We need to find the right balance between anonymity and accountability with the MultiChain

[lfdversluis]

@synctext I was thinking about @snorberhuis's MultiChain this morning and thought of the integration. To me, integrating a reputation system alongside anonymity/privacy seems counter-intuitive. By crawling the network and chains, you can look at the past interactions and identify users by using they public key as identifiers. So you can tell how much a user has interacted with another.

Maybe not an issue directly related to Tribler, but sounds like an interesting paradox to me :)

[ThomasdenH]

I imagine this is similar to Bitcoin's pseudonymity; everything is public, but the connection between public keys and their user is secret.

[Pathemeous]

@ThomasdenH is right. Remember that people already connect via a SOCKS5 proxy.

On top of that, everyone essentially obscures the origin of the traffic by relaying (anonymity through obscurity). If enough people do this, the correlation between personal traffic and a specific user, becomes too flat (i.e. nonexistent) to find out who is the owner / originator of the traffic.

This way, we can indeed see from the MultiChain that some node in the network has sent out certain traffic, but we cannot determine that he actually created it. If enough traffic passes, the node's own traffic is lost in the stream (obscured by it), and building correlations becomes very hard.

What exactly the critical network size/churn/throughput must be to achieve this is a thesis of its own :). (I believe our math-Pim is going to do research in that area).

Also, I am not entirely read up with @snorberhuis' MultiChain algorithm and implementation, but I can imagine that he has touched on the issue of building correlations from the chain.

[lfdversluis]

@Pathemeous @ThomasdenH I dont think so. When you are part of a tunnel or simply downloading directly you have to sign the request of your direct neighbour, whose IP will be known. This means that you can keep a database of IP, public key as you will be able to see their public keys. This means seeding for a long time will eventually allow you to learn identities in the network as you will interact with different people over time.

[Pathemeous]

Does the SOCKS5 proxy not display a random IP?

[lfdversluis]

@Pathemeous display yes, but underneath you are getting data from a real IP, not a random one...

[lfdversluis]

Moreover, if you know all the keys of a tunnel (all the hops) then you can reconstruct the tunnel and know the source e.g. as hop or even as downloader. That would completely destroy anonymity

[Pathemeous]

You are right about that, as I said I am not sure how exactly @snorberhuis implemented the MultiChain and how it deals with this reverse engineering. Paying the Guard: an Entry-Guard based Payment System for Tor deals with this by basically squashing the individual transactions into a single net transaction.

[lfdversluis]

@pimotte @pimveldhuisen @Captain-Coder Maybe something for you guys to consider/think about? :D If this is not the case and I am plain wrong, let me know an I will happily close it :)

[pimveldhuisen]

Combining anonimity and reputation indeed seems like a paradox, and this is an issue with the multichain. We will have to find a good balance while developing the multichain protocol.

[devos50]

Yeah, we have to balance this well. I'm closing this discussion btw.

[lfdversluis]

Why would you close this if it's still an open problem? Unless we have made up our mind, of course..

[devos50]

Ok then, I will reopen it and change the label/title to make the issue more clear.

[synctext]

We are aware that distributed accounting is an attack vector for onion routing. Key 2003 paper: https://freehaven.net/doc/fc03/econymics.pdf Not a specific open issue, collected to issue # 1, smooth anonymous streaming.