Anonymous Robert - Consider using node-Tor

[Ayms]

I read https://github.com/ROBERT-proximity-tracing/documents/issues/6

Opening a new issue to separate the discussion since #6 is already long and I am not sure what is the conclusion, you can remerge it if you like

It looks indeed trivial for the authority to deanonymize a user linking his ID to his IP even behind a NAT just asking the service provider, maybe jumping here with not the full history knowledge, but as far as I understand the solution could be to use the Tor network and hidden services (or a Tor network like)

As some mentioned, it's probably not a good idea at all, the Tor network is designed to browse from the Tor browser and I don't see the point of using onion addresses (so many Tor network principles do not apply to an independant Tor network), neither the Tor network itself which is very centralized and quite small, neither the enormous Tor project code with plenty of dependencies piping with a localhost using socks proxy, it should be an independant network, and ideally should work on any device the "modern way" (ie browsers, I don't know what is the plan for stopcovid, webapp?)

Maybe you could take a look at https://github.com/Ayms/node-Tor#phase-4-and-phase-5

This must not be misunderstood with the Tor network, this is a javascript implementation of the Tor protocol inside browsers and servers, as simple as:

robert.pipe(node-Tor)

or (to give more details):

Any protocol implements somewhere in a central place :

protocol.on(‘data’,//process_data)
protocol.send=//send data

Piping with node-Tor is as simple as:

piping(protocol) //turn protocol into a Duplex object
protocol._write_b=//process_data from node-Tor
protocol.send=function(data) {this._stream_f.push(data)} //send data to the Tor protocol
protocol.pipe(node-Tor)

The initial dev has been funded by my company (ie myself) years ago, phases 1 to 3 were funded by NLnet under NGI PET call last year, I have submitted different proposals to H-2020 NGI calls to complete the implementation, and a target generic decentralized architecture proposal (but probably too early for this project) : Convergence - 2020

Not saying this is perfect and a final solution, probably some changes are required (the RDV points advertising system is maybe too trivial), this is a redesign of the initial Convergence proposal from 2015 Convergence, as a matter of fact IPFS did implement most of it, except privacy/anonymity

It is designed to use RDV points also, the peer discovery system (most likely based on a DHT) is not specified since it depends on the protocol used and security requirements

But for now, at least envisioning using node-Tor with Robert would probably desserve some attention, see the docs too

[vincent-grenoble]

Thank you for your proposal. Yes, TOR is an option, but I do not think this it the one considered by the development team. In any case, this is important but a bit orthogonal to our work.

[Ayms]

Adapted Tor protocol not Tor, and not the Tor network again (neither the Tor Browser), what is the option considered by the dev team and why is the subject orthogonal?

Designing such a (centralized) system implies necessarilly that the authority can't deanonymize the users, this is easy to do with what I am proposing

[vincent-grenoble]

This subject is orthogonal since our team is not involved in the app/backend development process and the associated technological choices. We only focus on the high level specifications. Thanks.

[Ayms]

OK, I was not aware until I realized I could propose something but I see the picture now, "privacy-by-design" does not include anonymity, is not part of Inria Privatics research work (...), and stopcovid will not be open source, git repo removed, iOS not supported, mobile app dev given to an unknown company

What a shame... who can swallow this given all the companies involved for this small app and given what people are expecting from it? I know it's not the right place here for this kind of comment, it is not related to (your) ROBERT project, but... really... is all of this serious?

[Adrien-Luxey]

We only focus on the high level specifications.

At a higher level, this issue proposes to obfuscate IP addresses, in order to comply with ROBERT's "anonymity" claim. Otherwise, your proposal is not anonymous, and you need to review the specification.

Towards this goal, you can do onion routing using an existing network e.g. Tor, or you can implement some kind of mix network using the people's devices e.g. FOUGERE, although less straightforward.

Is this still orthogonal to your work?

[Ayms]

I would not use the Tor network but an onion routing like network, like I am proposing, ideally the peers can be the relay nodes, but this one is not totally straight forward also today

node-Tor is only 1MB not minified (so 500kB minified), which is quite small for what it does, no dependencies, easy to integrate, fast and efficient, for unknown reasons many academics usually don't consider js, which is a mistake