idnits 2.17.1 draft-tenoever-hrpc-anonymity-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC6973], [Pew], [RFC3552]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 06, 2017) is 2634 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 243 -- Obsolete informational reference (is this intentional?): RFC 7626 (Obsoleted by RFC 9076) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group N. ten Oever 3 Internet-Draft Article19 4 Intended status: Informational February 06, 2017 5 Expires: August 10, 2017 7 Anonymity, Human Rights and Internet Protocols 8 draft-tenoever-hrpc-anonymity-00 10 Abstract 12 Anonymity is less discussed topic in the IETF than for instance 13 security [RFC3552] or privacy [RFC6973]. This can be attributed to 14 the fact anonymity is a hard technical problem or that anonymizing 15 user data is not of specific market interest. It remains a fact that 16 'most internet users would like to be anonymous online at least 17 occasionally' [Pew]. 19 This document aims to break down the different meanings and 20 implications of anonymity on a mediated computer network. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on August 10, 2017. 39 Copyright Notice 41 Copyright (c) 2017 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Vocabulary Used . . . . . . . . . . . . . . . . . . . . . . . 2 58 3. Research Questions . . . . . . . . . . . . . . . . . . . . . 3 59 4. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 61 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 62 7. Research Group Information . . . . . . . . . . . . . . . . . 4 63 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 8.1. Informative References . . . . . . . . . . . . . . . . . 4 65 8.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 66 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 68 1. Introduction 70 There seems to be a clear need for anonymity when harassment on the 71 Internet on the increase [Pew2] and the UN Special Rapporteur for 72 Freedom of Expression call anonymity 'necessary for the exercise of 73 the right to freedom of opinion and expression in the digital age' 74 [UNHRC2015]. 76 Nonetheless anonymity is not getting much discussion at the IETF, 77 providing anonymity does not seem a (semi-)objective for many 78 protocols, even though several documents contribute to improving 79 anonymity such as [RFC7258], [RFC7626], [RFC7858]. 81 There are initiatives on the Internet to improve end users anonymity, 82 most notably [torproject], but this all relies on adding encryption 83 in the application layer. 85 This document aims to break down the different meanings and 86 implications of anonymity on a mediated computer network and to see 87 whether (some parts of) anonymity should be taken into consideration 88 in protocol development. 90 2. Vocabulary Used 92 Concepts in this draft currently strongly hinges on [AnonTerm] 94 Anonymity A state of an individual in which an observer or attacker 95 cannot identify the individual within a set of other individuals 96 (the anonymity set). [RFC6973] 98 Linkability Linkability of two or more items of interest (IOIs, 99 e.g., subjects, messages, actions, ...) from an attacker's 100 perspective means that within the system (comprising these and 101 possibly other items), the attacker can sufficiently distinguish 102 whether these IOIs are related or not. [AnonTerm] 104 Pseudonymity Dervided from pseudonym, a persistent identity which is 105 not the same as the entity's given name. 107 Unlinkability Unlinkability of two or more items of interest (IOIs, 108 e.g., subjects, messages, actions, ...) from an attacker's 109 perspective means that within the system (comprising these and 110 possibly other items), the attacker cannot sufficiently 111 distinguish whether these IOIs are related or not. [AnonTerm] 113 Undetectability The impossibility of being noticed or discovered 115 Undetectability of an item of interest (IOI) from an attacker's 116 perspective means that the attacker cannot sufficiently 117 distinguish whether it exists or not [AnonTerm] 119 Unobservability 121 Unobservability of an item of interest (IOI) means: 122 undetectability of the IOI against all subjects uninvolved in it 123 and 125 anonymity of the subject(s) involved in the IOI even against the 126 other subject(s) involved in that IOI. [AnonTerm] 128 3. Research Questions 130 Premise: activity on the network has the ability for is to be 131 anonymous or authenticated 133 While analyzing protocols for their impact on users anonymity, would 134 it make sense to ask the following questions: 136 1. How anonymous is the end user to: 138 o local network operator 140 o other networks you connect to 142 o your communications peer on the other end of the pipe 144 2. How well can they distinguish my identity from somebody else 145 (with a similar communication) (ie linkability) 147 3. How does the protocol impact pseudonomity? 149 o in case of long term pseudonymity 151 o in case of short term pseudonymity 153 4. How does the protocol, in conjunction with other protocols, 154 impact pseudonymity? 156 5. Could there be advice for prootocol developers and implementers 157 to improve anonimity and pseudonymity? 159 4. Use Cases 161 - multiple identities concurrently used, mixing them in operations / 162 keeping them distinct (talking to XMPP, alias, etc) 164 - when you change identity, do cross stack analysis, so you have no 165 bleedover, anonymity on a cross protocol, cross stack level 167 5. Security Considerations 169 As this draft concerns a research document, there are no security 170 considerations. 172 6. IANA Considerations 174 This document has no actions for IANA. 176 7. Research Group Information 178 The discussion list for the IRTF Human Rights Protocol Considerations 179 proposed working group is located at the e-mail address hrpc@ietf.org 180 [1]. Information on the group and information on how to subscribe to 181 the list is at https://www.irtf.org/mailman/listinfo/hrpc 183 Archives of the list can be found at: https://www.irtf.org/mail- 184 archive/web/hrpc/current/index.html 186 8. References 188 8.1. Informative References 190 [AnonTerm] 191 Pfitzmann, A. and M. Hansen, "A terminology for talking 192 about privacy by data minimization: Anonymity, 193 Unlinkability, Undetectability, Unobservability, 194 Pseudonymity, and Identity Management", 2010, 195 . 198 [Pew] Rainie, L., Kiesler, S., Kang, R., and M. Madden, 199 "Anonymity, Privacy, and Security Online", 2013, 200 . 203 [Pew2] Duggan, M., "Online Harassment", 2014, 204 . 207 [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC 208 Text on Security Considerations", BCP 72, RFC 3552, 209 DOI 10.17487/RFC3552, July 2003, 210 . 212 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 213 Morris, J., Hansen, M., and R. Smith, "Privacy 214 Considerations for Internet Protocols", RFC 6973, 215 DOI 10.17487/RFC6973, July 2013, 216 . 218 [RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an 219 Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 220 2014, . 222 [RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, 223 DOI 10.17487/RFC7626, August 2015, 224 . 226 [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., 227 and P. Hoffman, "Specification for DNS over Transport 228 Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May 229 2016, . 231 [torproject] 232 The Tor Project, ., "Tor Project - Anonymity Online", 233 2007, . 235 [UNHRC2015] 236 Kaye, D., "Anonymity, Privacy, and Security Online (A/ 237 HRC/29/32)", 2015, 238 . 241 8.2. URIs 243 [1] mailto:hrpc@ietf.org 245 Author's Address 247 Niels ten Oever 248 Article19 250 EMail: niels@article19.org