[GNUnet-SVN] [gnunet] branch master updated: try to address #5660:

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new 32485c3b5 try to address #5660:
32485c3b5 is described below

commit 32485c3b58983ada1943b3fa27eac3b0cff2a9da
Author: Christian Grothoff <address@hidden>
AuthorDate: Sat Apr 20 21:45:25 2019 +0200

    try to address #5660:
---
 doc/handbook/chapters/keyconcepts.texi | 26 +++++++++++---------
 doc/handbook/chapters/user.texi        | 16 +++++++++----
 doc/man/gnunet-auto-share.1            | 29 ++++++++++++-----------
 doc/man/gnunet-download.1              | 43 +++++++++++++---------------------
 doc/man/gnunet-publish.1               | 39 ++++++++++++++----------------
 doc/man/gnunet-search.1                | 37 +++++++++++++----------------
 6 files changed, 91 insertions(+), 99 deletions(-)

diff --git a/doc/handbook/chapters/keyconcepts.texi 
b/doc/handbook/chapters/keyconcepts.texi
index 4b49a7ffb..4900ed328 100644
--- a/doc/handbook/chapters/keyconcepts.texi
+++ b/doc/handbook/chapters/keyconcepts.texi
@@ -15,7 +15,7 @@ The second part describes concepts specific to anonymous 
file-sharing.
 * Accounting to Encourage Resource Sharing::
 * Confidentiality::
 * Anonymity::
-* Deniability::                       
+* Deniability::
 * Peer Identities::
 * Zones in the GNU Name System (GNS Zones)::
 * Egos::
@@ -165,16 +165,20 @@ and Bart Preneel. Towards measuring anonymity.
 (@uref{https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf, 
https://git.gnunet.org/bibliography.git/plain/docs/article-89.pdf}))
 that can help quantify the level of anonymity that a given mechanism
 provides, there is no such thing as "complete anonymity".
+
 GNUnet's file-sharing implementation allows users to select for each
 operation (publish, search, download) the desired level of anonymity.
-The metric used is the amount of cover traffic available to hide the
-request.
-While this metric is not as good as, for example, the theoretical metric
-given in scientific metrics,
-it is probably the best metric available to a peer with a purely local
-view of the world that does not rely on unreliable external information.
-The default anonymity level is @code{1}, which uses anonymous routing but
-imposes no minimal requirements on cover traffic. It is possible
+The metric used is based on the amount of cover traffic needed to hide
+the request.
+
+While there is no clear way to relate the amount of available cover
+traffic to traditional scientific metrics such as the anonymity set or
+information leakage, it is probably the best metric available to a
+peer with a purely local view of the world, in that it does not rely
+on unreliable external information or a particular adversary model.
+
+The default anonymity level is @code{1}, which uses anonymous routing
+but imposes no minimal requirements on cover traffic. It is possible
 to forego anonymity when this is not required. The anonymity level of
 @code{0} allows GNUnet to use more efficient, non-anonymous routing.
 
@@ -192,7 +196,7 @@ In particular, we assume that the adversary can see all the 
traffic on
 the Internet. And while we assume that the adversary
 can not break our encryption, we assume that the adversary has many
 participating nodes in the network and that it can thus see many of the
-node-to-node interactions since it controls some of the nodes. 
+node-to-node interactions since it controls some of the nodes.
 
 The system tries to achieve anonymity based on the idea that users can be
 anonymous if they can hide their actions in the traffic created by other
@@ -235,7 +239,7 @@ Even if the user that downloads data and the server that 
provides data are
 anonymous, the intermediaries may still be targets. In particular, if the
 intermediaries can find out which queries or which content they are
 processing, a strong adversary could try to force them to censor
-certain materials. 
+certain materials.
 
 With the file-encoding used by GNUnet's anonymous file-sharing, this
 problem does not arise.
diff --git a/doc/handbook/chapters/user.texi b/doc/handbook/chapters/user.texi
index 37c5849ab..55518bc34 100644
--- a/doc/handbook/chapters/user.texi
+++ b/doc/handbook/chapters/user.texi
@@ -1054,8 +1054,17 @@ anonymity level of "1" means that anonymous routing is 
desired, but no
 particular amount of cover traffic is necessary. A powerful adversary
 might thus still be able to deduce the origin of the traffic using
 traffic analysis. Specifying higher anonymity levels increases the
-amount of cover traffic required. While this offers better privacy,
-it can also significantly hurt performance.
+amount of cover traffic required.
+
+The specific numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your
+behalf must be hidden in L-1 equivalent requests of cover traffic
+(traffic your peer routes for others) in the same time-period.  The
+time-period is twice the average delay by which GNUnet artificially
+delays traffic.
+
+While higher anonymity levels may offer better privacy, they can also
+significantly hurt performance.
 
 @node Content Priority
 @subsubsection Content Priority
@@ -2324,6 +2333,3 @@ service offered by that peer, you can create an IP tunnel 
to
 that peer by specifying the peer's identity, service name and
 protocol (--tcp or --udp) and you will again receive an IP address
 that will terminate at the respective peer's service.
-
-
-
diff --git a/doc/man/gnunet-auto-share.1 b/doc/man/gnunet-auto-share.1
index 19cb998fa..e68ecdc08 100644
--- a/doc/man/gnunet-auto-share.1
+++ b/doc/man/gnunet-auto-share.1
@@ -28,24 +28,25 @@ You can run the tool by hand or automatically by adding the 
respective options t
 gnunet-auto-share has many options in common with gnunet-publish, but can only 
be used to index files.
 .Pp
 You can use automatic meta-data extraction (based on libextractor).
+.Sh OPTIONS
 .Bl -tag -width Ds
 .It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-This option can be used to specify additional anonymity constraints.
+This option can be used to specify additional anonymity constraints. The 
default is 1.
 If set to 0, GNUnet will publish the file non-anonymously and in fact sign the 
advertisement for the file using your peer's private key.
-This will allow other users to download the file as fast as possible, 
including using non-anonymous methods (DHT, direct transfer).
+This will allow other users to download the file as fast as possible, 
including using non-anonymous methods (discovery via DHT and CADET transfer).
 If you set it to 1 (default), you use the standard anonymous routing algorithm 
(which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which 
increases the amount of cover traffic your own traffic will get, at the expense 
of performance.
-Note that regardless of the anonymity level you choose, peers that cache 
content in the network always use anonymity level 1.
-.Pp
-The definition of the ANONYMITY LEVEL is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic 
can be from the local user, leaving 'v-1' bytes of cover traffic per byte on 
the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous 
routing), it may originate n/(v-1) bytes of data in the same time-period.
-The time-period is twice the average delay that GNUnet defers forwarded 
queries.
-.Pp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no 
throughput at all, especially if many of your fellow GNUnet-peers all do the 
same.
+However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using 
values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover 
traffic.
+This should confound an adversaries traffic analysis, increasing the time and 
effort it would
+take to discover your identity. However, it also can significantly reduce 
performance, as
+your requests will be delayed until sufficient cover traffic is available.  
The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf 
must be hidden in L\-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same 
time\-period.
+The time\-period is twice the average delay by which GNUnet artificially 
delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache 
content in the
+network always use anonymity level 1.
 .It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
 Use alternate config file (if this option is not specified, the default is
 .Pa ~/.config/gnunet.conf Ns ).
diff --git a/doc/man/gnunet-download.1 b/doc/man/gnunet-download.1
index e2c4ab365..f278694c3 100644
--- a/doc/man/gnunet-download.1
+++ b/doc/man/gnunet-download.1
@@ -24,8 +24,22 @@ a command line interface for downloading files from GNUnet
 Download files from GNUnet.
 .Bl -tag -width Ds
 .It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-Set desired level of receiver anonymity.
-Default is 1.
+This option can be used to specify additional anonymity constraints. The 
default is 1.
+If set to 0, GNUnet will publish the file non-anonymously and in fact sign the 
advertisement for the file using your peer's private key.
+This will allow other users to download the file as fast as possible, 
including using non-anonymous methods (discovery via DHT and CADET transfer).
+If you set it to 1 (default), you use the standard anonymous routing algorithm 
(which does not explicitly leak your identity).
+However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using 
values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover 
traffic.
+This should confound an adversaries traffic analysis, increasing the time and 
effort it would
+take to discover your identity. However, it also can significantly reduce 
performance, as
+your requests will be delayed until sufficient cover traffic is available.  
The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf 
must be hidden in L-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same 
time\-period.
+The time\-period is twice the average delay by which GNUnet artificially 
delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache 
content in the
+network always use anonymity level 1.
 .It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
 Use config file (default:
 .Pa ~/.config/gnunet.conf Ns )
@@ -88,31 +102,6 @@ If you ever have to abort a download, you can at any time 
continue it by re-issu
 In that case GNUnet will not download blocks again that are already present.
 GNUnet's file-encoding will ensure file integrity, even if the existing file 
was not downloaded from GNUnet in the first place.
 Temporary information will be appended to the target file until the download 
is completed.
-.Ss SETTING ANONYMITY LEVEL
-The
-.Fl a
-option can be used to specify additional anonymity constraints.
-If set to 0, GNUnet will try to download the file as fast as possible, 
including using non-anonymous methods.
-If you set it to 1 (default), you use the standard anonymous routing algorithm 
(which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which 
increases the amount of cover traffic your own traffic will get, at the expense 
of performance.
-Note that your download performance is not only determined by your own 
anonymity level, but also by the anonymity level of the peers publishing the 
file.
-So even if you download with anonymity level 0, the peers publishing the data 
might be sharing with a higher anonymity level, which in this case will 
determine performance.
-Also, peers that cache content in the network always use anonymity level 1.
-.Pp
-This option can be used to limit requests further than that.
-In particular, you can require GNUnet to receive certain amounts of traffic 
from other peers before sending your queries.
-This way, you can gain very high levels of anonymity - at the expense of much 
more traffic and much higher latency.
-So set it only if you really believe you need it.
-.Pp
-The definition of ANONYMITY\-RECEIVE is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic 
can be from the local user, leaving 'v-1' bytes of cover traffic per byte on 
the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous 
routing), it may originate n/(v-1) bytes of queries in the same time\-period.
-The time\-period is twice the average delay that GNUnet defers forwarded 
queries.
-.Pp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no 
throughput at all, especially if many of your fellow GNUnet\-peers all do the 
same.
 .Sh FILES
 .Pa ~/.config/gnunet.conf
 GNUnet configuration file
diff --git a/doc/man/gnunet-publish.1 b/doc/man/gnunet-publish.1
index 0cfad4c78..b003f27e0 100644
--- a/doc/man/gnunet-publish.1
+++ b/doc/man/gnunet-publish.1
@@ -125,7 +125,25 @@ However, indexing only works if the indexed file can be 
read (using the same abs
 If this is not the case, indexing will fail (and gnunet-publish will 
automatically revert to publishing instead).
 Regardless of which method is used to publish the file, the file will be 
slowly (depending on how often it is requested and on how much bandwidth is 
available) dispersed into the network.
 If you publish or index a file and then leave the network, it will almost 
always NOT be available anymore.
+.Sh OPTIONS
 .Bl -tag -width Ds
+.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
+This option can be used to specify additional anonymity constraints. The 
default is 1.
+If set to 0, GNUnet will publish the file non-anonymously and in fact sign the 
advertisement for the file using your peer's private key.
+This will allow other users to download the file as fast as possible, 
including using non-anonymous methods (discovery via DHT and CADET transfer).
+If you set it to 1 (default), you use the standard anonymous routing algorithm 
(which does not explicitly leak your identity).
+However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using 
values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover 
traffic.
+This should confound an adversaries traffic analysis, increasing the time and 
effort it would
+take to discover your identity. However, it also can significantly reduce 
performance, as
+your requests will be delayed until sufficient cover traffic is available.  
The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf 
must be hidden in L\-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same 
time\-period.
+The time\-period is twice the average delay by which GNUnet artificially 
delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache 
content in the
+network always use anonymity level 1.
 .It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
 Use alternate config file FILENAME.
 If this option is not specified, the default is
@@ -192,27 +210,6 @@ Print the version number.
 Be verbose.
 Using this option causes gnunet\-publish to print progress information and at 
the end the file identification that can be used to download the file from 
GNUnet.
 .El
-.Ss SETTING ANONYMITY LEVEL
-.Bl -tag -width Ds
-.It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-.El
-.sp
-The \fB\-a\fR option can be used to specify additional anonymity constraints.
-If set to 0, GNUnet will publish the file non-anonymously and in fact sign the 
advertisement for the file using your peer's private key.
-This will allow other users to download the file as fast as possible, 
including using non-anonymous methods (DHT, direct transfer).
-If you set it to 1 (default), you use the standard anonymous routing algorithm 
(which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which 
increases the amount of cover traffic your own traffic will get, at the expense 
of performance.
-Note that regardless of the anonymity level you choose, peers that cache 
content in the network always use anonymity level 1.
-.Pp
-The definition of the ANONYMITY LEVEL is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic 
can be from the local user, leaving 'v-1' bytes of cover traffic per byte on 
the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous 
routing), it may originate n/(v-1) bytes of data in the same time\-period.
-The time\-period is twice the average delay that GNUnet defers forwarded 
queries.
-.Pp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no 
throughput at all, especially if many of your fellow GNUnet\-peers all do the 
same.
 .Sh EXAMPLES
 .Ss BASIC EXAMPLES
 Index a file COPYING:
diff --git a/doc/man/gnunet-search.1 b/doc/man/gnunet-search.1
index d4ad4b516..58e16ea7b 100644
--- a/doc/man/gnunet-search.1
+++ b/doc/man/gnunet-search.1
@@ -24,30 +24,25 @@ Search for content on GNUnet.
 The keywords are case-sensitive.
 .Nm
 can be used both for a search in the global namespace as well as for searching 
a private subspace.
+.Sh OPTIONS
 .Bl -tag -width Ds
 .It Fl a Ar LEVEL | Fl \-anonymity= Ns Ar LEVEL
-The \fB\-a\fR option can be used to specify additional anonymity constraints.
-If set to 0, GNUnet will try to download the file as fast as possible, 
including using non-anonymous methods.
+This option can be used to specify additional anonymity constraints. The 
default is 1.
+If set to 0, GNUnet will publish the file non-anonymously and in fact sign the 
advertisement for the file using your peer's private key.
+This will allow other users to download the file as fast as possible, 
including using non-anonymous methods (discovery via DHT and CADET transfer).
 If you set it to 1 (default), you use the standard anonymous routing algorithm 
(which does not explicitly leak your identity).
-However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time infer data about your identity.
-You can gain better privacy by specifying a higher level of anonymity, which 
increases the amount of cover traffic your own traffic will get, at the expense 
of performance.
-Note that your download performance is not only determined by your own 
anonymity level, but also by the anonymity level of the peers publishing the 
file.
-So even if you download with anonymity level 0, the peers publishing the data 
might be sharing with a higher anonymity level, which in this case will 
determine performance.
-Also, peers that cache content in the network always use anonymity level 1.
-.sp
-This option can be used to limit requests further than that.
-In particular, you can require GNUnet to receive certain amounts of traffic 
from other peers before sending your queries.
-This way, you can gain very high levels of anonymity \- at the expense of much 
more traffic and much higher latency.
-So set it only if you really believe you need it.
-.sp
-The definition of ANONYMITY\-RECEIVE is the following.
-0 means no anonymity is required.
-Otherwise a value of 'v' means that 1 out of v bytes of "anonymous" traffic 
can be from the local user, leaving 'v-1' bytes of cover traffic per byte on 
the wire.
-Thus, if GNUnet routes n bytes of messages from foreign peers (using anonymous 
routing), it may originate n/(v-1) bytes of queries in the same time\-period.
-The time\-period is twice the average delay that GNUnet defers forwarded 
queries.
-.sp
-The default is 1 and this should be fine for most users.
-Also notice that if you choose very large values, you may end up having no 
throughput at all, especially if many of your fellow GNUnet\-peers all do the 
same.
+However, a powerful adversary may still be able to perform traffic analysis 
(statistics) to over time discovery your identity.
+You can gain better privacy by specifying a higher level of anonymity (using 
values above 1).
+This tells FS that it must hide your own requests in equivalent\-looking cover 
traffic.
+This should confound an adversaries traffic analysis, increasing the time and 
effort it would
+take to discover your identity. However, it also can significantly reduce 
performance, as
+your requests will be delayed until sufficient cover traffic is available.  
The specific
+numeric value (for anonymity levels above 1) is simple:
+Given an anonymity level L (above 1), each request FS makes on your behalf 
must be hidden in L\-1 equivalent
+requests of cover traffic (traffic your peer routes for others) in the same 
time\-period.
+The time\-period is twice the average delay by which GNUnet artificially 
delays traffic.
+Note that regardless of the anonymity level you choose, peers that cache 
content in the
+network always use anonymity level 1.
 .It Fl c Ar FILENAME | Fl \-config= Ns Ar FILENAME
 use config file (defaults: ~/.config/gnunet.conf)
 .It Fl h | \-help

-- 
To stop receiving notification emails like this one, please contact
address@hidden