The n-2 Conspiracy

The n-2 Conspiracy

We were asked by Caspar Bowden, former director of the UK Foundation for Information Policy (FIPR), how our social mixnet strategy protects us if an adversary is capable of taking over the entire secushare network, then tries to read into communications between you and me.

Frequently the problem with scientific work is that you have to learn the vocabulary, rather than the work being actually so hard to grasp. In this case n-1 can roughly be translated as "imagine all the other ones being in a conspiracy against you."

We did indeed think about this issue long before the Snowden revelations letting us know how much this is factual reality. It affects anonymous privacy networks harder than social ones: When you are participating in Tor, I2P or regular GNUnet you just see traffic flowing, you don't know if it's real traffic or just sharks pretending everything is working fine and actually just waiting for you to submit your secrets.

In social networks such as DRAC or secushare you are already participating the moment you open up your dashboard. You see messages from your real friends talking about the weather. Sharks would have a harder time imitating your friends' chatting style. So when you submit your secrets, you at least know your friends still exist - you are not in a matrix and reality isn't just a simulation. A risk remains that all of their nodes have been taken over, but that scenario cannot be solved by any software at all. The fact that those n-1 nodes need to be their personal devices to actually put you in danger is a great advantage over a system that an attacker could entirely simulate for you.

There is still an attack vector that would affect both DRAC and secushare: What if someone writes a plugin for our social tool that makes it super comfortable to integrate with XYZ, for example, and a majority of our friends installs it on their machines. Unfortunately that thing is only available as a binary executable and contains a backdoor for n-2 attacks. 2 being you and me who have secrets to exchange and n-2 being everybody else. In that case social activity will no longer help us to detect if the network is safe. So whenever you and me speak over such network, the attacker will be able to discern our packets, reducing the safety of our communications to the equivalent of what we have with OTR today.

Even this kind of attack can be addressed. We chose a legal path. We don't allow for binary-only plugins to secushare. You must publish the source code to your extension and if we can prove your binary cannot be generated from the source we ask Richard Stallman to sue you out of business.

Also, the comparison with OTR isn't accurate: Even if all network nodes are adversaries we still make it harder to analyze our packets thanks to padding and intentional latency. And yes we can always bolt on steganography on top, later.

Steganography to be effective requires cover data, but that's the main purpose of secushare: status updates about the weather, pictures of your family, invitations to your local nightlife and receiving advertisement updates from your favorite car manufacturer. It is likely to also be a good tool for political use, but that's just a side effect. Cover data is what we're about, so the option of plausibly deniable steganography is there. Cover data is why we focus on performance and scalability.

secushare is supposed to allow its users to configure inaccurate social graph and trust information, thus hiding some social links and transactions. Just add a person in "stealth" mode if you don't want anyone to know that you even met them. The distributed private social graph is important to achieve all the functionality that average people expect from a social networking service, but it is not necessary to have a private exchange. The work of dissidents and whistleblowers can thus be protected by the social cover noise of their everyday life friends.

Find more up to date statements on this topic in the anonymity page.