The probem is the low latency VOIP requires. There is a tradeoff between latency and privacy, and it cannot be avoided.<br><br><div><span class="gmail_quote">On 5/16/06, <b class="gmail_sendername">Anothony Georgeo</b> <
<a href="mailto:anogeorgeo@yahoo.com">anogeorgeo@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello,<br><br>
Here is a quoted section from an article about the US<br>FBI and the next generation of "Carnivore" which will<br>focus on VoIP.<br><br>The qutoed section deals with a MiTH attack (I think)<br>that has been discussed here before. The attacker
<br>adds a packet timing delay and invisable 'tag' to<br>packets of the P2P VoIP software "SkyPE".<br><br>This MiTH attack defeated the anonymity offered by<br><a href="http://www.findnot.com">http://www.findnot.com
</a> and as such everyone should<br>concider all other web-based, single-hop and weak [eg.<br>non-Tor ;-) ] anonymizing services to be broken.<br><br>I don't think this MiTH attack can effect the Tor<br>network but I'm not sure. I think Tor's DH key
<br>authentication of nodes and TLS tunnels precludes this<br>attack but I'm not positive.<br><br>Can an Onion Route II/Tor expert offer assurance this<br>MiTH attack does not effect Tor?<br><br>-Quoted section-<br><a href="http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html?part=rss&tag=5825932&subj=news">
http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html?part=rss&tag=5825932&subj=news</a><br><br>The FBI or any other government agency that's<br>eavesdropping on both ends of the link would see that
<br>each person was connected to the anonymizing<br>server--but couldn't know for sure who was talking to<br>whom. The more customers who use the service at once,<br>the more difficult it would be for investigators to<br>
connect the dots.<br><br>Wang discovered he could embed a unique, undetectable<br>signature in Skype packets and then identify that<br>signature when they reached their destination. The<br>technique works in much the same way as a radioactive
<br>marker that a patient swallows, permitting doctors to<br>monitor its progress through the digestive system.<br><br>"It's based on the flow itself," Wang said. "I embed a<br>watermark into the flow itself, the timing of the
<br>packets. By adjusting the timing of select packets<br>slightly, it's transparent. There's no overhead in the<br>bandwidth, and it's very subtle. It's mingled with the<br>background noise." (The anonymizing service tested was
<br><a href="http://Findnot.com">Findnot.com</a>, which did not immediately respond to a<br>request for comment on Tuesday.)<br><br>A paper co-authored by Wang and fellow George Mason<br>researchers Shiping Chen and Sushil Jajodia describing
<br>their results is scheduled to be presented at a<br>computer security conference in November. An early<br>draft concludes that "tracking anonymous, peer-to-peer<br>VoIP calls on the Internet is feasible" with only
<br>3-millisecond timing alterations as long as the calls<br>are at least 90 seconds long.<br><br>-End quoted section-<br><br>Options, comments?<br><br>__________________________________________________<br>Do You Yahoo!?<br>
Tired of spam? Yahoo! Mail has the best spam protection around<br><a href="http://mail.yahoo.com">http://mail.yahoo.com</a><br></blockquote></div><br><br clear="all"><br>-- <br>"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
<br>-- Benjamin Franklin