Human Rights Protocol Considerations Research Group N. ten Oever
Internet-Draft Article19
Intended status: Informational February 06, 2017
Expires: August 10, 2017
Anonymity, Human Rights and Internet Protocols
draft-tenoever-hrpc-anonymity-00
Abstract
Anonymity is less discussed topic in the IETF than for instance
security [RFC3552] or privacy [RFC6973]. This can be attributed to
the fact anonymity is a hard technical problem or that anonymizing
user data is not of specific market interest. It remains a fact that
'most internet users would like to be anonymous online at least
occasionally' [Pew].
This document aims to break down the different meanings and
implications of anonymity on a mediated computer network.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 10, 2017.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
ten Oever Expires August 10, 2017 [Page 1]
Internet-Draft anon February 2017
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Vocabulary Used . . . . . . . . . . . . . . . . . . . . . . . 2
3. Research Questions . . . . . . . . . . . . . . . . . . . . . 3
4. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
7. Research Group Information . . . . . . . . . . . . . . . . . 4
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
8.1. Informative References . . . . . . . . . . . . . . . . . 4
8.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
There seems to be a clear need for anonymity when harassment on the
Internet on the increase [Pew2] and the UN Special Rapporteur for
Freedom of Expression call anonymity 'necessary for the exercise of
the right to freedom of opinion and expression in the digital age'
[UNHRC2015].
Nonetheless anonymity is not getting much discussion at the IETF,
providing anonymity does not seem a (semi-)objective for many
protocols, even though several documents contribute to improving
anonymity such as [RFC7258], [RFC7626], [RFC7858].
There are initiatives on the Internet to improve end users anonymity,
most notably [torproject], but this all relies on adding encryption
in the application layer.
This document aims to break down the different meanings and
implications of anonymity on a mediated computer network and to see
whether (some parts of) anonymity should be taken into consideration
in protocol development.
2. Vocabulary Used
Concepts in this draft currently strongly hinges on [AnonTerm]
Anonymity A state of an individual in which an observer or attacker
cannot identify the individual within a set of other individuals
(the anonymity set). [RFC6973]
ten Oever Expires August 10, 2017 [Page 2]
Internet-Draft anon February 2017
Linkability Linkability of two or more items of interest (IOIs,
e.g., subjects, messages, actions, ...) from an attacker's
perspective means that within the system (comprising these and
possibly other items), the attacker can sufficiently distinguish
whether these IOIs are related or not. [AnonTerm]
Pseudonymity Dervided from pseudonym, a persistent identity which is
not the same as the entity's given name.
Unlinkability Unlinkability of two or more items of interest (IOIs,
e.g., subjects, messages, actions, ...) from an attacker's
perspective means that within the system (comprising these and
possibly other items), the attacker cannot sufficiently
distinguish whether these IOIs are related or not. [AnonTerm]
Undetectability The impossibility of being noticed or discovered
Undetectability of an item of interest (IOI) from an attacker's
perspective means that the attacker cannot sufficiently
distinguish whether it exists or not [AnonTerm]
Unobservability
Unobservability of an item of interest (IOI) means:
undetectability of the IOI against all subjects uninvolved in it
and
anonymity of the subject(s) involved in the IOI even against the
other subject(s) involved in that IOI. [AnonTerm]
3. Research Questions
Premise: activity on the network has the ability for is to be
anonymous or authenticated
While analyzing protocols for their impact on users anonymity, would
it make sense to ask the following questions:
1. How anonymous is the end user to:
o local network operator
o other networks you connect to
o your communications peer on the other end of the pipe
2. How well can they distinguish my identity from somebody else
(with a similar communication) (ie linkability)
ten Oever Expires August 10, 2017 [Page 3]
Internet-Draft anon February 2017
3. How does the protocol impact pseudonomity?
o in case of long term pseudonymity
o in case of short term pseudonymity
4. How does the protocol, in conjunction with other protocols,
impact pseudonymity?
5. Could there be advice for prootocol developers and implementers
to improve anonimity and pseudonymity?
4. Use Cases
- multiple identities concurrently used, mixing them in operations /
keeping them distinct (talking to XMPP, alias, etc)
- when you change identity, do cross stack analysis, so you have no
bleedover, anonymity on a cross protocol, cross stack level
5. Security Considerations
As this draft concerns a research document, there are no security
considerations.
6. IANA Considerations
This document has no actions for IANA.
7. Research Group Information
The discussion list for the IRTF Human Rights Protocol Considerations
proposed working group is located at the e-mail address hrpc@ietf.org
[1]. Information on the group and information on how to subscribe to
the list is at https://www.irtf.org/mailman/listinfo/hrpc
Archives of the list can be found at: https://www.irtf.org/mail-
archive/web/hrpc/current/index.html
8. References
8.1. Informative References
ten Oever Expires August 10, 2017 [Page 4]
Internet-Draft anon February 2017
[AnonTerm]
Pfitzmann, A. and M. Hansen, "A terminology for talking
about privacy by data minimization: Anonymity,
Unlinkability, Undetectability, Unobservability,
Pseudonymity, and Identity Management", 2010,
<http://dud.inf.tu-dresden.de/literatur/
Anon_Terminology_v0.34.pdf>.
[Pew] Rainie, L., Kiesler, S., Kang, R., and M. Madden,
"Anonymity, Privacy, and Security Online", 2013,
<http://www.pewinternet.org/2013/09/05/
anonymity-privacy-and-security-online/>.
[Pew2] Duggan, M., "Online Harassment", 2014,
<http://www.pewinternet.org/2014/10/22/
online-harassment/>.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552,
DOI 10.17487/RFC3552, July 2003,
<http://www.rfc-editor.org/info/rfc3552>.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973,
DOI 10.17487/RFC6973, July 2013,
<http://www.rfc-editor.org/info/rfc6973>.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
2014, <http://www.rfc-editor.org/info/rfc7258>.
[RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626,
DOI 10.17487/RFC7626, August 2015,
<http://www.rfc-editor.org/info/rfc7626>.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
and P. Hoffman, "Specification for DNS over Transport
Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
2016, <http://www.rfc-editor.org/info/rfc7858>.
[torproject]
The Tor Project, ., "Tor Project - Anonymity Online",
2007, <https://www.torproject.org/>.
ten Oever Expires August 10, 2017 [Page 5]
Internet-Draft anon February 2017
[UNHRC2015]
Kaye, D., "Anonymity, Privacy, and Security Online (A/
HRC/29/32)", 2015,
<www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/
Documents/A.HRC.29.32_AEV.doc>.
[1] mailto:hrpc@ietf.org
Author's Address
Niels ten Oever
Article19
EMail: niels@article19.org
ten Oever Expires August 10, 2017 [Page 6]