node and the green node saving these informations. Does that answer your question? Not really. Is it cached for eternity? Is it cached with a blockchain algorithm or is it cached for a certain time? And you said the provider of the information can go offline and the information will still be there. So is it time-related? And the limit of the cache? Like when the cache is full, then he deletes those messages, which are the oldest. Like I have not been requested for a long time. Sorry, can you please, if you live in your own room, be a bit more quiet so everybody who wants to focus can still focus on the questions. Yes. Is that question answered? Then I would ask the signal angel if there is anything from the internet. Yes, there is. Would you prefer I2P over Tor for a hidden service if latency was not a problem? And then that is difficult, like different security assumptions. And it's difficult to decide which system is more secure than the other. Certainly, Tor is more actively developed and more actively researched and more actively tested. So this might be something which indicates that it's reasonable to decide to use Tor. But maybe it also depends on the specific service which should be operated. But yeah. OK, so there are two people on microphone one. So here we go. Of the solutions you presented, how well do they scale? Or more specifically, would it be feasible to run all internet traffic on top of Tor hidden services or I2P? And would that actually make the internet a better place? And then we can have a look at the provider model. I would say that Tor requires volunteers to run the relay to pay for the traffic. And this does not scale as well as if every peer which is joining the network is also relaying traffic. It depends whether Tor can grow as fast as to scale that well. Yeah, I2P-FreeNet or GNUNET-May. All right, we have microphone three, I think, over there. I was wondering, from what I understand, FreeNet and GNUNET acts like some kind of distributed store. And so senders are protected by the cache. Is there any way of having some kind of dynamic content in these kind of networks? Or do you know something which kind of mixes both? Dynamic contact is difficult. And there is a reason to go to I2P or Tor for these hidden services, like you have static content. But there are some static websites, like the free sites, how they are called in FreeNet. Maybe this can fulfill this purpose, but not real dynamic content. OK, I see. One more microphone, one. Thank you. I think you mentioned that all networks are vulnerable to global passive observer. Can you explain a bit more about this type of vulnerability or this type of attack? Yeah. Hmm, let's see. Actually, if we can observe all links in the network, if we observe all links in the network, then we know exactly which network sent and which nodes sent the traffic to the others. And if we observe this over a long time, then we can drastically reduce anonymity set, because we see that maybe Alice is sending the message to the first node, and the first node is maybe sending some messages to two, three nodes. And the next node is also sending the messages to two, three nodes. But over a long period, we can pretty well correlate these traffics. Is it practical now? What do you think? Practical? For global passive observer? Yeah. I don't know about the capabilities, but for John De Nume, where you have very few relays, let's say they have 20 relays or something like this. Even if they are in different jurisdictions, it's actually able for secret service to observe exactly the traffic of 20 relays. So it's certainly more difficult if you have 70 nodes, 70,000 nodes, but for some networks, it seems reasonable. OK, the signal angel again, please. Rafi wants to know whether you have looked into the rifle anonymity network by Knoff at Ali, which is currently still in research project as far as he knows. Did you get the question? Because I couldn't hear it well. Can you read it again, please? Yes, sorry. Rafi wants to know whether you have looked into the rifle anonymity network by Knoff at Ali. Yeah, we looked into it and Knoff, a rifle, is a different approach where they use DC nets, dining cryptography, cryptography nets. And actually, because they use secure multi-party computation, they can resist an attacker if only one member of the relay, if only one relay is trustworthy, then they can provide the anonymity. So yeah, this is also certainly interesting. And they also have another approach which is called verified shuffle, where you also can prove that a shuffle really or that a mix shuffled the order of the method. OK, then we have microphone one. Hi, thanks for your talk. As part of the research, did you look at the resiliency to censorship? I mean, in many places, many enterprises using these tools is considered security risk. So did you give any attention to that as part of the survey? Which one of them is more resilient or not? Yeah, OK. We can have a look at it, like peer-to-peer networks. I would say that they are very resilient. And then, because there are so many different IPs in different peers which you connected that it's difficult for the sensor to censor all those addresses. And for the sensor, it might even be difficult to receive the information which peers are actually involved in this peer-to-peer network. So there's not a list of all peers connecting or which are involved there. For TOR, there is information of the relays. But there's also, like the list of relays is public. But there are also some secret, some secret, they call it bridges, where you can achieve the access to the network. So there is also, then for John De Nume, we looked at it, like there another user is proxying that information to achieve censorship resistance. Yeah, and. Thanks. So microphone for please. Did you look at the encryption algorithm of all this network use and what's your analysis, please? No, we didn't look at all the details. So yeah, but we looked like some use onion encryption or onion style encryption. Others only encrypt from hop to hop. So yeah, but we didn't look into specific encryption ciphers or something like that. I see the internet has another question. Yes, Welp is interested in what you think about research in the field of onion routing of a web RTC in terms of accessibility and possible spread. He finds it quite interesting. I think we need some clarification. Can you please repeat the question? Yes. It's about the research in the field of onion routing over web RTC. Because the questioner asks things that this field is in terms of accessibility and possible spread quite an interesting approach. Actually, I didn't look into it. But I understand it like web RTC. So that it's done within the browser? Or yeah, but actually, no, I cannot answer that question. OK, then microphone three. Hello, you. My question is about you said that they all like they cannot defend themselves against a global passive provider. But how do they scale the probability that you can be found with a number of contaminated nodes? Like for which of those networks that what is the max number of nodes that can be contaminated with you, probably being like with you being 50% secure or something along those lines? OK, let's try it that way. Well, OK, usually, if you have this setup that the entry node and the exit node, like if you know that there are three nodes within the route or within the path, and you know that the entry node and the exit nodes, which you are using are malicious and they are cooperating with each other, then it's very, very difficult to have a traffic pattern which does not identify you. And this would be like valid for Tor and John Lounu. So for the peer-to-peer networks, it depends on your neighbors. Like if I2P has 70,000 nodes, but your neighbors are not malicious, so they still protect you. And I2P, since the length of the tunnel is also not fixed, well, not specifically known. And each peer can decide how long his tunnel should be. And then there it's quite difficult for an attacker to know that this attacker is an entry point and that besides him is the real entity, like besides him is Alice. For an entry node, yeah, it's more dangerous because he knows that beside him is like the real person. OK, last person, I think. Is that Michael from one? You talked about plausible deniability of Knunet and Freenet. Can you say what you can deny and what not? For example, can you say that I'm part of the network or something? Like usually you can deny and then OK, in this case. And attacker does not know whether you are the last hop and whether you really receive this information or whether there's an hop afterwards. So if you send this information to somebody, then he can deny. No, I only propagated or transmitted this information to somebody else. And this is quite plausible. So and if you have the information, then actually, here I would say that the green node does not know whether this information was hosted by the red node or the blue node. So just knows OK, and this information was somewhere over there in the network and is now coming to me. Then another thing, which I didn't mention, that you store the information as a peer. And the information you store is encrypted and you actually do not know what is inside these files. So you are storing information, but you can deny that you know that it is a specific information. So this is also something which you can plausibly deny. OK, I don't see any more questions. Do you have another one or? I have another question. You said none of these networks provide protection against a global passive observer or I2P, I think. If you have a service like I2P Boat, where is no connection, do you know any attack against that because it says it can provide a protection against such attacks? OK, I2P Boat is like the email application. OK, for emails, it might be easier to provide this because sometimes you only send a single message and then it can be possible. But if you have a hidden service in I2P and you are able to request some information from it and sending the information to you, then you can correlate this information. But for a single message, it's sometimes more difficult. Thank you. OK, I think we have answered all the questions. I don't see any more and that also fits well with time. So thank you again for your talk. Yeah, thank you.