How anonymizing routers actually work Date: 2009-04-19 19:49:42
I cannot go to bed yet, because someone on the internet is wrong. :-P
Even among Slashdot readers, there is still a tremendous amount of confusion as to what anonymizing onion-type P2P routers are actually doing (and not doing) to protect you. So here's a very short introduction to the technicalities of anonymized internet traffic, explained as non-technical as possible:
1) The usual way
When you (and your ISP) are not using any special software, data comes from the internet to your browser like this:
Pros:
2) The SSL way
SSL adds another layer to the whole process:
Pros:
3) Anonymizing P2P networks
P2P networks form a mesh of nodes that route encrypted traffic through several stations before (most of the time) exiting to the public internet:
Pros:
Even among Slashdot readers, there is still a tremendous amount of confusion as to what anonymizing onion-type P2P routers are actually doing (and not doing) to protect you. So here's a very short introduction to the technicalities of anonymized internet traffic, explained as non-technical as possible:
1) The usual way
When you (and your ISP) are not using any special software, data comes from the internet to your browser like this:
- you click on a link
- your browser creates a piece of data specifying the target address you are contacting as well as some additional context information
- your browser sends the piece of data to a router/gateway
- the router analyzes the piece of data and passes it along
- repeat the previous step, until the packet arrives at the target server
- server analyzes request, sends piece of data back along the chain of routers
- back to your browser
Pros:
- it's really fast
- any node on the way can read (and manipulate) any piece of the data stream
- censorship software at the ISP level can block your access to certain sites by refusing to pass the packets along
2) The SSL way
SSL adds another layer to the whole process:
- you click on an SSL link
- your browser creates an encrypted piece of data that is completely opaque except for the target address
- routers pass the data along to the server but cannot read the content
- server passes encrypted data back to you the same way
Pros:
- nobody can read or manipulate your data stream
- censorship software still works (because the destination address of both ends of this exchange is still readable)
- any node on the way can still see who you are contacting
3) Anonymizing P2P networks
P2P networks form a mesh of nodes that route encrypted traffic through several stations before (most of the time) exiting to the public internet:
- browser forms request
- local P2P software encrypts request, sends it to a P2P partner node
- P2P anonymizing node has no idea what data it is routing, but it passes it along to another P2P node
- repeat the above step several times, for good measure
- data reaches a P2P exit node, which decrypts the request
- P2P exit node makes the request to the destination server
- at which point the rest of the transmission either goes like 1) or 2) as described above
Pros:
- you can now circumvent censoring measures since your ISP only "sees" the connection to the first P2P node
- nobody knows where you are going (except the operator of the exit node)
- the webserver operator has no way of knowing where you actually are
- if you're not using SSL, the traffic between the exit node and the server is still unprotected from the dangers as stated in the first paragraph, including the possibility of encountering a rogue exit node that protocols your entire data stream for nefarious purposes (e.g. to sniff your passwords)
- it's slow
Comments
|
Alex says
(2009-05-07 00:41:13)
|
You should also write a similar article that explains how SSL only means that the connection is encrypted but it doesn't mean that the server on the other end is not controlled by a "bad guy".