 Welcome everybody to the Chaos West stage. This is a self-organized session for you people with your ideas which were not able to be presented in the big halls. The first man up on the line is a very good friend, Lings, who was partying a lot last night and that's why we started late. Please have a applause for Lings. Thank you, thank you very much. We're talking about three and a half ways to enhance metadata protection. I've added a half in the meantime while doing the slides and it's not terribly scientific but it's not terribly low level either. I realized there is kind of something in between that people are not totally aware of the possibilities regarding metadata protection. They just use Tor and Tor doesn't always do the job. Why is it even important? Well metadata protection is the only thing that we have that protects a kind of freedom of association on a digital level and that actually has implications on our ability to exercise democracy. So it's not something that a few interested people should be caring about. It should actually be a fundamental function of the Internet for the entire society so that democracy remains or becomes useful again. But let's skip all the politics for today. That is what we'll get back to politics later on other days and talk about the technical details. So both Tor and I2P are oriented on low latency applications. I2P a little less actually, not necessarily, but especially because we always want to get on some website on the web and trying to access the web is the problem itself. Because the web is architected in a way that even if it is providing static data with text that has been lying around for years maybe, it is artificially creating an urgency to be real-time connected to the web server and get all those images and all those inline elements and get all that. And that makes it super ideal for fingerprinting who is looking at something. If you're accessing the Facebook timeline dashboard something, if you're logging into Facebook, the combination of pictures and texts that you're going to be presented is probably unique enough to recognize, fingerprint you and recognize you when the data arrives on your web browser. So we want to have some options how to address that. And one thing that the Tor community occasionally talks about is how can we have a constant bandwidth between the Tor nodes. It's a terrible because it consumes a lot of bandwidth and what are we going to do? We're going to throw it all away and just consume bandwidth because if you make a constant transfer to the entry node, if you have a constant transfer of data then it gets less easy to de-anonymize you. In fact it is already possible in the way you use Tor. If you use Tor with always the same entry guard, just one entry node, which is the default anyway, and it has been tested and proven. There's a paper presentation that I didn't mention here. I think it's linked on our web page that showed that if you're using Tor for several purposes at the same time, like downloading YouTube streams, videos from YouTube or something, then it is much harder to correlate anything you do over Tor at the same time. So it makes sense to design an anonymization system that constantly and intentionally does this kind of protection to have covered traffic by including all the other applications that use the internet for into the same stack, into the same platform. We should not be having different platforms for different purposes, like for file systems we have IPFS, for routing we have CJDNS, for anonymity we have Tor and then we go to Macedon. What? Why? So we should actually have something more integrated that gets all the applications into one new stack that helps protect the metadata. So streaming, social networking, file sharing, things that should all be integrated so that they protect all the load latency communications. Another thing is making dedicated applications. So when you're writing a dedicated application for a networking platform then you can pass entire packets, entire messages in one go and the network can optimize to send the entire message and the network can protect you from the message getting fingerprinted like separated into pieces. That's the problem with a POSIX socket interface. If there's a space between the entry or the exit from the anonymization network and the place where the data is sent and generated that is where traffic shaping attacks are possible and that is exactly what we do all the time when we visit the regular web. We leave a Tor exit node and we go to a web server and from the web server we get a material and it is being sent to us on a best effort delivery along a socket and the problem is that attackers in between can repackage the transmissions in smaller packets and shape them in a way that they are unique and if this shape can then be recognized at the receiving end where you are then you can be the anonymized. That is the major weakness in the Tor architecture. Okay as long as you have your Tor router on your own host on your own computer that is pretty hard because they can only shape the packages as they go in and then it gets harder to find where they come out. Should you have any distance to your own Tor router then it makes you attackable this way and the strategically better way to go is if Tor or if an anonymization networks weren't just offering a SOX 5 or a POSIX socket kind of interface but if they allow to do real applications that intentionally send message as a whole as a whole thing and it cannot be split apart anywhere so that can be a way to deal with it. That's why in the GNUNET stack we tend to rewrite all kinds of applications and make them native GNUNET applications. We're from the SICU share. We're trying to do a social networking platform and interface and everything on top of GNUNET and we intentionally use GNUNET protocols so they don't they're not susceptible to shaping. Thank you thank you thank you So good news about this congress is we're going to have two main talks on the topic of mixed networks so I won't go much into depth about it. I won't even explain what they do because you're going to find out. They have the limitation that they introduce very high latency so they make sense for emailing. They might even make sense in a reduced scale for chat and social networking so we are very happy that we're going to include some mixed network technology into GNUNET and into SICU share but there are many applications where it's not exactly practical and for some cases it is extremely useful if the flow of the packets isn't actually always going the same way like in Tor it follows a certain onion route or if you're going straight in the internet it usually goes straight from A to B. It is practical if the same route if the same connection from A to B is sometimes being sent over different routes because that's the best way to protect against phoneme detection in encrypted audio streams. So if you want your phone call to say private it's not enough to encrypt it and it's not enough to onion route it. There are papers that have found out how to recognize the language being spoken over an encrypted stream, the person who is speaking and to recognize and to make guesses at what is being said. So that's not very nice and so the only long-term solution to protect telephony and conversation audio video conversation is to introduce non-deterministic routing like casually it happens that GNUNET does that or at least we're working in that direction but yeah essentially CADET kind of does that. It doesn't do it on purpose enough yet so that's maybe we have to make it more on purpose that it that it's unpredictable where the packets are going and so an attacker cannot put them back together and apply those phoneme detection algorithms. So we have actually a choice of tools to protect anonymity to protect metadata and to protect content and in order to achieve certain goals we can actually sometimes for reasons of practicality leave something out. So on a mobile phone maybe we don't want to do cover traffic all the time but as long as we're doing framing and onion routing and mix nets that's pretty good or in another situation we may may want to do real-time telephony so it's not good to do mix nets because it would be very slow it's even maybe not good to do onion routing but it's enough if we do some unpredictable routing if the telephony is well framed and if we have some cover traffic on top. So with a tool set like that we can configure our situations our devices our applications to use different strategies the way it's best suited and achieve the the least worst or least the best possible kind of protection in a certain situation. So it is healthy and a good idea to have a Swiss army's knife of of an anonymization technology that is capable of all of that and then your application or even you as a user can choose which one to use but yeah of course for most users it means it should be automatic it should be made by with an intelligent choice depending on the applications and the situation and we can automate it this and we can make it available for the general public to have a reasonable metadata protection um in whichever situation they are so this is the story I wanted to tell just one note um a summary of this uh or actually I'm actually I love the many clapping here um and a more elaborate version of this talk is available on the SecureShare website at the page Anonymity so I'm essentially repeating things that are written on our website. Thank you very much for this great wonderful talk um I will put links on a hot seat for three questions that he will answer you have the time to come up with your own questions uh just come up here ask the questions and at the end please make sure to tell us where you're seated with your assembly so we can find you and talk to you some more are you ready for the hot seat yes the hot seat the hot stand basically it's a hot stand so Gnunet does it work can I install it uh no are you ready for second uh second question uh you don't want to hear a little more do we okay get ready for excuses so the excuse I well we I feel um I don't feel guilty for saying that Gnunet isn't ready to install it because we are from SecureShare and we're the ones spending time fixing Gnunet right now instead of do a coding SecureShare which is a bit sad uh but yeah um Gnunet is an impressive tool set and there's always a little thing here or there which isn't exactly perfectly working yet and we're always so close from like sometimes we had it working then something else broke um so um we're really close at having a stack that works but don't um installation is not exactly super sexy so don't don't define by installation because we can easily deliver uh working versions or for the friends of reproducible build we can have we have reproducible version on on geeks on nixos and we have e-builds for gen 2 so um don't uh don't be frustrated by the installation procedure it is complicated and it has reasons for being so and um and regarding the usage we we hope that soon we can actually we are not sure if we still have bugs or if it works now so we have to try it out that's what we're going to do next is see if if we manage to fix the important bugs and it's actually working now okay um thank you very much then the next question is um you fixed the internet is that correct how do you do it what's the several software development you're using and how do you interact with the others who help you that is uh the subject of uh another long presentation uh yeah um yeah yeah i mean uh the the what canoe net does is is provide a whole new internet stack which operates in different ways in a different philosophy and it's technically more complex than the old internet stack and it even replaces things like the border gateway protocol because it essentially it it has a way of finding from a to b by itself over mesh logic using distributed hash tables in a safe and and protected way from civil attacks so there's a lot of uh research it's it's very scientific and i think it needs that kind of level we are no longer in a situation that we can fix the internet by itf kind of approach doing something that works like here and now uh we need to uh learn from what scientists have been working on the last 15 years what about the programming thank you very much what's the programming language that you use then oh i didn't pick it uh at the time uh when uh canoe net started in 2003 uh they chose c because c was the language that is being run everywhere and that is also a bit of the problem the cause of our blues uh fixing bugs and i hope that we'll get to a state of majority that we no longer have to touch the c level code uh there's work going on uh that we have rust apis we have apis in other languages so i hope that all the application level stuff will happen with safer languages than c that's cool um any questions from all the thousands and thousands of people watching this was that is waiving no question okay cool any recommendations for us on the congress before i let you go what are you doing on the congress that's that's a cool question uh on the assembly and next generation internet ngi assembly page uh we made a collection of things that we find interesting it's not only our own sessions it's the sessions of friends going on happening elsewhere and it's a session that are actually kind of on the topic on spot interesting so we made a collection there and uh there's stuff on it cool then finally thank you very much for this awesome talk links and a last applause