Seeking Anonymity in an Internet Panopticon

Abstract

Internet, users often need to assume, by default, that their every statement or action online is monitored and tracked. The Dissent project at Yale University takes a collective approach to online anonymity, based on different algorithmic foundations from onion routing, offering concrete advantages, as well as some disadvantages. Dissent preserves maximum security provided only that not all of a group's servers maliciously collude against their clients. In an honest- security model in which we assume each shuffler correctly follows the protocol the output from the last shuffler offers provable anonymity among all non-colluding clients, provided at least one of the shufflers keeps its random permutation secret. A substantial body of work addresses these vulnerabilities to such active attacks. Dissent addresses the jamming problem by implementing accountability mechanisms, allowing the group to revoke the anonymity of any peer found to be attempting to jam communication maliciously while preserving strong anonymity protection for peers who follow the rules. Dissent now adopts a client/multi-server model with trust split across multiple servers, preferably administered independently. More important in practice, Dissent's client/multi-server coin-sharing design addresses network churn by making the composition of client ciphertexts independent of the set of other clients online in a given round