May 2015 - tor-commits - lists.torproject.org

[translation/tails-misc_completed] Update translations for tails-misc_completed
by translation＠torproject.org 04 May '15

04 May '15

commit d49c02c9772bea8113dc164df70b49a86eb8a253 Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 4 21:15:43 2015 +0000 Update translations for tails-misc_completed --- es.po | 75 +++++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/es.po b/es.po index 6df30ca..6a92e73 100644 --- a/es.po +++ b/es.po @@ -4,6 +4,7 @@ # # Translators: # Cesar Enrique Sanchez Medina <cesare01(a)gmail.com>, 2014 +# el buve, 2015 # Jose Luis <joseluis.tirado(a)gmail.com>, 2014-2015 # Manuel Herrera <ma_herrer(a)yahoo.com.mx>, 2013 # strel, 2013-2015 @@ -11,9 +12,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-02-23 16:25+0100\n" -"PO-Revision-Date: 2015-02-26 08:32+0000\n" -"Last-Translator: strel\n" +"POT-Creation-Date: 2015-05-02 23:47+0200\n" +"PO-Revision-Date: 2015-05-04 21:11+0000\n" +"Last-Translator: el buve\n" "Language-Team: Spanish (http://www.transifex.com/projects/p/torproject/language/es/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -21,11 +22,11 @@ msgstr "" "Language: es\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh:42 +#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:43 msgid "Tor is ready" msgstr "Tor está listo" -#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh:43 +#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:44 msgid "You can now access the Internet." msgstr "Ahora puede acceder a Internet." @@ -99,128 +100,132 @@ msgstr "_Descifrar/Verificar Portapapeles" msgid "_Manage Keys" msgstr "_Gestionar Claves" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:244 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:208 +msgid "_Open Text Editor" +msgstr "_Abrir editor de texto" + +#: config/chroot_local-includes/usr/local/bin/gpgApplet:252 msgid "The clipboard does not contain valid input data." msgstr "El portapapeles no contiene datos de entrada válidos." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:295 -#: config/chroot_local-includes/usr/local/bin/gpgApplet:297 -#: config/chroot_local-includes/usr/local/bin/gpgApplet:299 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:303 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:305 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:307 msgid "Unknown Trust" msgstr "Confianza desconocida" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:301 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:309 msgid "Marginal Trust" msgstr "Confianza reducida" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:303 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:311 msgid "Full Trust" msgstr "Confianza completa" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:305 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:313 msgid "Ultimate Trust" msgstr "Confianza superior" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:358 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:366 msgid "Name" msgstr "Nombre" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:359 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:367 msgid "Key ID" msgstr "Identificador de Clave" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:360 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:368 msgid "Status" msgstr "Estado" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:392 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:400 msgid "Fingerprint:" msgstr "Huella de validación:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:395 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:403 msgid "User ID:" msgid_plural "User IDs:" msgstr[0] "Identificador de usuario:" msgstr[1] "Identificadores de usuario:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:425 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:433 msgid "None (Don't sign)" msgstr "Ninguno (no firmar)" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:488 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:496 msgid "Select recipients:" msgstr "Seleccionar destinatarios:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:496 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:504 msgid "Hide recipients" msgstr "Esconder destinatarios" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:499 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:507 msgid "" "Hide the user IDs of all recipients of an encrypted message. Otherwise " "anyone that sees the encrypted message can see who the recipients are." msgstr "Esconder los identificadores de usuario de todos los destinatarios de un mensaje cifrado. De otra manera cualquiera que vea el mensaje cifrado puede ver quienes son los destinatarios." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:505 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:513 msgid "Sign message as:" msgstr "Firmar mensaje como:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:509 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:517 msgid "Choose keys" msgstr "Elegir claves" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:549 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:557 msgid "Do you trust these keys?" msgstr "¿Confía en estas claves?" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:552 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:560 msgid "The following selected key is not fully trusted:" msgid_plural "The following selected keys are not fully trusted:" msgstr[0] "La siguiente clave seleccionada no goza de confianza completa:" msgstr[1] "Las siguientes claves seleccionadas no gozan de confianza completa:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:570 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:578 msgid "Do you trust this key enough to use it anyway?" msgid_plural "Do you trust these keys enough to use them anyway?" msgstr[0] "¿Confía lo suficiente en esta clave para usarla de todos modos?" msgstr[1] "¿Confía lo suficiente en estas claves para usarlas de todos modos?" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:583 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:591 msgid "No keys selected" msgstr "No se seleccionaron claves" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:585 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:593 msgid "" "You must select a private key to sign the message, or some public keys to " "encrypt the message, or both." msgstr "Debe seleccionar una clave privada para firmar este mensaje, o algunas claves públicas para cifrar el mensaje, o ambas." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:613 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:621 msgid "No keys available" msgstr "No hay claves disponibles" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:615 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:623 msgid "" "You need a private key to sign messages or a public key to encrypt messages." msgstr "Necesita una clave privada para firmar mensajes o una clave pública para cifrar mensajes." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:743 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:751 msgid "GnuPG error" msgstr "Error de GnuPG" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:764 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:772 msgid "Therefore the operation cannot be performed." msgstr "Por lo tanto la operación no pudo ser realizada." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:814 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:822 msgid "GnuPG results" msgstr "Resultados de GnuPG" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:820 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:828 msgid "Output of GnuPG:" msgstr "Datos de salida de GnuPG:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:845 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:853 msgid "Other messages provided by GnuPG:" msgstr "Otros mensajes emitidos por GnuPG:"

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 04 May '15

04 May '15

commit 2b372fe05e5ac740888c013ba859d8bee6cccb7b Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 4 21:15:38 2015 +0000 Update translations for tails-misc --- es.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/es.po b/es.po index fe441ab..6a92e73 100644 --- a/es.po +++ b/es.po @@ -4,6 +4,7 @@ # # Translators: # Cesar Enrique Sanchez Medina <cesare01(a)gmail.com>, 2014 +# el buve, 2015 # Jose Luis <joseluis.tirado(a)gmail.com>, 2014-2015 # Manuel Herrera <ma_herrer(a)yahoo.com.mx>, 2013 # strel, 2013-2015 @@ -12,8 +13,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2015-05-02 23:47+0200\n" -"PO-Revision-Date: 2015-05-03 08:25+0000\n" -"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" +"PO-Revision-Date: 2015-05-04 21:11+0000\n" +"Last-Translator: el buve\n" "Language-Team: Spanish (http://www.transifex.com/projects/p/torproject/language/es/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -101,7 +102,7 @@ msgstr "_Gestionar Claves" #: config/chroot_local-includes/usr/local/bin/gpgApplet:208 msgid "_Open Text Editor" -msgstr "" +msgstr "_Abrir editor de texto" #: config/chroot_local-includes/usr/local/bin/gpgApplet:252 msgid "The clipboard does not contain valid input data."

1 0

[translation/tails-misc_completed] Update translations for tails-misc_completed
by translation＠torproject.org 04 May '15

04 May '15

commit 269f2f161c0647efd60c9f3467a7cc9114865ee5 Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 4 19:45:38 2015 +0000 Update translations for tails-misc_completed --- fa.po | 70 ++++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/fa.po b/fa.po index 0160d0d..b10bbea 100644 --- a/fa.po +++ b/fa.po @@ -17,9 +17,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-03-30 16:51+0200\n" -"PO-Revision-Date: 2015-04-28 10:17+0000\n" -"Last-Translator: Ali\n" +"POT-Creation-Date: 2015-05-02 23:47+0200\n" +"PO-Revision-Date: 2015-05-04 19:22+0000\n" +"Last-Translator: Gilberto\n" "Language-Team: Persian (http://www.transifex.com/projects/p/torproject/language/fa/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -105,125 +105,129 @@ msgstr "رمزگشایی/تایید امضای کلیپ‌برد" msgid "_Manage Keys" msgstr "مدیریت کلید‌ها" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:244 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:208 +msgid "_Open Text Editor" +msgstr "_بازکردن ویرایشگر متن" + +#: config/chroot_local-includes/usr/local/bin/gpgApplet:252 msgid "The clipboard does not contain valid input data." msgstr "کلیپ‌برد دادهٔ معتبری ندارد" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:295 -#: config/chroot_local-includes/usr/local/bin/gpgApplet:297 -#: config/chroot_local-includes/usr/local/bin/gpgApplet:299 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:303 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:305 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:307 msgid "Unknown Trust" msgstr "قابل اطمینان نیست" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:301 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:309 msgid "Marginal Trust" msgstr "به سختی قابل اطمینان است" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:303 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:311 msgid "Full Trust" msgstr "قابل اطمینان است" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:305 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:313 msgid "Ultimate Trust" msgstr "کاملاً قابل اطمینان است" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:358 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:366 msgid "Name" msgstr "نام" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:359 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:367 msgid "Key ID" msgstr "کلید-شناسه" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:360 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:368 msgid "Status" msgstr "وضعیت" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:392 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:400 msgid "Fingerprint:" msgstr "اثر انگشت:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:395 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:403 msgid "User ID:" msgid_plural "User IDs:" msgstr[0] "شناسه‌های کاربری:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:425 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:433 msgid "None (Don't sign)" msgstr "هیچ کدام (امضا نکن)" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:488 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:496 msgid "Select recipients:" msgstr "دریافت کننده‌ها:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:496 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:504 msgid "Hide recipients" msgstr "دریافت کننده ها را مخفی کن" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:499 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:507 msgid "" "Hide the user IDs of all recipients of an encrypted message. Otherwise " "anyone that sees the encrypted message can see who the recipients are." msgstr "شناسه کاربری تمام دریافت کننده‌های یک پیغام رمزنگاری شده را پنهان کن. در غیر اینصورت هر کسی که این پیغام رمزنگاری شده را دریافت می کند، می تواند بفهمد چه کسان دیگری آن را دریافت کرده اند." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:505 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:513 msgid "Sign message as:" msgstr "پیام را به این عنوان امضا کن:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:509 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:517 msgid "Choose keys" msgstr "کلید رمزنگاری را انتخاب کن" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:549 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:557 msgid "Do you trust these keys?" msgstr "آیا به این کلیدهای رمزنگاری اطمینان دارید؟" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:552 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:560 msgid "The following selected key is not fully trusted:" msgid_plural "The following selected keys are not fully trusted:" msgstr[0] "کلیدهایی زیر کاملاً قابل اطمینان نیستند:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:570 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:578 msgid "Do you trust this key enough to use it anyway?" msgid_plural "Do you trust these keys enough to use them anyway?" msgstr[0] "آیا به اندازی کافی به این کلیدها اطمینان دارید تا به هر حال استفاده شوند؟" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:583 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:591 msgid "No keys selected" msgstr "کلیدی انتخاب نشده است" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:585 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:593 msgid "" "You must select a private key to sign the message, or some public keys to " "encrypt the message, or both." msgstr "با انتخاب یک کلید خصوصی می‌توانید این پیام را امضا و با انتخاب کلید عمومی می‌توانید آن‌را رمزنگاری کنید؛ استفاده از هر دو مورد نیز امکان‌پذیر است." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:613 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:621 msgid "No keys available" msgstr "هیچ کلیدی در دست‌رس نیست" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:615 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:623 msgid "" "You need a private key to sign messages or a public key to encrypt messages." msgstr "شما یک کلید خصوصی نیاز دارید تا پیام‌ها را امضا کنید و یا یک کلید عمومی نیاز دارید تا بتوانید پیام‌ها را رمزنگاری کنید." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:743 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:751 msgid "GnuPG error" msgstr "خطای GnuPG" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:764 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:772 msgid "Therefore the operation cannot be performed." msgstr "بنابراین عملیات قابل اجرا نیست." -#: config/chroot_local-includes/usr/local/bin/gpgApplet:814 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:822 msgid "GnuPG results" msgstr "نتایج GnuPG" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:820 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:828 msgid "Output of GnuPG:" msgstr "خروجی GnuPG:" -#: config/chroot_local-includes/usr/local/bin/gpgApplet:845 +#: config/chroot_local-includes/usr/local/bin/gpgApplet:853 msgid "Other messages provided by GnuPG:" msgstr "سایر پیغام‌هایی که GnuPG ارائه کرده است:"

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 04 May '15

04 May '15

commit bca6faaef786910441346fd4daa1644c06a9c320 Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 4 19:45:34 2015 +0000 Update translations for tails-misc --- fa.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fa.po b/fa.po index e3003d0..b10bbea 100644 --- a/fa.po +++ b/fa.po @@ -18,8 +18,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2015-05-02 23:47+0200\n" -"PO-Revision-Date: 2015-05-03 08:25+0000\n" -"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" +"PO-Revision-Date: 2015-05-04 19:22+0000\n" +"Last-Translator: Gilberto\n" "Language-Team: Persian (http://www.transifex.com/projects/p/torproject/language/fa/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -107,7 +107,7 @@ msgstr "مدیریت کلید‌ها" #: config/chroot_local-includes/usr/local/bin/gpgApplet:208 msgid "_Open Text Editor" -msgstr "" +msgstr "_بازکردن ویرایشگر متن" #: config/chroot_local-includes/usr/local/bin/gpgApplet:252 msgid "The clipboard does not contain valid input data."

1 0

[check/master] Update favicon / title with check result
by arlo＠torproject.org 04 May '15

04 May '15

commit 4f2b003dfe56bf524ed71ed318c332af7aa7954b Author: Arlo Breault <arlolra(a)gmail.com> Date: Mon May 4 12:23:53 2015 -0700 Update favicon / title with check result * trac 15820 --- public/base.html | 2 +- public/bulk.html | 1 + public/img/tor-not.ico | Bin 0 -> 4286 bytes public/img/tor-off.ico | Bin 0 -> 4286 bytes public/img/tor-on.ico | Bin 0 -> 4286 bytes public/index.html | 9 ++++++++- 6 files changed, 10 insertions(+), 2 deletions(-) diff --git a/public/base.html b/public/base.html index 5673de9..2f9facc 100644 --- a/public/base.html +++ b/public/base.html @@ -4,7 +4,7 @@ <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>{{ template "title" . }}</title> - <link rel="icon" type="image/x-icon" href="/torcheck/favicon.ico" /> + <link rel="icon" type="image/x-icon" href="/torcheck/img/{{ template "favicon" . }}" /> <style> html { height: 100%; } body { diff --git a/public/bulk.html b/public/bulk.html index 9f62854..15ec668 100644 --- a/public/bulk.html +++ b/public/bulk.html @@ -1,5 +1,6 @@ {{ template "base.html" . }} {{ define "title" }}Bulk Tor Exit Exporter{{ end }} +{{ define "favicon" }}favicon.ico{{ end }} {{ define "head" }}{{ end }} {{ define "css" }} .form { diff --git a/public/img/tor-not.ico b/public/img/tor-not.ico new file mode 100644 index 0000000..b925b97 Binary files /dev/null and b/public/img/tor-not.ico differ diff --git a/public/img/tor-off.ico b/public/img/tor-off.ico new file mode 100644 index 0000000..6682396 Binary files /dev/null and b/public/img/tor-off.ico differ diff --git a/public/img/tor-on.ico b/public/img/tor-on.ico new file mode 100644 index 0000000..24b3bac Binary files /dev/null and b/public/img/tor-on.ico differ diff --git a/public/index.html b/public/index.html index 05c2e56..eb1195e 100644 --- a/public/index.html +++ b/public/index.html @@ -1,5 +1,12 @@ {{ template "base.html" . }} -{{ define "title" }}{{ GetText .Lang "Are you using Tor?" }}{{ end }} +{{ define "title" }} + {{ if .IsTor }} + {{ GetText .Lang "Congratulations. This browser is configured to use Tor." }} + {{ else }} + {{ GetText .Lang "Sorry. You are not using Tor." }} + {{ end }} +{{ end }} +{{ define "favicon" }}tor-{{ .OnOff }}.png{{ end }} {{ define "css" }} .on { color: green; } .off { color: red; }

1 0

[tor-browser-spec/master] Add W3C-DNT position paper.
by mikeperry＠torproject.org 04 May '15

04 May '15

commit 923f8ea6e998dcee122c602a0ead4a191fde22bd Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Apr 30 14:57:41 2015 -0700 Add W3C-DNT position paper. --- position-papers/W3C-DNT/W3C-DNT.bbl | 60 ++ position-papers/W3C-DNT/W3C-DNT.pdf | Bin 0 -> 72097 bytes position-papers/W3C-DNT/W3C-DNT.tex | 325 +++++++ position-papers/W3C-DNT/llncs.cls | 1016 ++++++++++++++++++++ .../W3C-DNT/slides/W3CDNT-Tor-slides.odp | Bin 0 -> 79019 bytes position-papers/W3C-DNT/usenix.sty | 97 ++ 6 files changed, 1498 insertions(+) diff --git a/position-papers/W3C-DNT/W3C-DNT.bbl b/position-papers/W3C-DNT/W3C-DNT.bbl new file mode 100644 index 0000000..feb7b6f --- /dev/null +++ b/position-papers/W3C-DNT/W3C-DNT.bbl @@ -0,0 +1,60 @@ +\begin{thebibliography}{10} + +\bibitem{web-send} +Tyler Close, Rajiv Makhijani, Mark Seaborn, Kenton Varda, Johan Apelqvist, + Claes Nilsson, and Mike Hanson. +\newblock {Web Introducer}. +\newblock \url{http://web-send.org/introducer/}. + +\bibitem{target} +Charles Duhigg. +\newblock {How Companies Learn Your Secrets}. +\newblock + \url{https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewa% +nted=9}. + +\bibitem{panopticlick} +Peter Eckersley. +\newblock How unique is your web browser? +\newblock In {\em Proceedings of the 10th international conference on Privacy + enhancing technologies}, PETS'10, pages 1--18, Berlin, Heidelberg, 2010. + Springer-Verlag. + +\bibitem{DNT-adoption} +Alex Fowler. +\newblock {Mozilla Led Effort for DNT Finds Broad Support}. +\newblock + \url{https://blog.mozilla.org/privacy/2012/02/23/mozilla-led-effort-for-dnt-% +finds-broad-support/}. + +\bibitem{safecache} +Collin Jackson and Dan Boneh. +\newblock Protecting browser state from web privacy attacks. +\newblock In {\em In Proceedings of the International World Wide Web + Conference}, pages 737--744, 2006. + +\bibitem{DNT-draft} +J.~Mayer, A.~Narayanan, and S.~Stamm. +\newblock {Do Not Track: A Universal Third-Party Web Tracking Opt Out}. +\newblock \url{https://tools.ietf.org/html/draft-mayer-do-not-track-00}. + +\bibitem{fourthparty} +Jonathan~R. Mayer and John~C. Mitchell. +\newblock {Third-Party Web Tracking: Policy and Technology}. +\newblock \url{https://www.stanford.edu/~jmayer/papers/trackingsurvey12.pdf}. + +\bibitem{Persona} +Mozilla~Developer Network. +\newblock {Persona}. +\newblock \url{https://developer.mozilla.org/en-US/docs/persona}. + +\bibitem{torbrowser} +Mike Perry. +\newblock {The Design and Implementation of the Tor Browser}. +\newblock \url{https://www.torproject.org/projects/torbrowser/design/}. + +\bibitem{thirdparty} +Dan Witte. +\newblock \url{https://wiki.mozilla.org/Thirdparty}. + +\end{thebibliography} diff --git a/position-papers/W3C-DNT/W3C-DNT.pdf b/position-papers/W3C-DNT/W3C-DNT.pdf new file mode 100644 index 0000000..424f956 Binary files /dev/null and b/position-papers/W3C-DNT/W3C-DNT.pdf differ diff --git a/position-papers/W3C-DNT/W3C-DNT.tex b/position-papers/W3C-DNT/W3C-DNT.tex new file mode 100644 index 0000000..06b4e89 --- /dev/null +++ b/position-papers/W3C-DNT/W3C-DNT.tex @@ -0,0 +1,325 @@ +%\documentclass{llncs} +\documentclass[letterpaper,11pt]{llncs} +%\documentclass{article} % llncs + +\usepackage{usenix} +\usepackage{url} +\usepackage{amsmath} +\usepackage{epsfig} +\usepackage{epsf} +\usepackage{listings} + +%\setlength{\textwidth}{6in} +%\setlength{\textheight}{8.4in} +%\setlength{\topmargin}{.5cm} +%\setlength{\oddsidemargin}{1cm} +%\setlength{\evensidemargin}{1cm} + +\begin{document} + +\title{Do Not Beg:\\Moving Beyond DNT through Privacy by Design} + +\author{Mike Perry \\ The Tor Project, Inc \\ mikeperry(a)torproject.org} + +%\institute{The Internet} + +\maketitle +\pagestyle{plain} + +\begin{abstract} + +The Do Not Track header (henceforth DNT:1) seeks to provide privacy +protections against third party tracking through user request and regulation. +It is our position that while DNT:1 is potentially useful as a purely +informational tool for browser vendors and service providers, enforcement of +the header suffers from a number of issues including covert circumvention, +enforcement jurisdiction, manipulation, regulatory capture, and abuse. Moreover, +every privacy property that DNT:1 aims to provide through regulatory +enforcement can be better provided through technical changes to browser and +network behavior during private browsing modes. We therefore suggest that the +W3C standards body focus on standardizing these technical measures, rather +than attempting to broker negotiations over regulatory policy and law. + +\end{abstract} + +% XXX: Bonus References +% Playing dumb: +% http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a… +% https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewanted… +% https://tools.ietf.org/id/draft-mayer-do-not-track-00.txt +% DNT Adoption: +% http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2152135 +% Apache vs MS shit +% + +\section{Introduction} + +% XXX: Describe our organization? The Tor Project, Inc is a non-profit... + +In this position paper, we describe the current and potential issues with +DNT:1 and associated regulation, and also describe our prototype browser +implementation\cite{torbrowser} that aims to provide the same third party tracking resistance +properties as DNT:1, but without relying on costly regulation and auditing. + +We also believe that third party privacy can become a competitive feature for +browser vendors, Internet service providers, and privacy preserving overlay +networks. + +\section{Overview of DNT:1} + +The Do Not Track header seeks to provide users with a uniform mechanism to +opt-out of third party tracking. Third party content elements are supposed to +honor the header by declining to set cookies and record user activity on their +servers. The draft standard\cite{DNT-draft} states that first party sites do +not need to alter behavior with respect to the header. It also states a number +of exceptions where third parties may still choose to retain and analyze data. + +\subsection{Benefits of DNT:1} + +The primary benefit of the Do Not Track header is that it provides a strong +signal to browser vendors and websites with respect to their users' +interest in privacy. Within a few months of the header's appearance, 7\% of +desktop and 18\% of mobile Firefox users dug through the Firefox privacy +settings to enable it.\cite{DNT-adoption} + +However, despite the value of sizing the market segment for frictionless +privacy enhancing web technologies, it is very likely that DNT:1 will become a +total disaster once the transition to regulatory enforcement draws near. + +\subsection{Shortcomings and Dangers of DNT:1} + +The primary shortcoming of DNT:1 is that it in no way alters the behavior of +numerous browser technologies that enable and facilitate third party tracking, +and instead relies entirely on ad-hoc auditing and potentially even regulatory +enforcement. + +Should strict auditing and direct regulatory requirements be enforced in some +jurisdictions, it is very likely that at least some portion of the advertising +industry would relocate to more favorable jurisdictions. In fact, they would +be incentivized to do so, since it would allow them to offer advertising +services at more favorable rates than their competitors who do not. + +Similarly, it introduces serious risks of regulatory capture, especially in +jurisdictions where advertising is able to wield considerable political +influence over the selection of elected officials. + +To answer these concerns, some DNT:1 advocates claim they favor "Carrot and +Stick" incentive schemes that do not involve direct regulation, but instead +will rely on web crawls to determine suspicious third party +activity\cite{fourthparty}. Their claim is that violators can be added to an +always-on adblocker filter, and good actors could even be given immunity from +data breach notification requirements and related privacy regulations. + +However, without changes to the underlying browser technologies, there are +simply too many ways for advertisers to covertly encode identifying +information in third party elements. Even seemingly innocuous changes such as +minor Javascript and CSS alterations across multiple elements can be used to +encode covert identifiers that are stored in the browser cache for use as +third party tracking cookies. This doesn't even begin to scratch the surface +of covert third party identifier storage and supercookie vectors, let alone IP +address and fingerprinting-based vectors, all of which we will discuss in more +detail in later sections. + +Further, behavioral targeting can be made very subtle, and difficult to +distinguish from random chance. For example, Target has begun taking great +pains to obscure behavioral targeting in its catalogs, to avoid alienating +customers. Their targeted advertisements are still present, but they are +merely blended with off-target messaging to provide a false sense of security +and privacy\cite{target}. It is extremely likely that such techniques will be +employed by bad actors in the third party advertising world as well. + +Further still, because of the various exemptions allowed in the DNT:1 +standard, it is hard for users to know when the header is being honored, and +if their activity is still being recorded, exchanged, and sold. + +\subsection{Hidden Costs of DNT:1} + +We believe that DNT:1 has seen such favorable adoption by browser vendors +because of the ease of deployment for them. Adding a single HTTP header is +substantially simpler than devoting research and development resources into +addressing the network adversary in private browsing modes. + +However, DNT:1 merely shifts the costs of privacy development and enforcement +off of the browser vendors and onto every other party involved in the Internet +economy, as well as onto new parties who were previously not involved (such as +auditors, vigilantes, and governmental regulators). + +Further, DNT:1 demands that standards organizations such as the W3C shift +gears away from producing and reviewing technical standards to instead +broker policy deals between regulators, legislators, and industry. + +% XXX: Possibly too adversarial: +We believe that standards bodies and regulatory agencies shouldn't be wasting +resources asking themselves how, when, and why advertisers don't obey DNT:1. +Instead, they should be asking themselves why browser vendors whose revenue +streams are often directly related to advertising markets continue to deploy +technologies that facilitate and encourage covert third party tracking with no +technical alternatives, even when their users enable their so-called "private +browsing modes". + +\section{Do Not Track through Privacy By Design} + +Remarkably, the very same third party tracking resistance properties suggested +by the DNT:1 draft standard are possible through a combination of browser and +network behaviors. + +All of these properties flow from a very simple core idea: two different first +party domains should not be able to link or correlate activity by the same +user, except with that user's explicit consent. + +Initially, consent can be interpreted as link-click navigation. However, as +federated login technologies such as web-send\cite{web-send} and +Persona\cite{Persona} (formerly BrowserID) evolve, link-click based tracking +vectors (such as the Referrer header) can be reduced to the point where they +are easily visible to experts. + +To understand the scope of the changes to the browser and network service +providers to provide third party tracking resistance, we need to break down +the problem into roughly four main areas of linkability and privacy: +identifier sources, fingerprinting sources, disk activity, and IP address +utilization. + +\subsection{Browser Behavior: Identifier Sources} + +Obviously, the primary vector through which third party tracking operates is +the third party cookie. + +Mozilla has a wonderful example of a first party isolation improvement written +by Dan Witte and buried on their wiki\cite{thirdparty}. It describes a new +dual-keyed origin for cookies, so that cookies would only be transmitted if +they matched both the top level origin and the third party origin involved in +their creation. Thus, third party features could still function, if the user +authenticated to that third party within the context of their first party url +bar domain (perhaps using Mozilla's Persona, for example). + +With respect to cache identifiers, the earliest relevant example of isolation +work is SafeCache\cite{safecache}. SafeCache eliminates the ability for 3rd +party content elements to use the cache to store identifiers across first +party domains. It does this by limiting the scope of the cache to the origin +in the url bar origin. This has the effect that commonly sourced content +elements are fetched and cached repeatedly, but this is the desired property. +Each of these prevalent content elements can be crafted to include unique +identifiers for each user, in order to track users who attempt to avoid +tracking by clearing cookies. + +Other identifier storage mechanisms that require such isolation include +HTTP Auth, window.name, DOM Storage, IndexedDB, SPDY, HTTP-Keepalive, and +cross-domain automated redirects. In Tor Browser\cite{torbrowser}, we either +disable or isolate these technologies. + +Properly isolating browser identifiers to the first party domain also has +other advantages as well. With a clear distinction between 3rd party and first +party cookies, the privacy settings window could have a user-intuitive way of +representing the user's relationship with different origins, perhaps by using +only the favicon of that top level origin to represent all of the browser +state accumulated by that origin. The user could delete the entire set of +browser state (cookies, cache, storage, cryptographic tokens, and even +history) associated with a site simply by removing its favicon from their +privacy info panel. + +\subsection{Browser Behavior: Fingerprinting Sources} + +After identifier isolation, the next source for covert tracking is through +browser fingerprinting. Advertising networks can probe various browser +properties known to differ widely in the userbase, thus constructing an +identifier-free mechanism of tracking users. + +Unfortunately, just about every browser property and functionality is a +potential fingerprinting target. In order to properly address the network +adversary on a technical level, we need a metric to measure linkability of the +various browser properties that extend beyond any stored origin-related state. + +The Panopticlick project by the EFF provides us with this +metric\cite{panopticlick}. The researchers conducted a survey of volunteers +who were asked to visit an experiment page that harvested many of the above +components. They then computed the Shannon Entropy of the resulting +distribution of each of several key attributes to determine how many bits of +identifying information each attribute provided. + +While not perfect\footnotemark, this metric allows us to prioritize effort at +components that have the most potential for linkability. + +\footnotetext{In particular, we believe it is impossible to eliminate +inter-browser fingerprinting vectors. Instead, fingerprinting metrics and +defenses should focus on distinguishing features amongst a population with the +same user agent. The Panopticlick test is not currently set up to do this.} + +This metric also indicates that it is beneficial for us to standardize on +implementations of fingerprinting resistance where possible. More +implementations using the same defenses means more users with similar +fingerprints, which means less entropy in the metric. It is for this reason +(among others) that the Tor Project seeks to share its Firefox-based browser +implementation\cite{torbrowser} with any interested parties. + +The fingerprinting defenses deployed by the Tor Browser include reporting the +desktop resolution as the content window size, reporting a fixed set of of +system colors, disabling plugins by default, limiting the number of fonts a +document is allowed to load, and disallowing read access to the HTML5 canvas +without permission. + +The DNT:1 header itself is also fingerprinting vector for bad actors if we +allow our users to set it, and the related scandal between Microsoft and +Apache will likely cause us to entirely remove the DNT:1 option from Tor +Browser's privacy preferences as a result. + +\subsection{Browser Behavior: Disk Activity} + +In addition to protecting against the network adversary, we believe that +private browsing modes should not force the user to go without disk access. The +two defenses are orthogonal, and private browsing mode users should still be +allowed to store history, bookmarks, and even cookies and cache if they so +choose. + +Interestingly, a unified toplevel privacy UI could provide easy access to +quickly clear all of these disk records on a per-site basis, using the same UI +window for both tracking privacy and local disk storage. + +\subsection{Network Behavior: IP address utilization} + +Currently, there are many ways users can obtain a fresh IP address in an +ad-hoc fashion. Users can use open wireless networks or tether to their +phones. In fact, it is common practice for ISPs in many parts of the world to +rotate user IP addresses daily, to discourage servers and to impede the spread +of malware. This is especially true of cellular IP networks. + +Obviously, only technically savvy users are likely to take full advantage of +these properties correctly. However, there is no reason why an IP address +allocation approach can't be generalized and standardized. One could imagine +any privacy proxy (perhaps even one provided by your primary ISP) that +intelligently isolates your first party page loads, along with all of their +associated third party content, to a given IP address. By standardizing such a +mechanism, privacy preserving networks can compete on network properties such +as privacy or performance, rather than some combination of network and user +agent. + +The mechanism Tor has chosen to convey this information to the overlay network +is the SOCKS username and password fields. Our plan is for the Tor Browser to +inform the Tor client which network requests correspond to a given first party +URL bar domain. The Tor client will then ensure that all first party loads use +a different path through the Tor overlay network. + +In fact, the Tor Project has concluded that it is in the best interests of the +organization to share user agent development and standardization with other +privacy preserving networks, both to reduce our development efforts, and to +lead to a wider browser fingerprint population for our userbase. The German +privacy company JonDos, GmbH has already joined this effort. + +\section{Conclusions} + +We discussed the Do Not Track header, the privacy properties it seeks to +provide, and its shortcomings. We believe it is possible to provide these very +same privacy properties through privacy by design. + +While the DNT:1 header appears to be a simple change on the browser side, it +has numerous hidden costs in terms of regulators, auditors, and server-side +changes, in addition to serious regulatory challenges. We believe that it will +actually be less costly in total to make the equivalent changes to the +browser, and these changes will have the advantage of supporting markets for +privacy proxies and related privacy enhancing technologies. + +\bibliographystyle{plain} \bibliography{W3C-DNT} + +\clearpage +\appendix + +\end{document} diff --git a/position-papers/W3C-DNT/llncs.cls b/position-papers/W3C-DNT/llncs.cls new file mode 100644 index 0000000..0308e57 --- /dev/null +++ b/position-papers/W3C-DNT/llncs.cls @@ -0,0 +1,1016 @@ +% LLNCS DOCUMENT CLASS -- version 2.8 +% for LaTeX2e +% +\NeedsTeXFormat{LaTeX2e}[1995/12/01] +\ProvidesClass{llncs}[2000/05/16 v2.8 +^^JLaTeX document class for Lecture Notes in Computer Science] +% Options +\let\if@envcntreset\iffalse +\DeclareOption{envcountreset}{\let\if@envcntreset\iftrue} +\DeclareOption{citeauthoryear}{\let\citeauthoryear=Y} +\DeclareOption{oribibl}{\let\oribibl=Y} +\let\if@custvec\iftrue +\DeclareOption{orivec}{\let\if@custvec\iffalse} +\let\if@envcntsame\iffalse +\DeclareOption{envcountsame}{\let\if@envcntsame\iftrue} +\let\if@envcntsect\iffalse +\DeclareOption{envcountsect}{\let\if@envcntsect\iftrue} +\let\if@runhead\iffalse +\DeclareOption{runningheads}{\let\if@runhead\iftrue} + +\let\if@openbib\iffalse +\DeclareOption{openbib}{\let\if@openbib\iftrue} + +\DeclareOption*{\PassOptionsToClass{\CurrentOption}{article}} + +\ProcessOptions + +\LoadClass[twoside]{article} +\RequirePackage{multicol} % needed for the list of participants, index + +\setlength{\textwidth}{12.2cm} +\setlength{\textheight}{19.3cm} + +% Ragged bottom for the actual page +\def\thisbottomragged{\def\@textbottom{\vskip\z@ plus.0001fil +\global\let\@textbottom\relax}} + +\renewcommand\small{% + \@setfontsize\small\@ixpt{11}% + \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@ + \abovedisplayshortskip \z@ \@plus2\p@ + \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@ + \def\@listi{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@}% + \belowdisplayskip \abovedisplayskip +} + +\frenchspacing +\widowpenalty=10000 +\clubpenalty=10000 + +\setlength\oddsidemargin {63\p@} +\setlength\evensidemargin {63\p@} +\setlength\marginparwidth {90\p@} + +\setlength\headsep {16\p@} + +\setlength\footnotesep{7.7\p@} +\setlength\textfloatsep{8mm\@plus 2\p@ \@minus 4\p@} +\setlength\intextsep {8mm\@plus 2\p@ \@minus 2\p@} + +\setcounter{secnumdepth}{2} + +\newcounter {chapter} +\renewcommand\thechapter {\@arabic\c@chapter} + +\newif\if@mainmatter \@mainmattertrue +\newcommand\frontmatter{\cleardoublepage + \@mainmatterfalse\pagenumbering{Roman}} +\newcommand\mainmatter{\cleardoublepage + \@mainmattertrue\pagenumbering{arabic}} +\newcommand\backmatter{\if@openright\cleardoublepage\else\clearpage\fi + \@mainmatterfalse} + +\renewcommand\part{\cleardoublepage + \thispagestyle{empty}% + \if@twocolumn + \onecolumn + \@tempswatrue + \else + \@tempswafalse + \fi + \null\vfil + \secdef\@part\@spart} + +\def\@part[#1]#2{% + \ifnum \c@secnumdepth >-2\relax + \refstepcounter{part}% + \addcontentsline{toc}{part}{\thepart\hspace{1em}#1}% + \else + \addcontentsline{toc}{part}{#1}% + \fi + \markboth{}{}% + {\centering + \interlinepenalty \@M + \normalfont + \ifnum \c@secnumdepth >-2\relax + \huge\bfseries \partname~\thepart + \par + \vskip 20\p@ + \fi + \Huge \bfseries #2\par}% + \@endpart} +\def\@spart#1{% + {\centering + \interlinepenalty \@M + \normalfont + \Huge \bfseries #1\par}% + \@endpart} +\def\@endpart{\vfil\newpage + \if@twoside + \null + \thispagestyle{empty}% + \newpage + \fi + \if@tempswa + \twocolumn + \fi} + +\newcommand\chapter{\clearpage + \thispagestyle{empty}% + \global\@topnum\z@ + \@afterindentfalse + \secdef\@chapter\@schapter} +\def\@chapter[#1]#2{\ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \refstepcounter{chapter}% + \typeout{\(a)chapapp\space\thechapter.}% + \addcontentsline{toc}{chapter}% + {\protect\numberline{\thechapter}#1}% + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \chaptermark{#1}% + \addtocontents{lof}{\protect\addvspace{10\p@}}% + \addtocontents{lot}{\protect\addvspace{10\p@}}% + \if@twocolumn + \@topnewpage[\@makechapterhead{#2}]% + \else + \@makechapterhead{#2}% + \@afterheading + \fi} +\def\@makechapterhead#1{% +% \vspace*{50\p@}% + {\centering + \ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \large\bfseries \@chapapp{} \thechapter + \par\nobreak + \vskip 20\p@ + \fi + \fi + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} +\def\@schapter#1{\if@twocolumn + \@topnewpage[\@makeschapterhead{#1}]% + \else + \@makeschapterhead{#1}% + \@afterheading + \fi} +\def\@makeschapterhead#1{% +% \vspace*{50\p@}% + {\centering + \normalfont + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} + +\renewcommand\section{\@startsection{section}{1}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {12\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\large\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsection{\@startsection{subsection}{2}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {8\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\normalsize\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\bfseries\boldmath}} +\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}% + {-12\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\itshape}} +\renewcommand\subparagraph[1]{\typeout{LLNCS warning: You should not use + \string\subparagraph\space with this class}\vskip0.5cm +You should not use \verb|\subparagraph| with this class.\vskip0.5cm} + +\DeclareMathSymbol{\Gamma}{\mathalpha}{letters}{"00} +\DeclareMathSymbol{\Delta}{\mathalpha}{letters}{"01} +\DeclareMathSymbol{\Theta}{\mathalpha}{letters}{"02} +\DeclareMathSymbol{\Lambda}{\mathalpha}{letters}{"03} +\DeclareMathSymbol{\Xi}{\mathalpha}{letters}{"04} +\DeclareMathSymbol{\Pi}{\mathalpha}{letters}{"05} +\DeclareMathSymbol{\Sigma}{\mathalpha}{letters}{"06} +\DeclareMathSymbol{\Upsilon}{\mathalpha}{letters}{"07} +\DeclareMathSymbol{\Phi}{\mathalpha}{letters}{"08} +\DeclareMathSymbol{\Psi}{\mathalpha}{letters}{"09} +\DeclareMathSymbol{\Omega}{\mathalpha}{letters}{"0A} + +\let\footnotesize\small + +\if@custvec +\def\vec#1{\mathchoice{\mbox{\boldmath$\displaystyle#1$}} +{\mbox{\boldmath$\textstyle#1$}} +{\mbox{\boldmath$\scriptstyle#1$}} +{\mbox{\boldmath$\scriptscriptstyle#1$}}} +\fi + +\def\squareforqed{\hbox{\rlap{$\sqcap$}$\sqcup$}} +\def\qed{\ifmmode\squareforqed\else{\unskip\nobreak\hfil +\penalty50\hskip1em\null\nobreak\hfil\squareforqed +\parfillskip=0pt\finalhyphendemerits=0\endgraf}\fi} + +\def\getsto{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr\gets\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +\gets\cr\to\cr}}}}} +\def\lid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr<\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr<\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr<\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +<\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\gid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr>\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr>\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\grole{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr +>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.8pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.3pt}<\cr}}}}} +\def\bbbr{{\rm I\!R}} %reelle Zahlen +\def\bbbm{{\rm I\!M}} +\def\bbbn{{\rm I\!N}} %natuerliche Zahlen +\def\bbbf{{\rm I\!F}} +\def\bbbh{{\rm I\!H}} +\def\bbbk{{\rm I\!K}} +\def\bbbp{{\rm I\!P}} +\def\bbbone{{\mathchoice {\rm 1\mskip-4mu l} {\rm 1\mskip-4mu l} +{\rm 1\mskip-4.5mu l} {\rm 1\mskip-5mu l}}} +\def\bbbc{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbq{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}}}} +\def\bbbt{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +T$}\hbox{\hbox to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbs{{\mathchoice +{\setbox0=\hbox{$\displaystyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.5\wd0\vrule height0.45\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.4\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.55\wd0\vrule height0.45\ht0\hss}\box0}}}} +\def\bbbz{{\mathchoice {\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\scriptstyle Z\kern-0.3em Z$}} +{\hbox{$\mathsf\scriptscriptstyle Z\kern-0.2em Z$}}}} + +\let\ts\, + +\setlength\leftmargini {17\p@} +\setlength\leftmargin {\leftmargini} +\setlength\leftmarginii {\leftmargini} +\setlength\leftmarginiii {\leftmargini} +\setlength\leftmarginiv {\leftmargini} +\setlength \labelsep {.5em} +\setlength \labelwidth{\leftmargini} +\addtolength\labelwidth{-\labelsep} + +\def\@listI{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@} +\let\@listi\@listI +\@listi +\def\@listii {\leftmargin\leftmarginii + \labelwidth\leftmarginii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus2\p@ \@minus\p@} +\def\@listiii{\leftmargin\leftmarginiii + \labelwidth\leftmarginiii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus\p@\@minus\p@ + \parsep \z@ + \partopsep \p@ \@plus\z@ \@minus\p@} + +\renewcommand\labelitemi{\normalfont\bfseries --} +\renewcommand\labelitemii{$\m@th\bullet$} + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\def\tableofcontents{\chapter*{\contentsname\@mkboth{{\contentsname}}% + {{\contentsname}}} + \def\authcount##1{\setcounter{auco}{##1}\setcounter{@auth}{1}} + \def\lastand{\ifnum\value{auco}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{auco}% + \lastand + \else + \unskip, + \fi}% + \@starttoc{toc}\if@restonecol\twocolumn\fi} + +\def\l@part#1#2{\addpenalty{\@secpenalty}% + \addvspace{2em plus\p@}% % space above part line + \begingroup + \parindent \z@ + \rightskip \z@ plus 5em + \hrule\vskip5pt + \large % same size as for a contribution heading + \bfseries\boldmath % set line in boldface + \leavevmode % TeX command to enter horizontal mode. + #1\par + \vskip5pt + \hrule + \vskip1pt + \nobreak % Never break after part entry + \endgroup} + +\def\@dotsep{2} + +\def\hyperhrefextend{\ifx\hyper@anchor\@undefined\else +{chapter.\thechapter}\fi} + +\def\addnumcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{\protect\numberline + {\thechapter}#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmarkwop#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{0}\hyperhrefextend}} + +\def\@adcmk[#1]{\ifcase #1 \or +\def\@gtempa{\addnumcontentsmark}% + \or \def\@gtempa{\addcontentsmark}% + \or \def\@gtempa{\addcontentsmarkwop}% + \fi\@gtempa{toc}{chapter}} +\def\addtocmark{\@ifnextchar[{\@adcmk}{\@adcmk[3]}} + +\def\l@chapter#1#2{\addpenalty{-\@highpenalty} + \vskip 1.0em plus 1pt \@tempdima 1.5em \begingroup + \parindent \z@ \rightskip \@pnumwidth + \parfillskip -\@pnumwidth + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + {\large\bfseries\boldmath#1}\ifx0#2\hfil\null + \else + \nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}% + \fi\par + \penalty\@highpenalty \endgroup} + +\def\l@title#1#2{\addpenalty{-\@highpenalty} + \addvspace{8pt plus 1pt} + \@tempdima \z@ + \begingroup + \parindent \z@ \rightskip \@tocrmarg + \parfillskip -\@tocrmarg + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + #1\nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}\par + \penalty\@highpenalty \endgroup} + +\setcounter{tocdepth}{0} +\newdimen\tocchpnum +\newdimen\tocsecnum +\newdimen\tocsectotal +\newdimen\tocsubsecnum +\newdimen\tocsubsectotal +\newdimen\tocsubsubsecnum +\newdimen\tocsubsubsectotal +\newdimen\tocparanum +\newdimen\tocparatotal +\newdimen\tocsubparanum +\tocchpnum=\z@ % no chapter numbers +\tocsecnum=15\p@ % section 88. plus 2.222pt +\tocsubsecnum=23\p@ % subsection 88.8 plus 2.222pt +\tocsubsubsecnum=27\p@ % subsubsection 88.8.8 plus 1.444pt +\tocparanum=35\p@ % paragraph 88.8.8.8 plus 1.666pt +\tocsubparanum=43\p@ % subparagraph 88.8.8.8.8 plus 1.888pt +\def\calctocindent{% +\tocsectotal=\tocchpnum +\advance\tocsectotal by\tocsecnum +\tocsubsectotal=\tocsectotal +\advance\tocsubsectotal by\tocsubsecnum +\tocsubsubsectotal=\tocsubsectotal +\advance\tocsubsubsectotal by\tocsubsubsecnum +\tocparatotal=\tocsubsubsectotal +\advance\tocparatotal by\tocparanum} +\calctocindent + +\def\l@section{\@dottedtocline{1}{\tocchpnum}{\tocsecnum}} +\def\l@subsection{\@dottedtocline{2}{\tocsectotal}{\tocsubsecnum}} +\def\l@subsubsection{\@dottedtocline{3}{\tocsubsectotal}{\tocsubsubsecnum}} +\def\l@paragraph{\@dottedtocline{4}{\tocsubsubsectotal}{\tocparanum}} +\def\l@subparagraph{\@dottedtocline{5}{\tocparatotal}{\tocsubparanum}} + +\def\listoffigures{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listfigurename\@mkboth{{\listfigurename}}{{\listfigurename}}} + \@starttoc{lof}\if@restonecol\twocolumn\fi} +\def\l@figure{\@dottedtocline{1}{0em}{1.5em}} + +\def\listoftables{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listtablename\@mkboth{{\listtablename}}{{\listtablename}}} + \@starttoc{lot}\if@restonecol\twocolumn\fi} +\let\l@table\l@figure + +\renewcommand\listoffigures{% + \section*{\listfigurename + \@mkboth{\listfigurename}{\listfigurename}}% + \@starttoc{lof}% + } + +\renewcommand\listoftables{% + \section*{\listtablename + \@mkboth{\listtablename}{\listtablename}}% + \@starttoc{lot}% + } + +\ifx\oribibl\undefined +\ifx\citeauthoryear\undefined +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \def\(a)biblabel##1{##1.} + \small + \list{\@biblabel{\@arabic\c@enumiv}}% + {\settowidth\labelwidth{\@biblabel{#1}}% + \leftmargin\labelwidth + \advance\leftmargin\labelsep + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{\@arabic\c@enumiv}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} +\def\@lbibitem[#1]#2{\item[{[#1]}\hfill]\if@filesw + {\let\protect\noexpand\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} +\newcount\@tempcntc +\def\@citex[#1]#2{\if@filesw\immediate\write\@auxout{\string\citation{#2}}\fi + \@tempcnta\z@\@tempcntb\m@ne\def\@citea{}\@cite{\@for\@citeb:=#2\do + {\@ifundefined + {b@\@citeb}{\@citeo\@tempcntb\m@ne\@citea\def\@citea{,}{\bfseries + ?}\@warning + {Citation `\@citeb' on page \thepage \space undefined}}% + {\setbox\z@\hbox{\global\@tempcntc0\csname b@\@citeb\endcsname\relax}% + \ifnum\@tempcntc=\z@ \@citeo\@tempcntb\m@ne + \@citea\def\@citea{,}\hbox{\csname b@\@citeb\endcsname}% + \else + \advance\@tempcntb\@ne + \ifnum\@tempcntb=\@tempcntc + \else\advance\@tempcntb\m@ne\@citeo + \@tempcnta\@tempcntc\@tempcntb\@tempcntc\fi\fi}}\@citeo}{#1}} +\def\@citeo{\ifnum\@tempcnta>\@tempcntb\else + \@citea\def\@citea{,\,\hskip\z@skip}% + \ifnum\@tempcnta=\@tempcntb\the\@tempcnta\else + {\advance\@tempcnta\@ne\ifnum\@tempcnta=\@tempcntb \else + \def\@citea{--}\fi + \advance\@tempcnta\m@ne\the\@tempcnta\@citea\the\@tempcntb}\fi\fi} +\else +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \small + \list{}% + {\settowidth\labelwidth{}% + \leftmargin\parindent + \itemindent=-\parindent + \labelsep=\z@ + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} + \def\@cite#1{#1}% + \def\@lbibitem[#1]#2{\item[]\if@filesw + {\def\protect##1{\string ##1\space}\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} + \fi +\else +\@cons\@openbib@code{\noexpand\small} +\fi + +\def\idxquad{\hskip 10\p@}% space that divides entry from number + +\def\@idxitem{\par\hangindent 10\p@} + +\def\subitem{\par\setbox0=\hbox{--\enspace}% second order + \noindent\hangindent\wd0\box0}% index entry + +\def\subsubitem{\par\setbox0=\hbox{--\,--\enspace}% third + \noindent\hangindent\wd0\box0}% order index entry + +\def\indexspace{\par \vskip 10\p@ plus5\p@ minus3\p@\relax} + +\renewenvironment{theindex} + {\@mkboth{\indexname}{\indexname}% + \thispagestyle{empty}\parindent\z@ + \parskip\z@ \@plus .3\p@\relax + \let\item\par + \def\,{\relax\ifmmode\mskip\thinmuskip + \else\hskip0.2em\ignorespaces\fi}% + \normalfont\small + \begin{multicols}{2}[\@makeschapterhead{\indexname}]% + } + {\end{multicols}} + +\renewcommand\footnoterule{% + \kern-3\p@ + \hrule\@width 2truecm + \kern2.6\p@} + \newdimen\fnindent + \fnindent1em +\long\def\@makefntext#1{% + \parindent \fnindent% + \leftskip \fnindent% + \noindent + \llap{\hb@xt@1em{\hss\@makefnmark\ }}\ignorespaces#1} + +\long\def\@makecaption#1#2{% + \vskip\abovecaptionskip + \sbox\@tempboxa{{\bfseries #1.} #2}% + \ifdim \wd\@tempboxa >\hsize + {\bfseries #1.} #2\par + \else + \global \@minipagefalse + \hb@xt@\hsize{\hfil\box\@tempboxa\hfil}% + \fi + \vskip\belowcaptionskip} + +\def\fps@figure{htbp} +\def\fnum@figure{\figurename\thinspace\thefigure} +\def \@floatboxreset {% + \reset@font + \small + \@setnobreak + \@setminipage +} +\def\fps@table{htbp} +\def\fnum@table{\tablename~\thetable} +\renewenvironment{table} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@float{table}} + {\end@float} +\renewenvironment{table*} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@dblfloat{table}} + {\end@dblfloat} + +\long\def\@caption#1[#2]#3{\par\addcontentsline{\csname + ext@#1\endcsname}{#1}{\protect\numberline{\csname + the#1\endcsname}{\ignorespaces #2}}\begingroup + \@parboxrestore + \@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par + \endgroup} + +% LaTeX does not provide a command to enter the authors institute +% addresses. The \institute command is defined here. + +\newcounter{@inst} +\newcounter{@auth} +\newcounter{auco} +\def\andname{and} +\def\lastandname{\unskip, and} +\newdimen\instindent +\newbox\authrun +\newtoks\authorrunning +\newtoks\tocauthor +\newbox\titrun +\newtoks\titlerunning +\newtoks\toctitle + +\def\clearheadinfo{\gdef\@author{No Author Given}% + \gdef\@title{No Title Given}% + \gdef\@subtitle{}% + \gdef\@institute{No Institute Given}% + \gdef\@thanks{}% + \global\titlerunning={}\global\authorrunning={}% + \global\toctitle={}\global\tocauthor={}} + +\def\institute#1{\gdef\@institute{#1}} + +\def\institutename{\par + \begingroup + \parskip=\z@ + \parindent=\z@ + \setcounter{@inst}{1}% + \def\and{\par\stepcounter{@inst}% + \noindent$^{\the@inst}$\enspace\ignorespaces}% + \setbox0=\vbox{\def\thanks##1{}\@institute}% + \ifnum\c@@inst=1\relax + \else + \setcounter{footnote}{\c@@inst}% + \setcounter{@inst}{1}% + \noindent$^{\the@inst}$\enspace + \fi + \ignorespaces + \@institute\par + \endgroup} + +\def\@fnsymbol#1{\ensuremath{\ifcase#1\or\star\or{\star\star}\or + {\star\star\star}\or \dagger\or \ddagger\or + \mathchar "278\or \mathchar "27B\or \|\or **\or \dagger\dagger + \or \ddagger\ddagger \else\@ctrerr\fi}} + +\def\inst#1{\unskip$^{#1}$} +\def\fnmsep{\unskip$^,$} +\def\email#1{{\tt#1}} +\AtBeginDocument{\@ifundefined{url}{\def\url#1{#1}}{}} +\def\homedir{\~{ }} + +\def\subtitle#1{\gdef\@subtitle{#1}} +\clearheadinfo + +\renewcommand\maketitle{\newpage + \refstepcounter{chapter}% + \stepcounter{section}% + \setcounter{section}{0}% + \setcounter{subsection}{0}% + \setcounter{figure}{0} + \setcounter{table}{0} + \setcounter{equation}{0} + \setcounter{footnote}{0}% + \begingroup + \parindent=\z@ + \renewcommand\thefootnote{\@fnsymbol\c@footnote}% + \if@twocolumn + \ifnum \col@number=\@ne + \@maketitle + \else + \twocolumn[\@maketitle]% + \fi + \else + \newpage + \global\@topnum\z@ % Prevents figures from going at top of page. + \@maketitle + \fi + \thispagestyle{empty}\@thanks +% + \def\\{\unskip\ \ignorespaces}\def\inst##1{\unskip{}}% + \def\thanks##1{\unskip{}}\def\fnmsep{\unskip}% + \instindent=\hsize + \advance\instindent by-\headlineindent + \if!\the\toctitle!\addcontentsline{toc}{title}{\@title}\else + \addcontentsline{toc}{title}{\the\toctitle}\fi + \if@runhead + \if!\the\titlerunning!\else + \edef\@title{\the\titlerunning}% + \fi + \global\setbox\titrun=\hbox{\small\rm\unboldmath\ignorespaces\@title}% + \ifdim\wd\titrun>\instindent + \typeout{Title too long for running head. Please supply}% + \typeout{a shorter form with \string\titlerunning\space prior to + \string\maketitle}% + \global\setbox\titrun=\hbox{\small\rm + Title Suppressed Due to Excessive Length}% + \fi + \xdef\@title{\copy\titrun}% + \fi +% + \if!\the\tocauthor!\relax + {\def\and{\noexpand\protect\noexpand\and}% + \protected@xdef\toc@uthor{\@author}}% + \else + \def\\{\noexpand\protect\noexpand\newline}% + \protected@xdef\scratch{\the\tocauthor}% + \protected@xdef\toc@uthor{\scratch}% + \fi + \addtocontents{toc}{{\protect\raggedright\protect\leftskip15\p@ + \protect\rightskip\@tocrmarg + \protect\itshape\toc@uthor\protect\endgraf}}% + \if@runhead + \if!\the\authorrunning! + \value{@inst}=\value{@auth}% + \setcounter{@auth}{1}% + \else + \edef\@author{\the\authorrunning}% + \fi + \global\setbox\authrun=\hbox{\small\unboldmath\@author\unskip}% + \ifdim\wd\authrun>\instindent + \typeout{Names of authors too long for running head. Please supply}% + \typeout{a shorter form with \string\authorrunning\space prior to + \string\maketitle}% + \global\setbox\authrun=\hbox{\small\rm + Authors Suppressed Due to Excessive Length}% + \fi + \xdef\@author{\copy\authrun}% + \markboth{\@author}{\@title}% + \fi + \endgroup + \setcounter{footnote}{0}% + \clearheadinfo} +% +\def\@maketitle{\newpage + \markboth{}{}% + \def\lastand{\ifnum\value{@inst}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{@inst}% + \lastand + \else + \unskip, + \fi}% + \begin{center}% + {\Large \bfseries\boldmath + \pretolerance=10000 + \@title \par}\vskip .8cm +\if!\@subtitle!\else {\large \bfseries\boldmath + \vskip -.65cm + \pretolerance=10000 + \@subtitle \par}\vskip .8cm\fi + \setbox0=\vbox{\setcounter{@auth}{1}\def\and{\stepcounter{@auth}}% + \def\thanks##1{}\@author}% + \global\value{@inst}=\value{@auth}% + \global\value{auco}=\value{@auth}% + \setcounter{@auth}{1}% +{\lineskip .5em +\noindent\ignorespaces +\(a)author\vskip.35cm} + {\small\institutename} + \end{center}% + } + +% definition of the "\spnewtheorem" command. +% +% Usage: +% +% \spnewtheorem{env_nam}{caption}[within]{cap_font}{body_font} +% or \spnewtheorem{env_nam}[numbered_like]{caption}{cap_font}{body_font} +% or \spnewtheorem*{env_nam}{caption}{cap_font}{body_font} +% +% New is "cap_font" and "body_font". It stands for +% fontdefinition of the caption and the text itself. +% +% "\spnewtheorem*" gives a theorem without number. +% +% A defined spnewthoerem environment is used as described +% by Lamport. +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\def\@thmcountersep{} +\def\(a)thmcounterend{.} + +\def\spnewtheorem{\@ifstar{\@sthm}{\@Sthm}} + +% definition of \spnewtheorem with number + +\def\@spnthm#1#2{% + \@ifnextchar[{\@spxnthm{#1}{#2}}{\@spynthm{#1}{#2}}} +\def\@Sthm#1{\@ifnextchar[{\@spothm{#1}}{\@spnthm{#1}}} + +\def\@spxnthm#1#2[#3]#4#5{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}\@addtoreset{#1}{#3}% + \expandafter\xdef\csname the#1\endcsname{\expandafter\noexpand + \csname the#3\endcsname \noexpand\@thmcountersep \@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}% + \expandafter\xdef\csname the#1\endcsname{\@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#3}{#4}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spothm#1[#2]#3#4#5{% + \@ifundefined{c@#2}{\@latexerr{No theorem environment `#2' defined}\@eha}% + {\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{the#1}{\@nameuse{the#2}}% + \expandafter\xdef\csname #1name\endcsname{#3}% + \global\@namedef{#1}{\@spthm{#2}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}}} + +\def\@spthm#1#2#3#4{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\refstepcounter{#1}% +\@ifnextchar[{\@spythm{#1}{#2}{#3}{#4}}{\@spxthm{#1}{#2}{#3}{#4}}} + +\def\@spxthm#1#2#3#4{\@spbegintheorem{#2}{\csname the#1\endcsname}{#3}{#4}% + \ignorespaces} + +\def\@spythm#1#2#3#4[#5]{\@spopargbegintheorem{#2}{\csname + the#1\endcsname}{#5}{#3}{#4}\ignorespaces} + +\def\@spbegintheorem#1#2#3#4{\trivlist + \item[\hskip\labelsep{#3#1\ #2\@thmcounterend}]#4} + +\def\@spopargbegintheorem#1#2#3#4#5{\trivlist + \item[\hskip\labelsep{#4#1\ #2}]{#4(#3)\@thmcounterend\ }#5} + +% definition of \spnewtheorem* without number + +\def\@sthm#1#2{\@Ynthm{#1}{#2}} + +\def\@Ynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{#1}{\@Thm{\csname #1name\endcsname}{#3}{#4}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@Thm#1#2#3{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\@ifnextchar[{\@Ythm{#1}{#2}{#3}}{\@Xthm{#1}{#2}{#3}}} + +\def\@Xthm#1#2#3{\@Begintheorem{#1}{#2}{#3}\ignorespaces} + +\def\@Ythm#1#2#3[#4]{\@Opargbegintheorem{#1} + {#4}{#2}{#3}\ignorespaces} + +\def\@Begintheorem#1#2#3{#3\trivlist + \item[\hskip\labelsep{#2#1\@thmcounterend}]} + +\def\@Opargbegintheorem#1#2#3#4{#4\trivlist + \item[\hskip\labelsep{#3#1}]{#3(#2)\@thmcounterend\ }} + +\if@envcntsect + \def\(a)thmcountersep{.} + \spnewtheorem{theorem}{Theorem}[section]{\bfseries}{\itshape} +\else + \spnewtheorem{theorem}{Theorem}{\bfseries}{\itshape} + \if@envcntreset + \@addtoreset{theorem}{section} + \else + \@addtoreset{theorem}{chapter} + \fi +\fi + +%definition of divers theorem environments +\spnewtheorem*{claim}{Claim}{\itshape}{\rmfamily} +\spnewtheorem*{proof}{Proof}{\itshape}{\rmfamily} +\if@envcntsame % alle Umgebungen wie Theorem. + \def\spn@wtheorem#1#2#3#4{\@spothm{#1}[theorem]{#2}{#3}{#4}} +\else % alle Umgebungen mit eigenem Zaehler + \if@envcntsect % mit section numeriert + \def\spn@wtheorem#1#2#3#4{\@spxnthm{#1}{#2}[section]{#3}{#4}} + \else % nicht mit section numeriert + \if@envcntreset + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{section}} + \else + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{chapter}}% + \fi + \fi +\fi +\spn@wtheorem{case}{Case}{\itshape}{\rmfamily} +\spn@wtheorem{conjecture}{Conjecture}{\itshape}{\rmfamily} +\spn@wtheorem{corollary}{Corollary}{\bfseries}{\itshape} +\spn@wtheorem{definition}{Definition}{\bfseries}{\itshape} +\spn@wtheorem{example}{Example}{\itshape}{\rmfamily} +\spn@wtheorem{exercise}{Exercise}{\itshape}{\rmfamily} +\spn@wtheorem{lemma}{Lemma}{\bfseries}{\itshape} +\spn@wtheorem{note}{Note}{\itshape}{\rmfamily} +\spn@wtheorem{problem}{Problem}{\itshape}{\rmfamily} +\spn@wtheorem{property}{Property}{\itshape}{\rmfamily} +\spn@wtheorem{proposition}{Proposition}{\bfseries}{\itshape} +\spn@wtheorem{question}{Question}{\itshape}{\rmfamily} +\spn@wtheorem{solution}{Solution}{\itshape}{\rmfamily} +\spn@wtheorem{remark}{Remark}{\itshape}{\rmfamily} + +\def\@takefromreset#1#2{% + \def\@tempa{#1}% + \let\@tempd\@elt + \def\@elt##1{% + \def\@tempb{##1}% + \ifx\@tempa\@tempb\else + \@addtoreset{##1}{#2}% + \fi}% + \expandafter\expandafter\let\expandafter\@tempc\csname cl@#2\endcsname + \expandafter\def\csname cl@#2\endcsname{}% + \@tempc + \let\@elt\@tempd} + +\def\theopargself{\def\@spopargbegintheorem##1##2##3##4##5{\trivlist + \item[\hskip\labelsep{##4##1\ ##2}]{##4##3\@thmcounterend\ }##5} + \def\@Opargbegintheorem##1##2##3##4{##4\trivlist + \item[\hskip\labelsep{##3##1}]{##3##2\@thmcounterend\ }} + } + +\renewenvironment{abstract}{% + \list{}{\advance\topsep by0.35cm\relax\small + \leftmargin=1cm + \labelwidth=\z@ + \listparindent=\z@ + \itemindent\listparindent + \rightmargin\leftmargin}\item[\hskip\labelsep + \bfseries\abstractname]} + {\endlist} +\renewcommand{\abstractname}{Abstract} +\renewcommand{\contentsname}{Table of Contents} +\renewcommand{\figurename}{Fig.} +\renewcommand{\tablename}{Table} + +\newdimen\headlineindent % dimension for space between +\headlineindent=1.166cm % number and text of headings. + +\def\ps@headings{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \leftmark\hfil} + \def\@oddhead{\normalfont\small\hfil\rightmark\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\def\ps@titlepage{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \hfil} + \def\@oddhead{\normalfont\small\hfil\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\if@runhead\ps@headings\else +\ps@empty\fi + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\endinput + diff --git a/position-papers/W3C-DNT/slides/W3CDNT-Tor-slides.odp b/position-papers/W3C-DNT/slides/W3CDNT-Tor-slides.odp new file mode 100644 index 0000000..abb3ca1 Binary files /dev/null and b/position-papers/W3C-DNT/slides/W3CDNT-Tor-slides.odp differ diff --git a/position-papers/W3C-DNT/usenix.sty b/position-papers/W3C-DNT/usenix.sty new file mode 100644 index 0000000..22935a7 --- /dev/null +++ b/position-papers/W3C-DNT/usenix.sty @@ -0,0 +1,97 @@ +% usenix-2e.sty - to be used with latex2e (the new one) for USENIX. +% To use this style file, do this: +% +% \documentclass[twocolumn]{article} +% \usepackage{usenix-2e} +% and put {\rm ....} around the author names. +% +% The following definitions are modifications of standard article.sty +% definitions, arranged to do a better job of matching the USENIX +% guidelines. +% It will automatically select two-column mode and the Times-Roman +% font. + +% +% USENIX papers are two-column. +% Times-Roman font is nice if you can get it (requires NFSS, +% which is in latex2e. + +%\if@twocolumn\else\input twocolumn.sty\fi +\usepackage{times} + +% +% USENIX wants margins of: 7/8" side, 1" bottom, and 3/4" top. +% 0.25" gutter between columns. +% Gives active areas of 6.75" x 9.25" +% +\setlength{\textheight}{9.0in} +\setlength{\columnsep}{0.25in} +\setlength{\textwidth}{6.75in} +%\setlength{\textwidth}{7.00in} +%\setlength{\footheight}{0.0in} +\setlength{\topmargin}{-0.25in} +\setlength{\headheight}{0.0in} +\setlength{\headsep}{0.0in} +\setlength{\evensidemargin}{-0.125in} +\setlength{\oddsidemargin}{-0.125in} + +% +% Usenix wants no page numbers for submitted papers, so that they can +% number them themselves. +% +\pagestyle{empty} + +% +% Usenix titles are in 14-point bold type, with no date, and with no +% change in the empty page headers. The whol author section is 12 point +% italic--- you must use {\rm } around the actual author names to get +% them in roman. +% +\def\maketitle{\par + \begingroup + \renewcommand\thefootnote{\fnsymbol{footnote}}% + \def\@makefnmark{\hbox to\z@{$\m@th^{\@thefnmark}$\hss}}% + \long\def\@makefntext##1{\parindent 1em\noindent + \hbox to1.8em{\hss$\m@th^{\@thefnmark}$}##1}% + \if@twocolumn + \twocolumn[\@maketitle]% + \else \newpage + \global\@topnum\z@ + \@maketitle \fi\@thanks + \endgroup + \setcounter{footnote}{0}% + \let\maketitle\relax + \let\@maketitle\relax + \gdef\@thanks{}\gdef\@author{}\gdef\@title{}\let\thanks\relax} + +\def\@maketitle{\newpage + %\vbox to 0.5in{ + \vbox to 1.5in{ + %\vspace*{\fill} + %\vskip 2em + \begin{center}% + {\Large\bf \@title \par}% + \vskip 0.250in minus 0.250in + {\large\it + \lineskip .5em + \begin{tabular}[t]{c}\@author + \end{tabular}\par}% + \end{center}% + \par + \vspace*{\fill} +% \vskip 1.5em + } +} + +% +% The abstract is preceded by a 12-pt bold centered heading +\def\abstract{\begin{center}% +{\large\bf \abstractname\vspace{-.5em}\vspace{\z@}}% +\end{center}} +\def\endabstract{} + +% +% Main section titles are 12-pt bold. Others can be same or smaller. +% +\def\section{\@startsection {section}{1}{\z(a)}{-3.5ex plus-1ex minus + -.2ex}{2.3ex plus.2ex}{\reset@font\large\bf}}

1 0

[tor-browser-spec/master] Add W3C-Identity Position Paper.
by mikeperry＠torproject.org 04 May '15

04 May '15

commit 832fc202564168747958e65458342f1a2919fcd6 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Apr 30 14:58:50 2015 -0700 Add W3C-Identity Position Paper. --- position-papers/W3C-Identity/W3CIdentity.bbl | 73 ++ position-papers/W3C-Identity/W3CIdentity.pdf | Bin 0 -> 74451 bytes position-papers/W3C-Identity/W3CIdentity.tex | 373 ++++++++++ position-papers/W3C-Identity/llncs.cls | 1016 ++++++++++++++++++++++++++ position-papers/W3C-Identity/usenix.sty | 97 +++ 5 files changed, 1559 insertions(+) diff --git a/position-papers/W3C-Identity/W3CIdentity.bbl b/position-papers/W3C-Identity/W3CIdentity.bbl new file mode 100644 index 0000000..e37afe6 --- /dev/null +++ b/position-papers/W3C-Identity/W3CIdentity.bbl @@ -0,0 +1,73 @@ +\begin{thebibliography}{10} + +\bibitem{private-browsing} +Gaurav Aggrawal, Elie Bursztein, Collin Jackson, and Dan Boneh. +\newblock An analysis of private browsing modes in modern browsers. +\newblock In {\em Proc. of 19th Usenix Security Symposium}, 2010. + +\bibitem{panopticlick} +Peter Eckersley. +\newblock How unique is your web browser? +\newblock In {\em Proceedings of the 10th international conference on Privacy + enhancing technologies}, PETS'10, pages 1--18, Berlin, Heidelberg, 2010. + Springer-Verlag. + +\bibitem{safecache} +Collin Jackson and Dan Boneh. +\newblock Protecting browser state from web privacy attacks. +\newblock In {\em In Proceedings of the International World Wide Web + Conference}, pages 737--744, 2006. + +\bibitem{security-fingerprinting} +{Jennifer Valentino-DeVries}. +\newblock {Evercookies and Fingerprinting: Are Anti-Fraud Tools Good for Ads?}, + 2010. +\newblock + \url{http://blogs.wsj.com/digits/2010/12/01/evercookies-and-fingerprinting-f% +inding-fraudsters-tracking-consumers/}. + +\bibitem{wsj-fingerprinting} +{Julia Angwin and Jennifer Valentino-DeVries}. +\newblock {Race Is On to 'Fingerprint' Phones, PCs}, 2010. +\newblock + \url{http://online.wsj.com/article/SB100014240527487046792045756467041009595% +46.html}. + +\bibitem{firefox-personas} +Mozilla. +\newblock Personas. +\newblock \url{https://mozillalabs.com/personas/}. + +\bibitem{weave-manager} +Mozilla. +\newblock {The Weave Account Manager}. +\newblock \url{https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager}. + +\bibitem{not-to-toggle} +Mike Perry. +\newblock To toggle, or not to toggle: The end of torbutton. +\newblock + \url{https://lists.torproject.org/pipermail/tor-talk/2011-April/020077.html}. + +\bibitem{torbutton} +Mike Perry. +\newblock {The Torbutton Design Document}, 2011. +\newblock \url{https://www.torproject.org/torbutton/en/design/}. + +\bibitem{facebook-like} +Arnold Roosendaal. +\newblock {Facebook Tracks and Traces Everyone: Like This!} +\newblock {\em SSRN eLibrary}, 2010. + +\bibitem{tracking-identity} +Emily Steel. +\newblock {Online Tracking Company RapLeaf Profiles Users By Name}, 2010. +\newblock + \url{http://online.wsj.com/article/SB100014240527023044105045755602432594160% +72.html}. + +\bibitem{thirdparty} +Dan Witte. +\newblock \url{https://wiki.mozilla.org/Thirdparty}. + +\end{thebibliography} diff --git a/position-papers/W3C-Identity/W3CIdentity.pdf b/position-papers/W3C-Identity/W3CIdentity.pdf new file mode 100644 index 0000000..b749dc7 Binary files /dev/null and b/position-papers/W3C-Identity/W3CIdentity.pdf differ diff --git a/position-papers/W3C-Identity/W3CIdentity.tex b/position-papers/W3C-Identity/W3CIdentity.tex new file mode 100644 index 0000000..c16f241 --- /dev/null +++ b/position-papers/W3C-Identity/W3CIdentity.tex @@ -0,0 +1,373 @@ +%\documentclass{llncs} +\documentclass[letterpaper,11pt]{llncs} +%\documentclass{article} % llncs + +\usepackage{usenix} +\usepackage{url} +\usepackage{amsmath} +\usepackage{epsfig} +\usepackage{epsf} +\usepackage{listings} + +%\setlength{\textwidth}{6in} +%\setlength{\textheight}{8.4in} +%\setlength{\topmargin}{.5cm} +%\setlength{\oddsidemargin}{1cm} +%\setlength{\evensidemargin}{1cm} + +\begin{document} + +\title{Bridging the Disconnect Between Web Identity and User Perception} + +\author{Mike Perry \\ The Internet \\ mikeperry(a)torproject.org} + +%\institute{The Internet} + +\maketitle +\pagestyle{plain} + +\begin{abstract} + +There is a huge disconnect between how users perceive their online presence +and the reality of their relationship with the websites they visit. This +position paper explores this disconnect and provides some recommendations for +making the technical reality of the web match user perception, through both +technical improvements as well as user interface cues. By looking at all of +the elements of tracking as though they collectively comprise "User Identity", +we can make better decisions about improvements to both the technical and the +interface aspects of authentication and privacy. + +\end{abstract} + +\section{Introduction} + +The prevailing revenue model of the web is an appealing one. Web users receive +unfettered, frictionless access to an extensive variety of information sources +in exchange for viewing advertising. This advertising is more valuable if each +advertisement is more relevant to the current activity, and if possible, more +relevant to the current user. + +The cost of this is that user privacy on the web is a nightmare. There is +ubiquitous tracking, unseen partnership agreements and data exchange, and +surreptitious attempts to uncover users' identities against their will and +without their knowledge. This is not just happening in the dark, unseemly +corners of the web. It is happening everywhere\cite{facebook-like}. + +The problem is that the revenue model of the web has incentivized companies to +find ways to continue to track users against their will, even if those users +are attempting to protect themselves through currently available methods. +Starting with the infamous "Flash cookies", we have progressed through a +seemingly endless arms race of secondary identifiers and tracking information: +visited history, cache, font and system data, desktop resolution, keystroke +timing, and so on and so forth\cite{wsj-fingerprinting}. + +These efforts have lead to an even wider disconnect between a user's +perception of their privacy and the reality of their privacy. Users simply +can't keep up with the ways they are being tracked. + +When users are being coerced into ceding data about themselves without clear +understanding or consent (and in fact, in many cases despite their explicit +attempts to decline to consent), serious moral issues begin to arise. + +To understand and evaluate potential solutions and improvements to this status +quo, we must explore the disconnect between user experience and the way the +web actually functions with respect to tracking and identity. + +% FIXME: Do we need this paragraph? +%To this end, the rest of this document is structured as follows: First, we +%examine user identity on the web, comparing the average user's perspective to +%what actually is happening technically behind the scenes, and noting the major +%disconnects. We then examine solutions attempting to bridge this disconnect +%from two different directions. + +We only consider implementations that involve privacy-by-design. +Privacy-by-policy approaches such as Do Not Track will not be discussed. + +\section{User Identity on the Web} + +To properly examine this privacy problem, we must probe into the details of +both what a User's perception of their identity is, as well as the technical +realities of what goes into web authentication and tracking. + +\subsection{User Perception of Identity} + +Instinctively, users define their privacy in terms of their identity, in terms +of how they have interacted with a site in order to inform it of who they are. +Typically, the user's perception of their identity on the web is usually a direct +function of the mechanisms used for strong authentication for particular sites. + +For example, users expect that logging in to Facebook creates a relationship +in their browsers when facebook.com is present in the URL bar, but they are +likely not aware that this also extends to their activity on other, arbitrary +sites that happen to include "Like this on Facebook" buttons or +Facebook-sourced advertising content. + +Many, if not most, users expect that when they log out of a site their +relationship ends and that any associated tracking should be over. Even +users who are aware of cookies can be prone to believing that clearing the +cookies and private browsing data related to a particular site is sufficient +to end their relationship with that site. + +Neither of these beliefs has any relation to reality. + +\subsection{Technical Reality of Identity} + +The technical reality of the web today is that users are usually wrong about +their authentication status with respect to a particular site, and are almost +always oblivious to the relationship between content elements of arbitrary +pages. The default experience is such that all of this data exchange is +concealed from the user. + +So then what is identity? In terms of authentication, it would at first appear +to be cookies, HTTP Auth tokens, and client TLS certificates. However, even this +begins to break down. High-security websites are already using fingerprinting +as an auxiliary second factor of authentication\cite{security-fingerprinting}, +and online data aggregators utilize everything they can to build complete +portraits of users' identities\cite{tracking-identity}. + +Identity then is a superset of all the authentication tokens used by the +browser. It is the ability to link a user's activity in one instance to their +activity in another instance, be it across time, or even on a single page +due to multiple content origins. + +\subsection{Identity as Linkability} + +When expanded to cover all items that enable or substantially contribute to +Linkability, a lot more components of the browser are now in scope. We will +briefly enumerate these components. + +First, the obvious properties are found in the state of the browser: cookies, +DOM storage, cache, cryptographic tokens and cryptographic state, and +location. These are what technical people tend to think of first when it comes +to private browsing and identity, but they are not the whole story. + +Next, we have long-term properties of the browser itself. These include the +User Agent String, the list of installed plugins, rendering capabilities, +window decoration size, and browser widget size. + +Then, we have properties of the computer. These include desktop size, IP +address, clock offset and timezone, and installed fonts. + +Finally, linkability also includes the properties of the multi-origin model of +the web that allow tracking due to partnerships. These include the implicit +cookie transmission model, and also explicit click referral and data exchange +partnerships. + +\subsection{Developing a Threat Model} + +Unfortunately, just about every browser property and functionality is a +potential fingerprinting target. In order to properly address the network +adversary on a technical level, we need a metric to measure linkability of the +various browser properties that extend beyond any stored origin-related state. + +The Panopticlick project by the EFF provides us with exactly this +metric\cite{panopticlick}. The researchers conducted a survey of volunteers +who were asked to visit an experiment page that harvested many of the above +components. They then computed the Shannon Entropy of the resulting +distribution of each of several key attributes to determine how many bits of +identifying information each attribute provided. + +While not perfect\footnotemark, this metric allows us to prioritize effort at +components that have the most potential for linkability. + +\footnotetext{In particular, the test does not take in all aspects of +resolution information. It did not calculate the size of widgets, window +decoration, or toolbar size. We believe this may add high amounts of entropy +to the screen field. It also did not measure clock offset and other time-based +fingerprints. Furthermore, as new browser features are added, this experiment +should be repeated to include them.} + +This metric also indicates that it is beneficial to standardize on +implementations of fingerprinting resistance where possible. More +implementations using the same defenses means more users with similar +fingerprints, which means less entropy in the metric. + +\section{Matching User Perception with Reality} + +When the concept of user identity is expanded to cover all aspects of +linkability, addressing the problem of the disconnect between user perception +and reality becomes clearer. For users to have privacy, and for private +browsing modes to function, the relationship between a user and a site must be +understood by that user. + +It is apparent that the user experiences disconnect with the technical +realities of the web on two major fronts: the average user does not grasp the +privacy implications of the multi-origin model, nor are they given a clear +concept of identity to grasp the privacy implications of the union of the +trackable components of their browsers. + +We will now examine examples of attempts at reducing this disconnect on each +of these two fronts. + +Note that identity-based approaches and the origin-based approaches are +orthogonal. They may be combined, or used independently. + +\subsection{Origin-Based Approaches} + +Origin-based approaches seek to improve the technical behavior of the browser +to make linkability less implicit and more consent-driven. In short, these +approaches seek to make the web behave more like users currently assume it +behaves by anchoring browser state to top-level origins as opposed to +associating it with arbitrary content elements. + +The earliest relevant example of this work is SafeCache\cite{safecache}. +SafeCache seeks to reduce the ability for 3rd party content elements to use +the cache to store identifiers. It does this by limiting the scope of the +cache to the origin in the url bar. This has the effect that commonly sourced +content elements are fetched and cached repeatedly, but this is the desired +property. Each of these prevalent content elements can be crafted to include +unique identifiers for each user, tracking users who attempt to avoid tracking +by clearing cookies. + +Mozilla has a wonderful example of an origin-based improvement written by Dan +Witte and buried on their wiki\cite{thirdparty}. It describes a new dual-keyed +origin for cookies, so that cookies would only be transmitted if they matched +both the top level origin and the third party origin involved in their +creation. This approach would go a long way towards preventing implicit +tracking across multiple websites. + +Similarly, one could imagine this two-level origin isolation being deployed to +improve similar issues with DOM Storage and cryptographic tokens. + +Making the origin model for browser identifiers more closely match the user +activity and user expectation has other advantages as well. With a clear +distinction between 3rd party and top-level cookies, the privacy settings +window could have a user-intuitive way of representing the user's relationship +with different origins, perhaps by using only the favicon of that top level +origin to represent all of the browser state accumulated by that origin. The +user could delete the entire set of browser state (cookies, cache, storage, +cryptographic tokens) associated with a site simply by removing its favicon +from their privacy info panel. + +The problem with origin-based approaches is that individually, they do not +fully address the entire linkability problem unless the same restriction is +applied uniformly to all aspects of stored browser state, and all other +linkability issues are dealt with. Behind-the-scenes partnerships can easily +allow companies to continue to link users to their identities through any +aspect of browser state that is not properly compartmentalized to the top +level origin and bound to the same rules. + +% FIXME: Wording.. +However, linkability based on browser properties is amenable to this +model. In particular, one can imagine per-origin plugin permissions, +per-origin limits on the number of fonts that can be used, and randomized +window-specific time offsets. + +So, while these approaches are in fact useful for bringing the technical +realities of the web closer to what the user assumes is happening, they must +be deployed uniformly, with a consistent top-level origin restriction model. +This may take significant coordination and standardization efforts. + +\subsection{Identity-Based Approaches} + +We will now discuss what we call the identity-based approaches to privacy. +These approaches, whether explicitly or implicitly, all model the user's web +identity as the entirety of the user's state for all origins. + +The key advantage of identity-based approaches is that they can be simpler +than origin-based approaches when used to improve the privacy problem on their +own. + +While the earliest example of an identity-based approach is our own work on +Torbutton\cite{torbutton}, Torbutton deserves poor marks for both simplicity +and usability\cite{not-to-toggle}. Torbutton attempts to isolate the user's +non-Tor activity from their Tor activity, effectively providing the user with +a blank slate for their Tor activity, but optionally allowing them to toggle +between these two identities. + +Firefox Private Browsing Mode is similar, in that it allows users to switch +between their normal browsing and a "private" clean slate. + +% FIXME: This paragraph can go if we need space: +Both Firefox PBM and Torbutton suffer from usability issues, primarily because +this concept of separate browsing identities is not properly conveyed to the +user. In Firefox's case, this usability issue is apparent through the quantity +of mode error observed in the review of Private Browsing Modes by Dan Boneh et +al\cite{private-browsing}. In Torbutton's case, the issues appear more severe. +We've informally observed that users have tremendous difficulties remembering +which tabs were Tor-related and which were non-Tor related, and we've also +observed issues with mode error. + +Both of these approaches are exceedingly complex: they deal with every aspect +of browser state individually. This development effort however does enable +Firefox and Torbutton to provide the user with great fine-grained control. + +Google Chrome's Incognito Mode comes the closest to conveying this idea of +"Incognito identity" to the user, and the implementation is also simpler as a +result. The Incognito Mode window is a separate, stylized window that clearly +conveys an alternate identity is in use for this window, which can be used +concurrent to the non-private identity. This appears to lead to less mode +error (where the user forgets their private browsing state) compared to other +browsers. + +% FIXME: This paragraph can go if we need space: +The implementation of Incognito is as a virtualized in-memory profile, which +allows them to achieve protection against history storage issues with minimal +effort. It also allows them to tweak browser properties and permissions +specifically for this profile. + +The Mozilla Weave project appears to be proposing an identity-based method of +managing, syncing, and storing authentication tokens, and also has use cases +described for multiple users of a single browser\cite{weave-manager}. It is +the closest idea on paper to what we envision as the way to bridge user +assumptions with reality. + +We believe that the user interface of the browser should convey a sense of +persistent identity prominently to the user in the form of a visual cue. This +cue can either be an abstract image, graphic or theme (such as the user's +choice of Firefox Persona\cite{firefox-personas}), or it can be a text area +with the user's current favored pseudonym. This idea of identity should then +be integrated with the browsing experience. Users should be able to click a +button to get a clean slate for a new identity, and should be able to log in +and out of of password-protected stored encrypted identities, which would +contain the entire state of the browser. This is the direction the Tor Project +intends to head in with the Tor Browser Bundle\cite{not-to-toggle}. + +To this user, the Private Browsing Mode would be no more than a special case +of this identity UI - a special identity that they can trust not to store +browsing history information to disk. Such a UI also more explicitly captures +what is going on with respect to the user's relationship to the web. + +However, all current private browsing modes fall short of protecting against a +network adversary and fail to deal with linkability against a network +adversary\cite{private-browsing}, claiming that it is outside their threat +model\footnotemark. If the user is given a new identity that is still linkable +to the previous one due to shortcomings of the browser, this approach has +failed as a privacy measure. + +\footnotetext{The primary reason given to abstain from addressing the network +adversary is IP address linkability. However, we believe this to be a red +herring. Users are quite capable of using alternate Internet connections, and +it is common practice for ISPs in many parts of the world to rotate user IP +addresses daily, to discourage servers and to impede the spread of malware. +This is especially true of cellular IP networks.} + +Linkability solutions within the identity framework would be similar to the +origin-based solutions, except they would be properties of the entire browser +or browser profile, and would be obfuscated only once per identity switch. + +% FIXME: Elaborate? + +\section{Conclusions} + +There is a demand for private browsing, and we believe that solid private +browsing modes can be created. In order to do this, we need solid analysis of +the threat models involved, and we need standardization for many aspects of +defense. + +However, there is currently a huge disconnect between user privacy and +identity due to both the multi-origin nature of the web, and the failure of +browsers to adequately convey a sense of identity to the user. It is possible +to bridge this disconnect both by addressing the issues with the multi-origin +model, as well as providing the user with an explicit representation of their +web identity, and with control over this identity. + +% XXX: The dangers of adblockers and filters + the long-term imperative of +% improving privacy for the continued use of the advertising revenue model. + +\bibliographystyle{plain} \bibliography{W3CIdentity} + +\clearpage +\appendix + +\end{document} diff --git a/position-papers/W3C-Identity/llncs.cls b/position-papers/W3C-Identity/llncs.cls new file mode 100644 index 0000000..0308e57 --- /dev/null +++ b/position-papers/W3C-Identity/llncs.cls @@ -0,0 +1,1016 @@ +% LLNCS DOCUMENT CLASS -- version 2.8 +% for LaTeX2e +% +\NeedsTeXFormat{LaTeX2e}[1995/12/01] +\ProvidesClass{llncs}[2000/05/16 v2.8 +^^JLaTeX document class for Lecture Notes in Computer Science] +% Options +\let\if@envcntreset\iffalse +\DeclareOption{envcountreset}{\let\if@envcntreset\iftrue} +\DeclareOption{citeauthoryear}{\let\citeauthoryear=Y} +\DeclareOption{oribibl}{\let\oribibl=Y} +\let\if@custvec\iftrue +\DeclareOption{orivec}{\let\if@custvec\iffalse} +\let\if@envcntsame\iffalse +\DeclareOption{envcountsame}{\let\if@envcntsame\iftrue} +\let\if@envcntsect\iffalse +\DeclareOption{envcountsect}{\let\if@envcntsect\iftrue} +\let\if@runhead\iffalse +\DeclareOption{runningheads}{\let\if@runhead\iftrue} + +\let\if@openbib\iffalse +\DeclareOption{openbib}{\let\if@openbib\iftrue} + +\DeclareOption*{\PassOptionsToClass{\CurrentOption}{article}} + +\ProcessOptions + +\LoadClass[twoside]{article} +\RequirePackage{multicol} % needed for the list of participants, index + +\setlength{\textwidth}{12.2cm} +\setlength{\textheight}{19.3cm} + +% Ragged bottom for the actual page +\def\thisbottomragged{\def\@textbottom{\vskip\z@ plus.0001fil +\global\let\@textbottom\relax}} + +\renewcommand\small{% + \@setfontsize\small\@ixpt{11}% + \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@ + \abovedisplayshortskip \z@ \@plus2\p@ + \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@ + \def\@listi{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@}% + \belowdisplayskip \abovedisplayskip +} + +\frenchspacing +\widowpenalty=10000 +\clubpenalty=10000 + +\setlength\oddsidemargin {63\p@} +\setlength\evensidemargin {63\p@} +\setlength\marginparwidth {90\p@} + +\setlength\headsep {16\p@} + +\setlength\footnotesep{7.7\p@} +\setlength\textfloatsep{8mm\@plus 2\p@ \@minus 4\p@} +\setlength\intextsep {8mm\@plus 2\p@ \@minus 2\p@} + +\setcounter{secnumdepth}{2} + +\newcounter {chapter} +\renewcommand\thechapter {\@arabic\c@chapter} + +\newif\if@mainmatter \@mainmattertrue +\newcommand\frontmatter{\cleardoublepage + \@mainmatterfalse\pagenumbering{Roman}} +\newcommand\mainmatter{\cleardoublepage + \@mainmattertrue\pagenumbering{arabic}} +\newcommand\backmatter{\if@openright\cleardoublepage\else\clearpage\fi + \@mainmatterfalse} + +\renewcommand\part{\cleardoublepage + \thispagestyle{empty}% + \if@twocolumn + \onecolumn + \@tempswatrue + \else + \@tempswafalse + \fi + \null\vfil + \secdef\@part\@spart} + +\def\@part[#1]#2{% + \ifnum \c@secnumdepth >-2\relax + \refstepcounter{part}% + \addcontentsline{toc}{part}{\thepart\hspace{1em}#1}% + \else + \addcontentsline{toc}{part}{#1}% + \fi + \markboth{}{}% + {\centering + \interlinepenalty \@M + \normalfont + \ifnum \c@secnumdepth >-2\relax + \huge\bfseries \partname~\thepart + \par + \vskip 20\p@ + \fi + \Huge \bfseries #2\par}% + \@endpart} +\def\@spart#1{% + {\centering + \interlinepenalty \@M + \normalfont + \Huge \bfseries #1\par}% + \@endpart} +\def\@endpart{\vfil\newpage + \if@twoside + \null + \thispagestyle{empty}% + \newpage + \fi + \if@tempswa + \twocolumn + \fi} + +\newcommand\chapter{\clearpage + \thispagestyle{empty}% + \global\@topnum\z@ + \@afterindentfalse + \secdef\@chapter\@schapter} +\def\@chapter[#1]#2{\ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \refstepcounter{chapter}% + \typeout{\(a)chapapp\space\thechapter.}% + \addcontentsline{toc}{chapter}% + {\protect\numberline{\thechapter}#1}% + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \chaptermark{#1}% + \addtocontents{lof}{\protect\addvspace{10\p@}}% + \addtocontents{lot}{\protect\addvspace{10\p@}}% + \if@twocolumn + \@topnewpage[\@makechapterhead{#2}]% + \else + \@makechapterhead{#2}% + \@afterheading + \fi} +\def\@makechapterhead#1{% +% \vspace*{50\p@}% + {\centering + \ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \large\bfseries \@chapapp{} \thechapter + \par\nobreak + \vskip 20\p@ + \fi + \fi + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} +\def\@schapter#1{\if@twocolumn + \@topnewpage[\@makeschapterhead{#1}]% + \else + \@makeschapterhead{#1}% + \@afterheading + \fi} +\def\@makeschapterhead#1{% +% \vspace*{50\p@}% + {\centering + \normalfont + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} + +\renewcommand\section{\@startsection{section}{1}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {12\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\large\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsection{\@startsection{subsection}{2}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {8\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\normalsize\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\bfseries\boldmath}} +\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}% + {-12\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\itshape}} +\renewcommand\subparagraph[1]{\typeout{LLNCS warning: You should not use + \string\subparagraph\space with this class}\vskip0.5cm +You should not use \verb|\subparagraph| with this class.\vskip0.5cm} + +\DeclareMathSymbol{\Gamma}{\mathalpha}{letters}{"00} +\DeclareMathSymbol{\Delta}{\mathalpha}{letters}{"01} +\DeclareMathSymbol{\Theta}{\mathalpha}{letters}{"02} +\DeclareMathSymbol{\Lambda}{\mathalpha}{letters}{"03} +\DeclareMathSymbol{\Xi}{\mathalpha}{letters}{"04} +\DeclareMathSymbol{\Pi}{\mathalpha}{letters}{"05} +\DeclareMathSymbol{\Sigma}{\mathalpha}{letters}{"06} +\DeclareMathSymbol{\Upsilon}{\mathalpha}{letters}{"07} +\DeclareMathSymbol{\Phi}{\mathalpha}{letters}{"08} +\DeclareMathSymbol{\Psi}{\mathalpha}{letters}{"09} +\DeclareMathSymbol{\Omega}{\mathalpha}{letters}{"0A} + +\let\footnotesize\small + +\if@custvec +\def\vec#1{\mathchoice{\mbox{\boldmath$\displaystyle#1$}} +{\mbox{\boldmath$\textstyle#1$}} +{\mbox{\boldmath$\scriptstyle#1$}} +{\mbox{\boldmath$\scriptscriptstyle#1$}}} +\fi + +\def\squareforqed{\hbox{\rlap{$\sqcap$}$\sqcup$}} +\def\qed{\ifmmode\squareforqed\else{\unskip\nobreak\hfil +\penalty50\hskip1em\null\nobreak\hfil\squareforqed +\parfillskip=0pt\finalhyphendemerits=0\endgraf}\fi} + +\def\getsto{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr\gets\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +\gets\cr\to\cr}}}}} +\def\lid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr<\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr<\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr<\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +<\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\gid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr>\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr>\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\grole{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr +>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.8pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.3pt}<\cr}}}}} +\def\bbbr{{\rm I\!R}} %reelle Zahlen +\def\bbbm{{\rm I\!M}} +\def\bbbn{{\rm I\!N}} %natuerliche Zahlen +\def\bbbf{{\rm I\!F}} +\def\bbbh{{\rm I\!H}} +\def\bbbk{{\rm I\!K}} +\def\bbbp{{\rm I\!P}} +\def\bbbone{{\mathchoice {\rm 1\mskip-4mu l} {\rm 1\mskip-4mu l} +{\rm 1\mskip-4.5mu l} {\rm 1\mskip-5mu l}}} +\def\bbbc{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbq{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}}}} +\def\bbbt{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +T$}\hbox{\hbox to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbs{{\mathchoice +{\setbox0=\hbox{$\displaystyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.5\wd0\vrule height0.45\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.4\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.55\wd0\vrule height0.45\ht0\hss}\box0}}}} +\def\bbbz{{\mathchoice {\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\scriptstyle Z\kern-0.3em Z$}} +{\hbox{$\mathsf\scriptscriptstyle Z\kern-0.2em Z$}}}} + +\let\ts\, + +\setlength\leftmargini {17\p@} +\setlength\leftmargin {\leftmargini} +\setlength\leftmarginii {\leftmargini} +\setlength\leftmarginiii {\leftmargini} +\setlength\leftmarginiv {\leftmargini} +\setlength \labelsep {.5em} +\setlength \labelwidth{\leftmargini} +\addtolength\labelwidth{-\labelsep} + +\def\@listI{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@} +\let\@listi\@listI +\@listi +\def\@listii {\leftmargin\leftmarginii + \labelwidth\leftmarginii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus2\p@ \@minus\p@} +\def\@listiii{\leftmargin\leftmarginiii + \labelwidth\leftmarginiii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus\p@\@minus\p@ + \parsep \z@ + \partopsep \p@ \@plus\z@ \@minus\p@} + +\renewcommand\labelitemi{\normalfont\bfseries --} +\renewcommand\labelitemii{$\m@th\bullet$} + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\def\tableofcontents{\chapter*{\contentsname\@mkboth{{\contentsname}}% + {{\contentsname}}} + \def\authcount##1{\setcounter{auco}{##1}\setcounter{@auth}{1}} + \def\lastand{\ifnum\value{auco}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{auco}% + \lastand + \else + \unskip, + \fi}% + \@starttoc{toc}\if@restonecol\twocolumn\fi} + +\def\l@part#1#2{\addpenalty{\@secpenalty}% + \addvspace{2em plus\p@}% % space above part line + \begingroup + \parindent \z@ + \rightskip \z@ plus 5em + \hrule\vskip5pt + \large % same size as for a contribution heading + \bfseries\boldmath % set line in boldface + \leavevmode % TeX command to enter horizontal mode. + #1\par + \vskip5pt + \hrule + \vskip1pt + \nobreak % Never break after part entry + \endgroup} + +\def\@dotsep{2} + +\def\hyperhrefextend{\ifx\hyper@anchor\@undefined\else +{chapter.\thechapter}\fi} + +\def\addnumcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{\protect\numberline + {\thechapter}#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmarkwop#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{0}\hyperhrefextend}} + +\def\@adcmk[#1]{\ifcase #1 \or +\def\@gtempa{\addnumcontentsmark}% + \or \def\@gtempa{\addcontentsmark}% + \or \def\@gtempa{\addcontentsmarkwop}% + \fi\@gtempa{toc}{chapter}} +\def\addtocmark{\@ifnextchar[{\@adcmk}{\@adcmk[3]}} + +\def\l@chapter#1#2{\addpenalty{-\@highpenalty} + \vskip 1.0em plus 1pt \@tempdima 1.5em \begingroup + \parindent \z@ \rightskip \@pnumwidth + \parfillskip -\@pnumwidth + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + {\large\bfseries\boldmath#1}\ifx0#2\hfil\null + \else + \nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}% + \fi\par + \penalty\@highpenalty \endgroup} + +\def\l@title#1#2{\addpenalty{-\@highpenalty} + \addvspace{8pt plus 1pt} + \@tempdima \z@ + \begingroup + \parindent \z@ \rightskip \@tocrmarg + \parfillskip -\@tocrmarg + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + #1\nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}\par + \penalty\@highpenalty \endgroup} + +\setcounter{tocdepth}{0} +\newdimen\tocchpnum +\newdimen\tocsecnum +\newdimen\tocsectotal +\newdimen\tocsubsecnum +\newdimen\tocsubsectotal +\newdimen\tocsubsubsecnum +\newdimen\tocsubsubsectotal +\newdimen\tocparanum +\newdimen\tocparatotal +\newdimen\tocsubparanum +\tocchpnum=\z@ % no chapter numbers +\tocsecnum=15\p@ % section 88. plus 2.222pt +\tocsubsecnum=23\p@ % subsection 88.8 plus 2.222pt +\tocsubsubsecnum=27\p@ % subsubsection 88.8.8 plus 1.444pt +\tocparanum=35\p@ % paragraph 88.8.8.8 plus 1.666pt +\tocsubparanum=43\p@ % subparagraph 88.8.8.8.8 plus 1.888pt +\def\calctocindent{% +\tocsectotal=\tocchpnum +\advance\tocsectotal by\tocsecnum +\tocsubsectotal=\tocsectotal +\advance\tocsubsectotal by\tocsubsecnum +\tocsubsubsectotal=\tocsubsectotal +\advance\tocsubsubsectotal by\tocsubsubsecnum +\tocparatotal=\tocsubsubsectotal +\advance\tocparatotal by\tocparanum} +\calctocindent + +\def\l@section{\@dottedtocline{1}{\tocchpnum}{\tocsecnum}} +\def\l@subsection{\@dottedtocline{2}{\tocsectotal}{\tocsubsecnum}} +\def\l@subsubsection{\@dottedtocline{3}{\tocsubsectotal}{\tocsubsubsecnum}} +\def\l@paragraph{\@dottedtocline{4}{\tocsubsubsectotal}{\tocparanum}} +\def\l@subparagraph{\@dottedtocline{5}{\tocparatotal}{\tocsubparanum}} + +\def\listoffigures{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listfigurename\@mkboth{{\listfigurename}}{{\listfigurename}}} + \@starttoc{lof}\if@restonecol\twocolumn\fi} +\def\l@figure{\@dottedtocline{1}{0em}{1.5em}} + +\def\listoftables{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listtablename\@mkboth{{\listtablename}}{{\listtablename}}} + \@starttoc{lot}\if@restonecol\twocolumn\fi} +\let\l@table\l@figure + +\renewcommand\listoffigures{% + \section*{\listfigurename + \@mkboth{\listfigurename}{\listfigurename}}% + \@starttoc{lof}% + } + +\renewcommand\listoftables{% + \section*{\listtablename + \@mkboth{\listtablename}{\listtablename}}% + \@starttoc{lot}% + } + +\ifx\oribibl\undefined +\ifx\citeauthoryear\undefined +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \def\(a)biblabel##1{##1.} + \small + \list{\@biblabel{\@arabic\c@enumiv}}% + {\settowidth\labelwidth{\@biblabel{#1}}% + \leftmargin\labelwidth + \advance\leftmargin\labelsep + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{\@arabic\c@enumiv}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} +\def\@lbibitem[#1]#2{\item[{[#1]}\hfill]\if@filesw + {\let\protect\noexpand\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} +\newcount\@tempcntc +\def\@citex[#1]#2{\if@filesw\immediate\write\@auxout{\string\citation{#2}}\fi + \@tempcnta\z@\@tempcntb\m@ne\def\@citea{}\@cite{\@for\@citeb:=#2\do + {\@ifundefined + {b@\@citeb}{\@citeo\@tempcntb\m@ne\@citea\def\@citea{,}{\bfseries + ?}\@warning + {Citation `\@citeb' on page \thepage \space undefined}}% + {\setbox\z@\hbox{\global\@tempcntc0\csname b@\@citeb\endcsname\relax}% + \ifnum\@tempcntc=\z@ \@citeo\@tempcntb\m@ne + \@citea\def\@citea{,}\hbox{\csname b@\@citeb\endcsname}% + \else + \advance\@tempcntb\@ne + \ifnum\@tempcntb=\@tempcntc + \else\advance\@tempcntb\m@ne\@citeo + \@tempcnta\@tempcntc\@tempcntb\@tempcntc\fi\fi}}\@citeo}{#1}} +\def\@citeo{\ifnum\@tempcnta>\@tempcntb\else + \@citea\def\@citea{,\,\hskip\z@skip}% + \ifnum\@tempcnta=\@tempcntb\the\@tempcnta\else + {\advance\@tempcnta\@ne\ifnum\@tempcnta=\@tempcntb \else + \def\@citea{--}\fi + \advance\@tempcnta\m@ne\the\@tempcnta\@citea\the\@tempcntb}\fi\fi} +\else +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \small + \list{}% + {\settowidth\labelwidth{}% + \leftmargin\parindent + \itemindent=-\parindent + \labelsep=\z@ + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} + \def\@cite#1{#1}% + \def\@lbibitem[#1]#2{\item[]\if@filesw + {\def\protect##1{\string ##1\space}\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} + \fi +\else +\@cons\@openbib@code{\noexpand\small} +\fi + +\def\idxquad{\hskip 10\p@}% space that divides entry from number + +\def\@idxitem{\par\hangindent 10\p@} + +\def\subitem{\par\setbox0=\hbox{--\enspace}% second order + \noindent\hangindent\wd0\box0}% index entry + +\def\subsubitem{\par\setbox0=\hbox{--\,--\enspace}% third + \noindent\hangindent\wd0\box0}% order index entry + +\def\indexspace{\par \vskip 10\p@ plus5\p@ minus3\p@\relax} + +\renewenvironment{theindex} + {\@mkboth{\indexname}{\indexname}% + \thispagestyle{empty}\parindent\z@ + \parskip\z@ \@plus .3\p@\relax + \let\item\par + \def\,{\relax\ifmmode\mskip\thinmuskip + \else\hskip0.2em\ignorespaces\fi}% + \normalfont\small + \begin{multicols}{2}[\@makeschapterhead{\indexname}]% + } + {\end{multicols}} + +\renewcommand\footnoterule{% + \kern-3\p@ + \hrule\@width 2truecm + \kern2.6\p@} + \newdimen\fnindent + \fnindent1em +\long\def\@makefntext#1{% + \parindent \fnindent% + \leftskip \fnindent% + \noindent + \llap{\hb@xt@1em{\hss\@makefnmark\ }}\ignorespaces#1} + +\long\def\@makecaption#1#2{% + \vskip\abovecaptionskip + \sbox\@tempboxa{{\bfseries #1.} #2}% + \ifdim \wd\@tempboxa >\hsize + {\bfseries #1.} #2\par + \else + \global \@minipagefalse + \hb@xt@\hsize{\hfil\box\@tempboxa\hfil}% + \fi + \vskip\belowcaptionskip} + +\def\fps@figure{htbp} +\def\fnum@figure{\figurename\thinspace\thefigure} +\def \@floatboxreset {% + \reset@font + \small + \@setnobreak + \@setminipage +} +\def\fps@table{htbp} +\def\fnum@table{\tablename~\thetable} +\renewenvironment{table} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@float{table}} + {\end@float} +\renewenvironment{table*} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@dblfloat{table}} + {\end@dblfloat} + +\long\def\@caption#1[#2]#3{\par\addcontentsline{\csname + ext@#1\endcsname}{#1}{\protect\numberline{\csname + the#1\endcsname}{\ignorespaces #2}}\begingroup + \@parboxrestore + \@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par + \endgroup} + +% LaTeX does not provide a command to enter the authors institute +% addresses. The \institute command is defined here. + +\newcounter{@inst} +\newcounter{@auth} +\newcounter{auco} +\def\andname{and} +\def\lastandname{\unskip, and} +\newdimen\instindent +\newbox\authrun +\newtoks\authorrunning +\newtoks\tocauthor +\newbox\titrun +\newtoks\titlerunning +\newtoks\toctitle + +\def\clearheadinfo{\gdef\@author{No Author Given}% + \gdef\@title{No Title Given}% + \gdef\@subtitle{}% + \gdef\@institute{No Institute Given}% + \gdef\@thanks{}% + \global\titlerunning={}\global\authorrunning={}% + \global\toctitle={}\global\tocauthor={}} + +\def\institute#1{\gdef\@institute{#1}} + +\def\institutename{\par + \begingroup + \parskip=\z@ + \parindent=\z@ + \setcounter{@inst}{1}% + \def\and{\par\stepcounter{@inst}% + \noindent$^{\the@inst}$\enspace\ignorespaces}% + \setbox0=\vbox{\def\thanks##1{}\@institute}% + \ifnum\c@@inst=1\relax + \else + \setcounter{footnote}{\c@@inst}% + \setcounter{@inst}{1}% + \noindent$^{\the@inst}$\enspace + \fi + \ignorespaces + \@institute\par + \endgroup} + +\def\@fnsymbol#1{\ensuremath{\ifcase#1\or\star\or{\star\star}\or + {\star\star\star}\or \dagger\or \ddagger\or + \mathchar "278\or \mathchar "27B\or \|\or **\or \dagger\dagger + \or \ddagger\ddagger \else\@ctrerr\fi}} + +\def\inst#1{\unskip$^{#1}$} +\def\fnmsep{\unskip$^,$} +\def\email#1{{\tt#1}} +\AtBeginDocument{\@ifundefined{url}{\def\url#1{#1}}{}} +\def\homedir{\~{ }} + +\def\subtitle#1{\gdef\@subtitle{#1}} +\clearheadinfo + +\renewcommand\maketitle{\newpage + \refstepcounter{chapter}% + \stepcounter{section}% + \setcounter{section}{0}% + \setcounter{subsection}{0}% + \setcounter{figure}{0} + \setcounter{table}{0} + \setcounter{equation}{0} + \setcounter{footnote}{0}% + \begingroup + \parindent=\z@ + \renewcommand\thefootnote{\@fnsymbol\c@footnote}% + \if@twocolumn + \ifnum \col@number=\@ne + \@maketitle + \else + \twocolumn[\@maketitle]% + \fi + \else + \newpage + \global\@topnum\z@ % Prevents figures from going at top of page. + \@maketitle + \fi + \thispagestyle{empty}\@thanks +% + \def\\{\unskip\ \ignorespaces}\def\inst##1{\unskip{}}% + \def\thanks##1{\unskip{}}\def\fnmsep{\unskip}% + \instindent=\hsize + \advance\instindent by-\headlineindent + \if!\the\toctitle!\addcontentsline{toc}{title}{\@title}\else + \addcontentsline{toc}{title}{\the\toctitle}\fi + \if@runhead + \if!\the\titlerunning!\else + \edef\@title{\the\titlerunning}% + \fi + \global\setbox\titrun=\hbox{\small\rm\unboldmath\ignorespaces\@title}% + \ifdim\wd\titrun>\instindent + \typeout{Title too long for running head. Please supply}% + \typeout{a shorter form with \string\titlerunning\space prior to + \string\maketitle}% + \global\setbox\titrun=\hbox{\small\rm + Title Suppressed Due to Excessive Length}% + \fi + \xdef\@title{\copy\titrun}% + \fi +% + \if!\the\tocauthor!\relax + {\def\and{\noexpand\protect\noexpand\and}% + \protected@xdef\toc@uthor{\@author}}% + \else + \def\\{\noexpand\protect\noexpand\newline}% + \protected@xdef\scratch{\the\tocauthor}% + \protected@xdef\toc@uthor{\scratch}% + \fi + \addtocontents{toc}{{\protect\raggedright\protect\leftskip15\p@ + \protect\rightskip\@tocrmarg + \protect\itshape\toc@uthor\protect\endgraf}}% + \if@runhead + \if!\the\authorrunning! + \value{@inst}=\value{@auth}% + \setcounter{@auth}{1}% + \else + \edef\@author{\the\authorrunning}% + \fi + \global\setbox\authrun=\hbox{\small\unboldmath\@author\unskip}% + \ifdim\wd\authrun>\instindent + \typeout{Names of authors too long for running head. Please supply}% + \typeout{a shorter form with \string\authorrunning\space prior to + \string\maketitle}% + \global\setbox\authrun=\hbox{\small\rm + Authors Suppressed Due to Excessive Length}% + \fi + \xdef\@author{\copy\authrun}% + \markboth{\@author}{\@title}% + \fi + \endgroup + \setcounter{footnote}{0}% + \clearheadinfo} +% +\def\@maketitle{\newpage + \markboth{}{}% + \def\lastand{\ifnum\value{@inst}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{@inst}% + \lastand + \else + \unskip, + \fi}% + \begin{center}% + {\Large \bfseries\boldmath + \pretolerance=10000 + \@title \par}\vskip .8cm +\if!\@subtitle!\else {\large \bfseries\boldmath + \vskip -.65cm + \pretolerance=10000 + \@subtitle \par}\vskip .8cm\fi + \setbox0=\vbox{\setcounter{@auth}{1}\def\and{\stepcounter{@auth}}% + \def\thanks##1{}\@author}% + \global\value{@inst}=\value{@auth}% + \global\value{auco}=\value{@auth}% + \setcounter{@auth}{1}% +{\lineskip .5em +\noindent\ignorespaces +\(a)author\vskip.35cm} + {\small\institutename} + \end{center}% + } + +% definition of the "\spnewtheorem" command. +% +% Usage: +% +% \spnewtheorem{env_nam}{caption}[within]{cap_font}{body_font} +% or \spnewtheorem{env_nam}[numbered_like]{caption}{cap_font}{body_font} +% or \spnewtheorem*{env_nam}{caption}{cap_font}{body_font} +% +% New is "cap_font" and "body_font". It stands for +% fontdefinition of the caption and the text itself. +% +% "\spnewtheorem*" gives a theorem without number. +% +% A defined spnewthoerem environment is used as described +% by Lamport. +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\def\@thmcountersep{} +\def\(a)thmcounterend{.} + +\def\spnewtheorem{\@ifstar{\@sthm}{\@Sthm}} + +% definition of \spnewtheorem with number + +\def\@spnthm#1#2{% + \@ifnextchar[{\@spxnthm{#1}{#2}}{\@spynthm{#1}{#2}}} +\def\@Sthm#1{\@ifnextchar[{\@spothm{#1}}{\@spnthm{#1}}} + +\def\@spxnthm#1#2[#3]#4#5{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}\@addtoreset{#1}{#3}% + \expandafter\xdef\csname the#1\endcsname{\expandafter\noexpand + \csname the#3\endcsname \noexpand\@thmcountersep \@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}% + \expandafter\xdef\csname the#1\endcsname{\@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#3}{#4}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spothm#1[#2]#3#4#5{% + \@ifundefined{c@#2}{\@latexerr{No theorem environment `#2' defined}\@eha}% + {\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{the#1}{\@nameuse{the#2}}% + \expandafter\xdef\csname #1name\endcsname{#3}% + \global\@namedef{#1}{\@spthm{#2}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}}} + +\def\@spthm#1#2#3#4{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\refstepcounter{#1}% +\@ifnextchar[{\@spythm{#1}{#2}{#3}{#4}}{\@spxthm{#1}{#2}{#3}{#4}}} + +\def\@spxthm#1#2#3#4{\@spbegintheorem{#2}{\csname the#1\endcsname}{#3}{#4}% + \ignorespaces} + +\def\@spythm#1#2#3#4[#5]{\@spopargbegintheorem{#2}{\csname + the#1\endcsname}{#5}{#3}{#4}\ignorespaces} + +\def\@spbegintheorem#1#2#3#4{\trivlist + \item[\hskip\labelsep{#3#1\ #2\@thmcounterend}]#4} + +\def\@spopargbegintheorem#1#2#3#4#5{\trivlist + \item[\hskip\labelsep{#4#1\ #2}]{#4(#3)\@thmcounterend\ }#5} + +% definition of \spnewtheorem* without number + +\def\@sthm#1#2{\@Ynthm{#1}{#2}} + +\def\@Ynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{#1}{\@Thm{\csname #1name\endcsname}{#3}{#4}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@Thm#1#2#3{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\@ifnextchar[{\@Ythm{#1}{#2}{#3}}{\@Xthm{#1}{#2}{#3}}} + +\def\@Xthm#1#2#3{\@Begintheorem{#1}{#2}{#3}\ignorespaces} + +\def\@Ythm#1#2#3[#4]{\@Opargbegintheorem{#1} + {#4}{#2}{#3}\ignorespaces} + +\def\@Begintheorem#1#2#3{#3\trivlist + \item[\hskip\labelsep{#2#1\@thmcounterend}]} + +\def\@Opargbegintheorem#1#2#3#4{#4\trivlist + \item[\hskip\labelsep{#3#1}]{#3(#2)\@thmcounterend\ }} + +\if@envcntsect + \def\(a)thmcountersep{.} + \spnewtheorem{theorem}{Theorem}[section]{\bfseries}{\itshape} +\else + \spnewtheorem{theorem}{Theorem}{\bfseries}{\itshape} + \if@envcntreset + \@addtoreset{theorem}{section} + \else + \@addtoreset{theorem}{chapter} + \fi +\fi + +%definition of divers theorem environments +\spnewtheorem*{claim}{Claim}{\itshape}{\rmfamily} +\spnewtheorem*{proof}{Proof}{\itshape}{\rmfamily} +\if@envcntsame % alle Umgebungen wie Theorem. + \def\spn@wtheorem#1#2#3#4{\@spothm{#1}[theorem]{#2}{#3}{#4}} +\else % alle Umgebungen mit eigenem Zaehler + \if@envcntsect % mit section numeriert + \def\spn@wtheorem#1#2#3#4{\@spxnthm{#1}{#2}[section]{#3}{#4}} + \else % nicht mit section numeriert + \if@envcntreset + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{section}} + \else + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{chapter}}% + \fi + \fi +\fi +\spn@wtheorem{case}{Case}{\itshape}{\rmfamily} +\spn@wtheorem{conjecture}{Conjecture}{\itshape}{\rmfamily} +\spn@wtheorem{corollary}{Corollary}{\bfseries}{\itshape} +\spn@wtheorem{definition}{Definition}{\bfseries}{\itshape} +\spn@wtheorem{example}{Example}{\itshape}{\rmfamily} +\spn@wtheorem{exercise}{Exercise}{\itshape}{\rmfamily} +\spn@wtheorem{lemma}{Lemma}{\bfseries}{\itshape} +\spn@wtheorem{note}{Note}{\itshape}{\rmfamily} +\spn@wtheorem{problem}{Problem}{\itshape}{\rmfamily} +\spn@wtheorem{property}{Property}{\itshape}{\rmfamily} +\spn@wtheorem{proposition}{Proposition}{\bfseries}{\itshape} +\spn@wtheorem{question}{Question}{\itshape}{\rmfamily} +\spn@wtheorem{solution}{Solution}{\itshape}{\rmfamily} +\spn@wtheorem{remark}{Remark}{\itshape}{\rmfamily} + +\def\@takefromreset#1#2{% + \def\@tempa{#1}% + \let\@tempd\@elt + \def\@elt##1{% + \def\@tempb{##1}% + \ifx\@tempa\@tempb\else + \@addtoreset{##1}{#2}% + \fi}% + \expandafter\expandafter\let\expandafter\@tempc\csname cl@#2\endcsname + \expandafter\def\csname cl@#2\endcsname{}% + \@tempc + \let\@elt\@tempd} + +\def\theopargself{\def\@spopargbegintheorem##1##2##3##4##5{\trivlist + \item[\hskip\labelsep{##4##1\ ##2}]{##4##3\@thmcounterend\ }##5} + \def\@Opargbegintheorem##1##2##3##4{##4\trivlist + \item[\hskip\labelsep{##3##1}]{##3##2\@thmcounterend\ }} + } + +\renewenvironment{abstract}{% + \list{}{\advance\topsep by0.35cm\relax\small + \leftmargin=1cm + \labelwidth=\z@ + \listparindent=\z@ + \itemindent\listparindent + \rightmargin\leftmargin}\item[\hskip\labelsep + \bfseries\abstractname]} + {\endlist} +\renewcommand{\abstractname}{Abstract} +\renewcommand{\contentsname}{Table of Contents} +\renewcommand{\figurename}{Fig.} +\renewcommand{\tablename}{Table} + +\newdimen\headlineindent % dimension for space between +\headlineindent=1.166cm % number and text of headings. + +\def\ps@headings{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \leftmark\hfil} + \def\@oddhead{\normalfont\small\hfil\rightmark\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\def\ps@titlepage{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \hfil} + \def\@oddhead{\normalfont\small\hfil\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\if@runhead\ps@headings\else +\ps@empty\fi + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\endinput + diff --git a/position-papers/W3C-Identity/usenix.sty b/position-papers/W3C-Identity/usenix.sty new file mode 100644 index 0000000..22935a7 --- /dev/null +++ b/position-papers/W3C-Identity/usenix.sty @@ -0,0 +1,97 @@ +% usenix-2e.sty - to be used with latex2e (the new one) for USENIX. +% To use this style file, do this: +% +% \documentclass[twocolumn]{article} +% \usepackage{usenix-2e} +% and put {\rm ....} around the author names. +% +% The following definitions are modifications of standard article.sty +% definitions, arranged to do a better job of matching the USENIX +% guidelines. +% It will automatically select two-column mode and the Times-Roman +% font. + +% +% USENIX papers are two-column. +% Times-Roman font is nice if you can get it (requires NFSS, +% which is in latex2e. + +%\if@twocolumn\else\input twocolumn.sty\fi +\usepackage{times} + +% +% USENIX wants margins of: 7/8" side, 1" bottom, and 3/4" top. +% 0.25" gutter between columns. +% Gives active areas of 6.75" x 9.25" +% +\setlength{\textheight}{9.0in} +\setlength{\columnsep}{0.25in} +\setlength{\textwidth}{6.75in} +%\setlength{\textwidth}{7.00in} +%\setlength{\footheight}{0.0in} +\setlength{\topmargin}{-0.25in} +\setlength{\headheight}{0.0in} +\setlength{\headsep}{0.0in} +\setlength{\evensidemargin}{-0.125in} +\setlength{\oddsidemargin}{-0.125in} + +% +% Usenix wants no page numbers for submitted papers, so that they can +% number them themselves. +% +\pagestyle{empty} + +% +% Usenix titles are in 14-point bold type, with no date, and with no +% change in the empty page headers. The whol author section is 12 point +% italic--- you must use {\rm } around the actual author names to get +% them in roman. +% +\def\maketitle{\par + \begingroup + \renewcommand\thefootnote{\fnsymbol{footnote}}% + \def\@makefnmark{\hbox to\z@{$\m@th^{\@thefnmark}$\hss}}% + \long\def\@makefntext##1{\parindent 1em\noindent + \hbox to1.8em{\hss$\m@th^{\@thefnmark}$}##1}% + \if@twocolumn + \twocolumn[\@maketitle]% + \else \newpage + \global\@topnum\z@ + \@maketitle \fi\@thanks + \endgroup + \setcounter{footnote}{0}% + \let\maketitle\relax + \let\@maketitle\relax + \gdef\@thanks{}\gdef\@author{}\gdef\@title{}\let\thanks\relax} + +\def\@maketitle{\newpage + %\vbox to 0.5in{ + \vbox to 1.5in{ + %\vspace*{\fill} + %\vskip 2em + \begin{center}% + {\Large\bf \@title \par}% + \vskip 0.250in minus 0.250in + {\large\it + \lineskip .5em + \begin{tabular}[t]{c}\@author + \end{tabular}\par}% + \end{center}% + \par + \vspace*{\fill} +% \vskip 1.5em + } +} + +% +% The abstract is preceded by a 12-pt bold centered heading +\def\abstract{\begin{center}% +{\large\bf \abstractname\vspace{-.5em}\vspace{\z@}}% +\end{center}} +\def\endabstract{} + +% +% Main section titles are 12-pt bold. Others can be same or smaller. +% +\def\section{\@startsection {section}{1}{\z(a)}{-3.5ex plus-1ex minus + -.2ex}{2.3ex plus.2ex}{\reset@font\large\bf}}

1 0

[tor-browser-spec/master] Comit befour dooing speel chek.
by mikeperry＠torproject.org 04 May '15

04 May '15

commit 409b8c1a2f541be93b2b1126ba892a12411d3db9 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Apr 30 21:07:16 2015 -0700 Comit befour dooing speel chek. YOLLO! --- position-papers/HTTP3/HTTP3.tex | 367 +++++++++++++++++++++++++++++---------- 1 file changed, 280 insertions(+), 87 deletions(-) diff --git a/position-papers/HTTP3/HTTP3.tex b/position-papers/HTTP3/HTTP3.tex index d9f2ab0..720bc25 100644 --- a/position-papers/HTTP3/HTTP3.tex +++ b/position-papers/HTTP3/HTTP3.tex @@ -29,98 +29,291 @@ \begin{abstract} +The Tor Project has a keen interest in the development of future standards +involving the HTTP application layer and associated transport layers. At +minimum, we seek to ensure that all future HTTP standards remain compatible +with the Tor Network, avoid introducing new third party tracking and +linkability vectors, and minimize client fingerprintability. We also have a +strong interest in the development of enhancements and/or extensions that +protect the confidentiality and integrity of HTTP traffic, as well as provide +resistance to traffic fingerprinting and general traffic analysis. We are +presently actively researching these areas. \end{abstract} - \section{Introduction} -% XXX: Describe our organization? The Tor Project, Inc is a non-profit... - -% XXX: In this position paper, we describe the current and potential issues with - -Dangers and opportunities with resepect to browsing the Internet anonymously are -often tied to the browser itself and not its underlying transport protocols: -canvas fingerprinting, plugin enumeration and linking users via the DOM storage -are just a few of the means the browser offers for trying to single users out. -And even things like cookies and referrers, although belonging strictly speaking -to HTTP, the transport protocol powering the web, are usually seen in the -context of the browser itself as its additional policies shape the particular -tracking potential of these and other transport related features. -This is not much different for features in HTTP/2 although, compared to -HTTP/1.1, it has a growing list of tracking risks that should be addressed in -the specification itself. We discuss some of them below proposing ways to take -these and other risks into account in future HTTP specifications. - -Apart from the dangers we just hinted at, beginning with HTTP/2 opportunities -emerge as well: Using HTTP/2's flow control could make it easier to defend -against adversaries sniffing a user's encrypted traffic and trying to extract -information out of it by means of website traffic fingerprinting. We discuss -current limitations and potential improvements for HTTP/3. - -\section{A Short Tracking Guide(1)} - - -If we are talking about tracking on the Internet then we mainly have third-party -tracking in mind. In this scenario the attacker has basically two mechanisms -available: identifier based tracking (e.g. using cookies or cache cookies) and -fingerprinting a user's device or environment. - -Additionally, we may encounter powerful parties that see a lot of a user's -traffic due to being in a privileged position (e.g. search engines). They don't -necessarily need to bother with third party tracking and would still be able to -learn a lot of a user's details by correlating traffic which is endangering her -anonymity. - -The defenses we develop in Tor Browser are: - -1) Binding identifiers to the URL bar domain. This is retaining functionality -while preventing cross-origin identifier linkability: saving third party -identifiers (e.g. via DOM storage) in a URL bar domain context does not make -them available in a different URL bar domain context. -2) Making users as uniform as possible while not breaking functionality. -3) Providing a "New Identity" button that is clearing all browser state and -giving the user a clean, new session. - - -\subsection{User Tracking with HTTP} - -\subsection{Re-Using Connections} -Coalescing connections might allow tracking users across origins just by means -of HTTP. Together with a long keep-alive this might make it easy to correlate a -lot of cross-domain traffic of a privacy conscious user even if she has -JavaScript and third-party cookies disabled. Granted, having this feature in -HTTP/2 is a big deal especially with respect to CDNs. But still we think -allowing implementers to provide means to mitigate the issue directly in the -specification seems worthwhile to do. This does not imply avoiding coalescing -connections in the first place. Not at all. One could think about proposing a -middle ground safe-guarding privacy while still providing advantages speed- and -resource-wise: connections should not be reused across different URL bar -domains. - -\subsection{Timing Side-Channels} - -PING and SETTINGS frames are acknowledged immediately by the client which might -give servers the option to collect information about a client via timing -side-channels. It is true, there are other means an attacker could use for the -same purpose but they are either visible in the browser UI or users can disable -them. As a countermeasure the specification could at least allow jitter in some -cases (PING frames come to mind). If that is not an option one could specify -that a client may close the connection to prevent timing side-channel attacks. - - -\section{A Short Website Traffic Fingerprinting Guide} - - -\subsection{Defending against Website Traffic Fingerprinting with HTTP} - -(1) For a detailed explanation including a theroretical background see: -https://www.torproject.org/projects/torbrowser/design/. - -\section{Conclusions} - - -\bibliographystyle{plain} \bibliography{W3C-DNT} +The Tor Project, Inc is a US non-profit dedicated to providing technology and +education to support online privacy, anonymity, and censorship circumvention. +Our primary products are the Tor network software, and the Tor Browser, which +is based on Firefox. + +In this position paper, we describe the concerns of the Tor Project with +respect to future HTTP standardization. These concerns are broken down into +five areas: identifier linkability, connection usage linkability, +fingerprinting linkability, traffic confidentiality and integrity, traffic +fingerprinting and traffic analysis, and Tor network compatibility. + +Each of these areas of concern is communicated in a separate section of this +position paper. We have also performed a preliminary review of HTTP/2 with +respect to these areas, and have noted our findings inline. We will be +performing a more in-depth review of HTTP/2 for client fingerprinting and +other tracking issues in the coming months. + +\section{Identifier Linkability} + +Identifier linkability is the ability to use any form of browser state, cache, +data storage, or identifier to track (link) a user between two otherwise +independent actions. For the purposes of this position paper, we are concerned +with any browser state that persists beyond the duration of a single +connection. + +The Tor Project has designed Tor Browser with two main properties for limiting +identifier-based tracking: First Party Isolation, and Long Term Unlinkability. + +First Party Isolation is the property that a user's actions at one +top-level URL bar domain cannot be correlated or linked to their actions on a +different top-level URL bar domain. We maintain this property through a number +of patches and modifications to various aspects of browser functionality and +state keeping. +% FIXME: Cite + +Long Term Unlinkability is the property that the user may completely clear all +website-visible data and other identifiers associated, such that their future +activity cannot be linked or correlated to any activity prior to this action. +Tor Browser provides Long Term Unlinkability by allowing the user to clear all +browser tracking data in a single click (called "New Identity"). Our long-term +goal is to allow users to define their relationship with individual first +parties, and alter that relationship by resetting or blocking the associated +tracking data on a per-site basis. + +\subsection{Identifier Linkability in HTTP/2} + +The Tor Project is still in the process of evaluating the stateful nature of +HTTP/2 connections. It is likely that we will be able to isolate the usage of +HTTP/2 connection state in a similar way to how we currently isolate HTTP +connection state, as well as close these connections and clear that state when +the user chooses to use a New Identity. However, it is not clear yet at this +point how complicated this isolation will be. + +\subsection{Avoiding Future Identifier Linkability} + +We feel that it is very important that mechanisms for identifier usage, +storage, and connection-related state keeping be cleanly abstracted and +narrowly scoped within the HTTP protocol. However, we also recognize that to a +large degree identifier usage and the resulting linkability is primarly an +implementation detail, and not specific to the protocol itself. + +Identifier linkability will become a problem if instances arise where the +server is allowed to specify a setting or configuration property for a client +that must presist beyond the duration of the session. In these cases, care +must be taken to ensure that this data is cleared or isolated upon entry to +private browsing mode, or when the user attempts to clear their private data. + + +\section{Connection Usage Linkability} + +Connection usage linkability arises from the use of the same underlying +transport stream for requests that would otherwise be independent due to the +first party isolation of their associated identifiers and browser state. + +Tor Browser currently enforces connection usage unlinkability at the HTTP +layer, by creating independent HTTP connections for third party hosts that +are sourced from different first party domains. + +\subsection{Connection Usage Linkability with HTTP/2} + +The heavy use of connection multiplexing in HTTP/2 may present additional +complexities for ensuring that requests are isolated. Unfortunately, unlike +identifier usage, connection usage linkability is encouraged by the +HTTP/2 specification in Section 9.1 (in the form of specifying that clients +SHOULD NOT open more than one connection to a given host and port). + +\subsection{Avoiding Future Connection Usage Linkability} + +In the future, connection usage linkability may become a problem if the notion +of a connection becomes further abstracted from the transport, and instead is +enforced through a collection of identifiers or stateful behavior in the +browser. This may tend to further encourage implementations that make it +difficult to decouple the notion of a connection from the notion of a +destination address. + +Even this is technically an implementation issue, but consideration should be +taken to ensure that the specification does not encourage implementations to +bake in deep assumptions about providing only a single connection instance per +site, as was done for HTTP/2. + +\section{Fingerprinting Linkability} + +User agent fingerprinting arises from four sources: end-user configuration +details, device and hardware characteristics, operating system vendor and +version differences, and browser vendor and version differences. + +The Tor Project is primarily concerned with minimzing the ability of websites +to obtain or infer end user configuration details and device characteristics. +We concern ourselves with operating system fingerprinting only to the point of +removing ways of detecting a specific operating system version. We make no +attempt to address fingerprinting due to browser vendor and version +differences. % FIXME: cite fingerprinting doc + +Under this model, it is unlikely that very many fingerprinting vectors that +concern us will arise in the HTTP layer. However, the possibility for end user +configuration details to leak into behaviors of the HTTP layer is still a +possibility. + +\subsection{Fingerprinting Linkability in HTTP/2} + +The Tor Project is still in the process of evaluating client +fingerprintability in HTTP/2. The largest potential source of fingerprinting +appears to be in the SETTINGS frame. If these values vary depending on end-user +configuration, hardware capabilities, or operating system version, we may +alter our implementation's behavior accordingly. + +\subsection{Avoiding Future Fingerprinting Linkability} + +It is concievable that more fingerprinting vectors could arise in future, +especially if flow control and stream multiplexing decisions are delegated to +the client, and depend on things like available system memory, available CPU +cores, or other details. Care should be taken to avoid these situations, +though we also expect them to be unlikely. + +\section{Traffic Confidentiality and Integrity} + +The Tor Project is very interested in any efforts to improve the +confidentiality and integrity of the session layer of HTTP/3. + +In particular, we are strong advocates for mandatory authenticated encryption +of HTTP/3 connections. The availability of entry-level authentication through +the Let's Encrypt Project should eliminate the remaining barriers to requiring +authenticated encryption, as opposed to deploying opportunistic mechanisms. + +We are also interested in efforts to encrypt the ClientHello and ServerHello +messages in an initial forward-secure handshake, as described in the Encrytped +TLS Handshake proposal. If SNI, ALPN, and the ServerHello can be encrypted +using an ephemeral exchange that is authenticated later in the handshake, +the adversary loses a great deal of information about the user's intended +destination site. When large scale CDNs and multi-site load balancers are +involved, the ulimate destination would be impossible to determine with this +type of handshake in place. This will aid in defenses against traffic +fingerprinting and traffic analysis, which we describe detail in the next +section. + +% FIXME: Cite https://tools.ietf.org/html/draft-ray-tls-encrypted-handshake-00 + +\section{Traffic Fingerprinting and Traffic Analysis} + +Website Traffic Fingerprinting is the process of using machine learning to +classify web page visits based on their encrypted traffic patterns. It is most +effective when exact request and response lengths are visible, and when the +classification domain is limited by knowledge of the specific site being +visited. + +Tor's fixed 512 byte packet size and large classification domain go a long way +to imede this attack for minimal overhead. The 512 byte packet size helps to +obscure some amount of length information, and Tor's link encryption conceals +the destination website reduces classifier accuracy and capabilities, due +largely to the Base Rate Fallacy. There was some initial controversy in the +literature as to the exact degree to which this was the case, but after +publicly requesting that these effects be studied in closer detail, recent +results have confirmed and quantized the benefits conferred by Tor's unique +link encryption. + +For this reason, we have been encouraging continued study of low-overhead +defenses against traffic fingerprinting. We are optimistic that clever use of +request bundling and response chunking can be combined with minimal amounts of +padding to significantly reduce the accuracy of this attack, even when the +attack is combined with prior information that reduces the size of the +classification domain. + +With the aid of an encrypted TLS handshake, we are also hopeful that these +defenses will also be applicable to non-Tor TLS sessions as well. This will +also serve to increase the difficulty of end-to-end correlation and general +traffic analysis of Tor Exit node traffic. + +% FIXME: Cite Mjarez's paper and wfpadtools + +\subsection{Traffic Analysis Issues with HTTP/2} + +In our preliminary investigation of HTTP2/, however, we discovered that +certain aspects of the protocol may aid certain types of traffic analysis +attacks. + +In particular, the PING and SETTINGS frames are acknowledged immediately by +the client which might give servers the option to collect information about a +client via timing side-channels. They also allow the server to introduce an +active traffic pattern that can be used for end-to-end correlation or +confirmation, independent of client behavior. + +It is true that there are other means an attacker could use for the same +purpose (such as redirects or Javascript), but these mechanisms can either be +disabled by the user, reflected in UI activity, or otherwise mitigated by Tor +Browser + +In Tor Browser, we will likely close the connection after recieving some rate +of unsolicitied PING or SETTINGS updates, and introduce delay or jitter before +responding to these requests before that point. However, lack of explicit +guidance in the specification about this issue raises concerns about what +frequencies of these frames are likely to contitute attacks, or instead +represent normal server behavior in the wild due to overly-aggressive HTTP/2 +implementations. + +\subsection{Future Traffic Analysis Resistance Enhancements for HTTP/3} + +In terms of assisting traffic analysis defenses, we would like to see +capabilities for larger amounts of per-frame padding, and more fine-grained +client-side control over frame sizes. Unfortunately the 256 bytes of padding +provided by HTTP/2 is likely to be inconsequential when combined with a 16K +frame size. + +In combination with researchers at the University of Leuven, the Tor Project +has also developed a protocol and prototype implementation for communicating +statistical schedules for asynchonous padding from Tor clients to Tor relays. +The research community is currently in the process of evaluating the efficacy +of this protocol against traffic fingerprinting and other traffic analysis +attacks. + +Pending the results of this analysis, these padding commands could form the +basis of new HTTP/3 frame commands for communicating more sophisticated (yet +still traffic-bounded) padding schedules to HTTP/3 servers. + +% FIXME: Cite. + +\section{Tor Network Compatibility} + +Our final area of concern is continued compatibility of the Tor network with +future versions of the HTTP protocol. + +It is our understanding that there is a desire for future versions of HTTP to +move to a UDP transport layer so that reliability, congestion control, and +client mobility will be more directly under control of the application layer. + +At present, the Tor Network is only capable of carrying TCP traffic. While we +would like to support UDP traffic and indeed eventually transition the entire +Tor network to our own datagram protocol with custom congestion and flow +control, additional research is still needed to examine the anonymity +implications associated with this transition. Our present estimate is that a +full network transition to UDP is at least five years away. + +% FIXME: Site Murdoch's UDP study + +While it will be technically possible to support the transit of UDP inside our +existing TCP overlay network without signficant anonymity risks within a +year's time or sooner, it is unlikely that this level of support will be +sufficient to warrant the use of a finely-tuned UDP version of HTTP rather +than a TCP variant. + +We are also concerned that even with a full network transition to a datagram +transport, it is likely that the congestion, flow, and reliability control of +a UDP version of HTTP/3 may still end up performing poorly over higher-latency +overlay networks such as ours. We are especially interested in ensuring that +overlay networks are taken in to account in the design of any UDP-based future +versions of HTTP, and would also prefer to retain the ability to use future +HTTP versions over TCP, should the UDP implementations prove suboptimal for +our use case. + + + +\bibliographystyle{plain} \bibliography{HTTP3} \clearpage \appendix

1 0

[tor-browser-spec/master] Inital LaTex import of Georg's sections.
by mikeperry＠torproject.org 04 May '15

04 May '15

commit f550afc2aed73937cbe0ff74b30f7cc0b068033a Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Apr 30 15:09:40 2015 -0700 Inital LaTex import of Georg's sections. --- position-papers/HTTP3/HTTP3.bbl | 60 +++ position-papers/HTTP3/HTTP3.tex | 128 +++++ position-papers/HTTP3/llncs.cls | 1016 ++++++++++++++++++++++++++++++++++++++ position-papers/HTTP3/usenix.sty | 97 ++++ 4 files changed, 1301 insertions(+) diff --git a/position-papers/HTTP3/HTTP3.bbl b/position-papers/HTTP3/HTTP3.bbl new file mode 100644 index 0000000..feb7b6f --- /dev/null +++ b/position-papers/HTTP3/HTTP3.bbl @@ -0,0 +1,60 @@ +\begin{thebibliography}{10} + +\bibitem{web-send} +Tyler Close, Rajiv Makhijani, Mark Seaborn, Kenton Varda, Johan Apelqvist, + Claes Nilsson, and Mike Hanson. +\newblock {Web Introducer}. +\newblock \url{http://web-send.org/introducer/}. + +\bibitem{target} +Charles Duhigg. +\newblock {How Companies Learn Your Secrets}. +\newblock + \url{https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewa% +nted=9}. + +\bibitem{panopticlick} +Peter Eckersley. +\newblock How unique is your web browser? +\newblock In {\em Proceedings of the 10th international conference on Privacy + enhancing technologies}, PETS'10, pages 1--18, Berlin, Heidelberg, 2010. + Springer-Verlag. + +\bibitem{DNT-adoption} +Alex Fowler. +\newblock {Mozilla Led Effort for DNT Finds Broad Support}. +\newblock + \url{https://blog.mozilla.org/privacy/2012/02/23/mozilla-led-effort-for-dnt-% +finds-broad-support/}. + +\bibitem{safecache} +Collin Jackson and Dan Boneh. +\newblock Protecting browser state from web privacy attacks. +\newblock In {\em In Proceedings of the International World Wide Web + Conference}, pages 737--744, 2006. + +\bibitem{DNT-draft} +J.~Mayer, A.~Narayanan, and S.~Stamm. +\newblock {Do Not Track: A Universal Third-Party Web Tracking Opt Out}. +\newblock \url{https://tools.ietf.org/html/draft-mayer-do-not-track-00}. + +\bibitem{fourthparty} +Jonathan~R. Mayer and John~C. Mitchell. +\newblock {Third-Party Web Tracking: Policy and Technology}. +\newblock \url{https://www.stanford.edu/~jmayer/papers/trackingsurvey12.pdf}. + +\bibitem{Persona} +Mozilla~Developer Network. +\newblock {Persona}. +\newblock \url{https://developer.mozilla.org/en-US/docs/persona}. + +\bibitem{torbrowser} +Mike Perry. +\newblock {The Design and Implementation of the Tor Browser}. +\newblock \url{https://www.torproject.org/projects/torbrowser/design/}. + +\bibitem{thirdparty} +Dan Witte. +\newblock \url{https://wiki.mozilla.org/Thirdparty}. + +\end{thebibliography} diff --git a/position-papers/HTTP3/HTTP3.tex b/position-papers/HTTP3/HTTP3.tex new file mode 100644 index 0000000..d9f2ab0 --- /dev/null +++ b/position-papers/HTTP3/HTTP3.tex @@ -0,0 +1,128 @@ +%\documentclass{llncs} +\documentclass[letterpaper,11pt]{llncs} +%\documentclass{article} % llncs + +\usepackage{usenix} +\usepackage{url} +\usepackage{amsmath} +\usepackage{epsfig} +\usepackage{epsf} +\usepackage{listings} + +%\setlength{\textwidth}{6in} +%\setlength{\textheight}{8.4in} +%\setlength{\topmargin}{.5cm} +%\setlength{\oddsidemargin}{1cm} +%\setlength{\evensidemargin}{1cm} + +\begin{document} + +\title{The Future of HTTP and Anonymity on the Internet} + +\author{Georg Koppen \\ The Tor Project, Inc \\ georg(a)torproject.org} +\author{Mike Perry \\ The Tor Project, Inc \\ mikeperry(a)torproject.org} + +%\institute{The Internet} + +\maketitle +\pagestyle{plain} + +\begin{abstract} + + +\end{abstract} + + +\section{Introduction} + +% XXX: Describe our organization? The Tor Project, Inc is a non-profit... + +% XXX: In this position paper, we describe the current and potential issues with + +Dangers and opportunities with resepect to browsing the Internet anonymously are +often tied to the browser itself and not its underlying transport protocols: +canvas fingerprinting, plugin enumeration and linking users via the DOM storage +are just a few of the means the browser offers for trying to single users out. +And even things like cookies and referrers, although belonging strictly speaking +to HTTP, the transport protocol powering the web, are usually seen in the +context of the browser itself as its additional policies shape the particular +tracking potential of these and other transport related features. +This is not much different for features in HTTP/2 although, compared to +HTTP/1.1, it has a growing list of tracking risks that should be addressed in +the specification itself. We discuss some of them below proposing ways to take +these and other risks into account in future HTTP specifications. + +Apart from the dangers we just hinted at, beginning with HTTP/2 opportunities +emerge as well: Using HTTP/2's flow control could make it easier to defend +against adversaries sniffing a user's encrypted traffic and trying to extract +information out of it by means of website traffic fingerprinting. We discuss +current limitations and potential improvements for HTTP/3. + +\section{A Short Tracking Guide(1)} + + +If we are talking about tracking on the Internet then we mainly have third-party +tracking in mind. In this scenario the attacker has basically two mechanisms +available: identifier based tracking (e.g. using cookies or cache cookies) and +fingerprinting a user's device or environment. + +Additionally, we may encounter powerful parties that see a lot of a user's +traffic due to being in a privileged position (e.g. search engines). They don't +necessarily need to bother with third party tracking and would still be able to +learn a lot of a user's details by correlating traffic which is endangering her +anonymity. + +The defenses we develop in Tor Browser are: + +1) Binding identifiers to the URL bar domain. This is retaining functionality +while preventing cross-origin identifier linkability: saving third party +identifiers (e.g. via DOM storage) in a URL bar domain context does not make +them available in a different URL bar domain context. +2) Making users as uniform as possible while not breaking functionality. +3) Providing a "New Identity" button that is clearing all browser state and +giving the user a clean, new session. + + +\subsection{User Tracking with HTTP} + +\subsection{Re-Using Connections} +Coalescing connections might allow tracking users across origins just by means +of HTTP. Together with a long keep-alive this might make it easy to correlate a +lot of cross-domain traffic of a privacy conscious user even if she has +JavaScript and third-party cookies disabled. Granted, having this feature in +HTTP/2 is a big deal especially with respect to CDNs. But still we think +allowing implementers to provide means to mitigate the issue directly in the +specification seems worthwhile to do. This does not imply avoiding coalescing +connections in the first place. Not at all. One could think about proposing a +middle ground safe-guarding privacy while still providing advantages speed- and +resource-wise: connections should not be reused across different URL bar +domains. + +\subsection{Timing Side-Channels} + +PING and SETTINGS frames are acknowledged immediately by the client which might +give servers the option to collect information about a client via timing +side-channels. It is true, there are other means an attacker could use for the +same purpose but they are either visible in the browser UI or users can disable +them. As a countermeasure the specification could at least allow jitter in some +cases (PING frames come to mind). If that is not an option one could specify +that a client may close the connection to prevent timing side-channel attacks. + + +\section{A Short Website Traffic Fingerprinting Guide} + + +\subsection{Defending against Website Traffic Fingerprinting with HTTP} + +(1) For a detailed explanation including a theroretical background see: +https://www.torproject.org/projects/torbrowser/design/. + +\section{Conclusions} + + +\bibliographystyle{plain} \bibliography{W3C-DNT} + +\clearpage +\appendix + +\end{document} diff --git a/position-papers/HTTP3/llncs.cls b/position-papers/HTTP3/llncs.cls new file mode 100644 index 0000000..0308e57 --- /dev/null +++ b/position-papers/HTTP3/llncs.cls @@ -0,0 +1,1016 @@ +% LLNCS DOCUMENT CLASS -- version 2.8 +% for LaTeX2e +% +\NeedsTeXFormat{LaTeX2e}[1995/12/01] +\ProvidesClass{llncs}[2000/05/16 v2.8 +^^JLaTeX document class for Lecture Notes in Computer Science] +% Options +\let\if@envcntreset\iffalse +\DeclareOption{envcountreset}{\let\if@envcntreset\iftrue} +\DeclareOption{citeauthoryear}{\let\citeauthoryear=Y} +\DeclareOption{oribibl}{\let\oribibl=Y} +\let\if@custvec\iftrue +\DeclareOption{orivec}{\let\if@custvec\iffalse} +\let\if@envcntsame\iffalse +\DeclareOption{envcountsame}{\let\if@envcntsame\iftrue} +\let\if@envcntsect\iffalse +\DeclareOption{envcountsect}{\let\if@envcntsect\iftrue} +\let\if@runhead\iffalse +\DeclareOption{runningheads}{\let\if@runhead\iftrue} + +\let\if@openbib\iffalse +\DeclareOption{openbib}{\let\if@openbib\iftrue} + +\DeclareOption*{\PassOptionsToClass{\CurrentOption}{article}} + +\ProcessOptions + +\LoadClass[twoside]{article} +\RequirePackage{multicol} % needed for the list of participants, index + +\setlength{\textwidth}{12.2cm} +\setlength{\textheight}{19.3cm} + +% Ragged bottom for the actual page +\def\thisbottomragged{\def\@textbottom{\vskip\z@ plus.0001fil +\global\let\@textbottom\relax}} + +\renewcommand\small{% + \@setfontsize\small\@ixpt{11}% + \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@ + \abovedisplayshortskip \z@ \@plus2\p@ + \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@ + \def\@listi{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@}% + \belowdisplayskip \abovedisplayskip +} + +\frenchspacing +\widowpenalty=10000 +\clubpenalty=10000 + +\setlength\oddsidemargin {63\p@} +\setlength\evensidemargin {63\p@} +\setlength\marginparwidth {90\p@} + +\setlength\headsep {16\p@} + +\setlength\footnotesep{7.7\p@} +\setlength\textfloatsep{8mm\@plus 2\p@ \@minus 4\p@} +\setlength\intextsep {8mm\@plus 2\p@ \@minus 2\p@} + +\setcounter{secnumdepth}{2} + +\newcounter {chapter} +\renewcommand\thechapter {\@arabic\c@chapter} + +\newif\if@mainmatter \@mainmattertrue +\newcommand\frontmatter{\cleardoublepage + \@mainmatterfalse\pagenumbering{Roman}} +\newcommand\mainmatter{\cleardoublepage + \@mainmattertrue\pagenumbering{arabic}} +\newcommand\backmatter{\if@openright\cleardoublepage\else\clearpage\fi + \@mainmatterfalse} + +\renewcommand\part{\cleardoublepage + \thispagestyle{empty}% + \if@twocolumn + \onecolumn + \@tempswatrue + \else + \@tempswafalse + \fi + \null\vfil + \secdef\@part\@spart} + +\def\@part[#1]#2{% + \ifnum \c@secnumdepth >-2\relax + \refstepcounter{part}% + \addcontentsline{toc}{part}{\thepart\hspace{1em}#1}% + \else + \addcontentsline{toc}{part}{#1}% + \fi + \markboth{}{}% + {\centering + \interlinepenalty \@M + \normalfont + \ifnum \c@secnumdepth >-2\relax + \huge\bfseries \partname~\thepart + \par + \vskip 20\p@ + \fi + \Huge \bfseries #2\par}% + \@endpart} +\def\@spart#1{% + {\centering + \interlinepenalty \@M + \normalfont + \Huge \bfseries #1\par}% + \@endpart} +\def\@endpart{\vfil\newpage + \if@twoside + \null + \thispagestyle{empty}% + \newpage + \fi + \if@tempswa + \twocolumn + \fi} + +\newcommand\chapter{\clearpage + \thispagestyle{empty}% + \global\@topnum\z@ + \@afterindentfalse + \secdef\@chapter\@schapter} +\def\@chapter[#1]#2{\ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \refstepcounter{chapter}% + \typeout{\(a)chapapp\space\thechapter.}% + \addcontentsline{toc}{chapter}% + {\protect\numberline{\thechapter}#1}% + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \chaptermark{#1}% + \addtocontents{lof}{\protect\addvspace{10\p@}}% + \addtocontents{lot}{\protect\addvspace{10\p@}}% + \if@twocolumn + \@topnewpage[\@makechapterhead{#2}]% + \else + \@makechapterhead{#2}% + \@afterheading + \fi} +\def\@makechapterhead#1{% +% \vspace*{50\p@}% + {\centering + \ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \large\bfseries \@chapapp{} \thechapter + \par\nobreak + \vskip 20\p@ + \fi + \fi + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} +\def\@schapter#1{\if@twocolumn + \@topnewpage[\@makeschapterhead{#1}]% + \else + \@makeschapterhead{#1}% + \@afterheading + \fi} +\def\@makeschapterhead#1{% +% \vspace*{50\p@}% + {\centering + \normalfont + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} + +\renewcommand\section{\@startsection{section}{1}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {12\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\large\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsection{\@startsection{subsection}{2}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {8\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\normalsize\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\bfseries\boldmath}} +\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}% + {-12\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\itshape}} +\renewcommand\subparagraph[1]{\typeout{LLNCS warning: You should not use + \string\subparagraph\space with this class}\vskip0.5cm +You should not use \verb|\subparagraph| with this class.\vskip0.5cm} + +\DeclareMathSymbol{\Gamma}{\mathalpha}{letters}{"00} +\DeclareMathSymbol{\Delta}{\mathalpha}{letters}{"01} +\DeclareMathSymbol{\Theta}{\mathalpha}{letters}{"02} +\DeclareMathSymbol{\Lambda}{\mathalpha}{letters}{"03} +\DeclareMathSymbol{\Xi}{\mathalpha}{letters}{"04} +\DeclareMathSymbol{\Pi}{\mathalpha}{letters}{"05} +\DeclareMathSymbol{\Sigma}{\mathalpha}{letters}{"06} +\DeclareMathSymbol{\Upsilon}{\mathalpha}{letters}{"07} +\DeclareMathSymbol{\Phi}{\mathalpha}{letters}{"08} +\DeclareMathSymbol{\Psi}{\mathalpha}{letters}{"09} +\DeclareMathSymbol{\Omega}{\mathalpha}{letters}{"0A} + +\let\footnotesize\small + +\if@custvec +\def\vec#1{\mathchoice{\mbox{\boldmath$\displaystyle#1$}} +{\mbox{\boldmath$\textstyle#1$}} +{\mbox{\boldmath$\scriptstyle#1$}} +{\mbox{\boldmath$\scriptscriptstyle#1$}}} +\fi + +\def\squareforqed{\hbox{\rlap{$\sqcap$}$\sqcup$}} +\def\qed{\ifmmode\squareforqed\else{\unskip\nobreak\hfil +\penalty50\hskip1em\null\nobreak\hfil\squareforqed +\parfillskip=0pt\finalhyphendemerits=0\endgraf}\fi} + +\def\getsto{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr\gets\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +\gets\cr\to\cr}}}}} +\def\lid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr<\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr<\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr<\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +<\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\gid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr>\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr>\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\grole{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr +>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.8pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.3pt}<\cr}}}}} +\def\bbbr{{\rm I\!R}} %reelle Zahlen +\def\bbbm{{\rm I\!M}} +\def\bbbn{{\rm I\!N}} %natuerliche Zahlen +\def\bbbf{{\rm I\!F}} +\def\bbbh{{\rm I\!H}} +\def\bbbk{{\rm I\!K}} +\def\bbbp{{\rm I\!P}} +\def\bbbone{{\mathchoice {\rm 1\mskip-4mu l} {\rm 1\mskip-4mu l} +{\rm 1\mskip-4.5mu l} {\rm 1\mskip-5mu l}}} +\def\bbbc{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbq{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}}}} +\def\bbbt{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +T$}\hbox{\hbox to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbs{{\mathchoice +{\setbox0=\hbox{$\displaystyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.5\wd0\vrule height0.45\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.4\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.55\wd0\vrule height0.45\ht0\hss}\box0}}}} +\def\bbbz{{\mathchoice {\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\scriptstyle Z\kern-0.3em Z$}} +{\hbox{$\mathsf\scriptscriptstyle Z\kern-0.2em Z$}}}} + +\let\ts\, + +\setlength\leftmargini {17\p@} +\setlength\leftmargin {\leftmargini} +\setlength\leftmarginii {\leftmargini} +\setlength\leftmarginiii {\leftmargini} +\setlength\leftmarginiv {\leftmargini} +\setlength \labelsep {.5em} +\setlength \labelwidth{\leftmargini} +\addtolength\labelwidth{-\labelsep} + +\def\@listI{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@} +\let\@listi\@listI +\@listi +\def\@listii {\leftmargin\leftmarginii + \labelwidth\leftmarginii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus2\p@ \@minus\p@} +\def\@listiii{\leftmargin\leftmarginiii + \labelwidth\leftmarginiii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus\p@\@minus\p@ + \parsep \z@ + \partopsep \p@ \@plus\z@ \@minus\p@} + +\renewcommand\labelitemi{\normalfont\bfseries --} +\renewcommand\labelitemii{$\m@th\bullet$} + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\def\tableofcontents{\chapter*{\contentsname\@mkboth{{\contentsname}}% + {{\contentsname}}} + \def\authcount##1{\setcounter{auco}{##1}\setcounter{@auth}{1}} + \def\lastand{\ifnum\value{auco}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{auco}% + \lastand + \else + \unskip, + \fi}% + \@starttoc{toc}\if@restonecol\twocolumn\fi} + +\def\l@part#1#2{\addpenalty{\@secpenalty}% + \addvspace{2em plus\p@}% % space above part line + \begingroup + \parindent \z@ + \rightskip \z@ plus 5em + \hrule\vskip5pt + \large % same size as for a contribution heading + \bfseries\boldmath % set line in boldface + \leavevmode % TeX command to enter horizontal mode. + #1\par + \vskip5pt + \hrule + \vskip1pt + \nobreak % Never break after part entry + \endgroup} + +\def\@dotsep{2} + +\def\hyperhrefextend{\ifx\hyper@anchor\@undefined\else +{chapter.\thechapter}\fi} + +\def\addnumcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{\protect\numberline + {\thechapter}#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmarkwop#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{0}\hyperhrefextend}} + +\def\@adcmk[#1]{\ifcase #1 \or +\def\@gtempa{\addnumcontentsmark}% + \or \def\@gtempa{\addcontentsmark}% + \or \def\@gtempa{\addcontentsmarkwop}% + \fi\@gtempa{toc}{chapter}} +\def\addtocmark{\@ifnextchar[{\@adcmk}{\@adcmk[3]}} + +\def\l@chapter#1#2{\addpenalty{-\@highpenalty} + \vskip 1.0em plus 1pt \@tempdima 1.5em \begingroup + \parindent \z@ \rightskip \@pnumwidth + \parfillskip -\@pnumwidth + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + {\large\bfseries\boldmath#1}\ifx0#2\hfil\null + \else + \nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}% + \fi\par + \penalty\@highpenalty \endgroup} + +\def\l@title#1#2{\addpenalty{-\@highpenalty} + \addvspace{8pt plus 1pt} + \@tempdima \z@ + \begingroup + \parindent \z@ \rightskip \@tocrmarg + \parfillskip -\@tocrmarg + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + #1\nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}\par + \penalty\@highpenalty \endgroup} + +\setcounter{tocdepth}{0} +\newdimen\tocchpnum +\newdimen\tocsecnum +\newdimen\tocsectotal +\newdimen\tocsubsecnum +\newdimen\tocsubsectotal +\newdimen\tocsubsubsecnum +\newdimen\tocsubsubsectotal +\newdimen\tocparanum +\newdimen\tocparatotal +\newdimen\tocsubparanum +\tocchpnum=\z@ % no chapter numbers +\tocsecnum=15\p@ % section 88. plus 2.222pt +\tocsubsecnum=23\p@ % subsection 88.8 plus 2.222pt +\tocsubsubsecnum=27\p@ % subsubsection 88.8.8 plus 1.444pt +\tocparanum=35\p@ % paragraph 88.8.8.8 plus 1.666pt +\tocsubparanum=43\p@ % subparagraph 88.8.8.8.8 plus 1.888pt +\def\calctocindent{% +\tocsectotal=\tocchpnum +\advance\tocsectotal by\tocsecnum +\tocsubsectotal=\tocsectotal +\advance\tocsubsectotal by\tocsubsecnum +\tocsubsubsectotal=\tocsubsectotal +\advance\tocsubsubsectotal by\tocsubsubsecnum +\tocparatotal=\tocsubsubsectotal +\advance\tocparatotal by\tocparanum} +\calctocindent + +\def\l@section{\@dottedtocline{1}{\tocchpnum}{\tocsecnum}} +\def\l@subsection{\@dottedtocline{2}{\tocsectotal}{\tocsubsecnum}} +\def\l@subsubsection{\@dottedtocline{3}{\tocsubsectotal}{\tocsubsubsecnum}} +\def\l@paragraph{\@dottedtocline{4}{\tocsubsubsectotal}{\tocparanum}} +\def\l@subparagraph{\@dottedtocline{5}{\tocparatotal}{\tocsubparanum}} + +\def\listoffigures{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listfigurename\@mkboth{{\listfigurename}}{{\listfigurename}}} + \@starttoc{lof}\if@restonecol\twocolumn\fi} +\def\l@figure{\@dottedtocline{1}{0em}{1.5em}} + +\def\listoftables{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listtablename\@mkboth{{\listtablename}}{{\listtablename}}} + \@starttoc{lot}\if@restonecol\twocolumn\fi} +\let\l@table\l@figure + +\renewcommand\listoffigures{% + \section*{\listfigurename + \@mkboth{\listfigurename}{\listfigurename}}% + \@starttoc{lof}% + } + +\renewcommand\listoftables{% + \section*{\listtablename + \@mkboth{\listtablename}{\listtablename}}% + \@starttoc{lot}% + } + +\ifx\oribibl\undefined +\ifx\citeauthoryear\undefined +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \def\(a)biblabel##1{##1.} + \small + \list{\@biblabel{\@arabic\c@enumiv}}% + {\settowidth\labelwidth{\@biblabel{#1}}% + \leftmargin\labelwidth + \advance\leftmargin\labelsep + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{\@arabic\c@enumiv}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} +\def\@lbibitem[#1]#2{\item[{[#1]}\hfill]\if@filesw + {\let\protect\noexpand\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} +\newcount\@tempcntc +\def\@citex[#1]#2{\if@filesw\immediate\write\@auxout{\string\citation{#2}}\fi + \@tempcnta\z@\@tempcntb\m@ne\def\@citea{}\@cite{\@for\@citeb:=#2\do + {\@ifundefined + {b@\@citeb}{\@citeo\@tempcntb\m@ne\@citea\def\@citea{,}{\bfseries + ?}\@warning + {Citation `\@citeb' on page \thepage \space undefined}}% + {\setbox\z@\hbox{\global\@tempcntc0\csname b@\@citeb\endcsname\relax}% + \ifnum\@tempcntc=\z@ \@citeo\@tempcntb\m@ne + \@citea\def\@citea{,}\hbox{\csname b@\@citeb\endcsname}% + \else + \advance\@tempcntb\@ne + \ifnum\@tempcntb=\@tempcntc + \else\advance\@tempcntb\m@ne\@citeo + \@tempcnta\@tempcntc\@tempcntb\@tempcntc\fi\fi}}\@citeo}{#1}} +\def\@citeo{\ifnum\@tempcnta>\@tempcntb\else + \@citea\def\@citea{,\,\hskip\z@skip}% + \ifnum\@tempcnta=\@tempcntb\the\@tempcnta\else + {\advance\@tempcnta\@ne\ifnum\@tempcnta=\@tempcntb \else + \def\@citea{--}\fi + \advance\@tempcnta\m@ne\the\@tempcnta\@citea\the\@tempcntb}\fi\fi} +\else +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \small + \list{}% + {\settowidth\labelwidth{}% + \leftmargin\parindent + \itemindent=-\parindent + \labelsep=\z@ + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} + \def\@cite#1{#1}% + \def\@lbibitem[#1]#2{\item[]\if@filesw + {\def\protect##1{\string ##1\space}\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} + \fi +\else +\@cons\@openbib@code{\noexpand\small} +\fi + +\def\idxquad{\hskip 10\p@}% space that divides entry from number + +\def\@idxitem{\par\hangindent 10\p@} + +\def\subitem{\par\setbox0=\hbox{--\enspace}% second order + \noindent\hangindent\wd0\box0}% index entry + +\def\subsubitem{\par\setbox0=\hbox{--\,--\enspace}% third + \noindent\hangindent\wd0\box0}% order index entry + +\def\indexspace{\par \vskip 10\p@ plus5\p@ minus3\p@\relax} + +\renewenvironment{theindex} + {\@mkboth{\indexname}{\indexname}% + \thispagestyle{empty}\parindent\z@ + \parskip\z@ \@plus .3\p@\relax + \let\item\par + \def\,{\relax\ifmmode\mskip\thinmuskip + \else\hskip0.2em\ignorespaces\fi}% + \normalfont\small + \begin{multicols}{2}[\@makeschapterhead{\indexname}]% + } + {\end{multicols}} + +\renewcommand\footnoterule{% + \kern-3\p@ + \hrule\@width 2truecm + \kern2.6\p@} + \newdimen\fnindent + \fnindent1em +\long\def\@makefntext#1{% + \parindent \fnindent% + \leftskip \fnindent% + \noindent + \llap{\hb@xt@1em{\hss\@makefnmark\ }}\ignorespaces#1} + +\long\def\@makecaption#1#2{% + \vskip\abovecaptionskip + \sbox\@tempboxa{{\bfseries #1.} #2}% + \ifdim \wd\@tempboxa >\hsize + {\bfseries #1.} #2\par + \else + \global \@minipagefalse + \hb@xt@\hsize{\hfil\box\@tempboxa\hfil}% + \fi + \vskip\belowcaptionskip} + +\def\fps@figure{htbp} +\def\fnum@figure{\figurename\thinspace\thefigure} +\def \@floatboxreset {% + \reset@font + \small + \@setnobreak + \@setminipage +} +\def\fps@table{htbp} +\def\fnum@table{\tablename~\thetable} +\renewenvironment{table} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@float{table}} + {\end@float} +\renewenvironment{table*} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@dblfloat{table}} + {\end@dblfloat} + +\long\def\@caption#1[#2]#3{\par\addcontentsline{\csname + ext@#1\endcsname}{#1}{\protect\numberline{\csname + the#1\endcsname}{\ignorespaces #2}}\begingroup + \@parboxrestore + \@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par + \endgroup} + +% LaTeX does not provide a command to enter the authors institute +% addresses. The \institute command is defined here. + +\newcounter{@inst} +\newcounter{@auth} +\newcounter{auco} +\def\andname{and} +\def\lastandname{\unskip, and} +\newdimen\instindent +\newbox\authrun +\newtoks\authorrunning +\newtoks\tocauthor +\newbox\titrun +\newtoks\titlerunning +\newtoks\toctitle + +\def\clearheadinfo{\gdef\@author{No Author Given}% + \gdef\@title{No Title Given}% + \gdef\@subtitle{}% + \gdef\@institute{No Institute Given}% + \gdef\@thanks{}% + \global\titlerunning={}\global\authorrunning={}% + \global\toctitle={}\global\tocauthor={}} + +\def\institute#1{\gdef\@institute{#1}} + +\def\institutename{\par + \begingroup + \parskip=\z@ + \parindent=\z@ + \setcounter{@inst}{1}% + \def\and{\par\stepcounter{@inst}% + \noindent$^{\the@inst}$\enspace\ignorespaces}% + \setbox0=\vbox{\def\thanks##1{}\@institute}% + \ifnum\c@@inst=1\relax + \else + \setcounter{footnote}{\c@@inst}% + \setcounter{@inst}{1}% + \noindent$^{\the@inst}$\enspace + \fi + \ignorespaces + \@institute\par + \endgroup} + +\def\@fnsymbol#1{\ensuremath{\ifcase#1\or\star\or{\star\star}\or + {\star\star\star}\or \dagger\or \ddagger\or + \mathchar "278\or \mathchar "27B\or \|\or **\or \dagger\dagger + \or \ddagger\ddagger \else\@ctrerr\fi}} + +\def\inst#1{\unskip$^{#1}$} +\def\fnmsep{\unskip$^,$} +\def\email#1{{\tt#1}} +\AtBeginDocument{\@ifundefined{url}{\def\url#1{#1}}{}} +\def\homedir{\~{ }} + +\def\subtitle#1{\gdef\@subtitle{#1}} +\clearheadinfo + +\renewcommand\maketitle{\newpage + \refstepcounter{chapter}% + \stepcounter{section}% + \setcounter{section}{0}% + \setcounter{subsection}{0}% + \setcounter{figure}{0} + \setcounter{table}{0} + \setcounter{equation}{0} + \setcounter{footnote}{0}% + \begingroup + \parindent=\z@ + \renewcommand\thefootnote{\@fnsymbol\c@footnote}% + \if@twocolumn + \ifnum \col@number=\@ne + \@maketitle + \else + \twocolumn[\@maketitle]% + \fi + \else + \newpage + \global\@topnum\z@ % Prevents figures from going at top of page. + \@maketitle + \fi + \thispagestyle{empty}\@thanks +% + \def\\{\unskip\ \ignorespaces}\def\inst##1{\unskip{}}% + \def\thanks##1{\unskip{}}\def\fnmsep{\unskip}% + \instindent=\hsize + \advance\instindent by-\headlineindent + \if!\the\toctitle!\addcontentsline{toc}{title}{\@title}\else + \addcontentsline{toc}{title}{\the\toctitle}\fi + \if@runhead + \if!\the\titlerunning!\else + \edef\@title{\the\titlerunning}% + \fi + \global\setbox\titrun=\hbox{\small\rm\unboldmath\ignorespaces\@title}% + \ifdim\wd\titrun>\instindent + \typeout{Title too long for running head. Please supply}% + \typeout{a shorter form with \string\titlerunning\space prior to + \string\maketitle}% + \global\setbox\titrun=\hbox{\small\rm + Title Suppressed Due to Excessive Length}% + \fi + \xdef\@title{\copy\titrun}% + \fi +% + \if!\the\tocauthor!\relax + {\def\and{\noexpand\protect\noexpand\and}% + \protected@xdef\toc@uthor{\@author}}% + \else + \def\\{\noexpand\protect\noexpand\newline}% + \protected@xdef\scratch{\the\tocauthor}% + \protected@xdef\toc@uthor{\scratch}% + \fi + \addtocontents{toc}{{\protect\raggedright\protect\leftskip15\p@ + \protect\rightskip\@tocrmarg + \protect\itshape\toc@uthor\protect\endgraf}}% + \if@runhead + \if!\the\authorrunning! + \value{@inst}=\value{@auth}% + \setcounter{@auth}{1}% + \else + \edef\@author{\the\authorrunning}% + \fi + \global\setbox\authrun=\hbox{\small\unboldmath\@author\unskip}% + \ifdim\wd\authrun>\instindent + \typeout{Names of authors too long for running head. Please supply}% + \typeout{a shorter form with \string\authorrunning\space prior to + \string\maketitle}% + \global\setbox\authrun=\hbox{\small\rm + Authors Suppressed Due to Excessive Length}% + \fi + \xdef\@author{\copy\authrun}% + \markboth{\@author}{\@title}% + \fi + \endgroup + \setcounter{footnote}{0}% + \clearheadinfo} +% +\def\@maketitle{\newpage + \markboth{}{}% + \def\lastand{\ifnum\value{@inst}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{@inst}% + \lastand + \else + \unskip, + \fi}% + \begin{center}% + {\Large \bfseries\boldmath + \pretolerance=10000 + \@title \par}\vskip .8cm +\if!\@subtitle!\else {\large \bfseries\boldmath + \vskip -.65cm + \pretolerance=10000 + \@subtitle \par}\vskip .8cm\fi + \setbox0=\vbox{\setcounter{@auth}{1}\def\and{\stepcounter{@auth}}% + \def\thanks##1{}\@author}% + \global\value{@inst}=\value{@auth}% + \global\value{auco}=\value{@auth}% + \setcounter{@auth}{1}% +{\lineskip .5em +\noindent\ignorespaces +\(a)author\vskip.35cm} + {\small\institutename} + \end{center}% + } + +% definition of the "\spnewtheorem" command. +% +% Usage: +% +% \spnewtheorem{env_nam}{caption}[within]{cap_font}{body_font} +% or \spnewtheorem{env_nam}[numbered_like]{caption}{cap_font}{body_font} +% or \spnewtheorem*{env_nam}{caption}{cap_font}{body_font} +% +% New is "cap_font" and "body_font". It stands for +% fontdefinition of the caption and the text itself. +% +% "\spnewtheorem*" gives a theorem without number. +% +% A defined spnewthoerem environment is used as described +% by Lamport. +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\def\@thmcountersep{} +\def\(a)thmcounterend{.} + +\def\spnewtheorem{\@ifstar{\@sthm}{\@Sthm}} + +% definition of \spnewtheorem with number + +\def\@spnthm#1#2{% + \@ifnextchar[{\@spxnthm{#1}{#2}}{\@spynthm{#1}{#2}}} +\def\@Sthm#1{\@ifnextchar[{\@spothm{#1}}{\@spnthm{#1}}} + +\def\@spxnthm#1#2[#3]#4#5{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}\@addtoreset{#1}{#3}% + \expandafter\xdef\csname the#1\endcsname{\expandafter\noexpand + \csname the#3\endcsname \noexpand\@thmcountersep \@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}% + \expandafter\xdef\csname the#1\endcsname{\@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#3}{#4}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spothm#1[#2]#3#4#5{% + \@ifundefined{c@#2}{\@latexerr{No theorem environment `#2' defined}\@eha}% + {\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{the#1}{\@nameuse{the#2}}% + \expandafter\xdef\csname #1name\endcsname{#3}% + \global\@namedef{#1}{\@spthm{#2}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}}} + +\def\@spthm#1#2#3#4{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\refstepcounter{#1}% +\@ifnextchar[{\@spythm{#1}{#2}{#3}{#4}}{\@spxthm{#1}{#2}{#3}{#4}}} + +\def\@spxthm#1#2#3#4{\@spbegintheorem{#2}{\csname the#1\endcsname}{#3}{#4}% + \ignorespaces} + +\def\@spythm#1#2#3#4[#5]{\@spopargbegintheorem{#2}{\csname + the#1\endcsname}{#5}{#3}{#4}\ignorespaces} + +\def\@spbegintheorem#1#2#3#4{\trivlist + \item[\hskip\labelsep{#3#1\ #2\@thmcounterend}]#4} + +\def\@spopargbegintheorem#1#2#3#4#5{\trivlist + \item[\hskip\labelsep{#4#1\ #2}]{#4(#3)\@thmcounterend\ }#5} + +% definition of \spnewtheorem* without number + +\def\@sthm#1#2{\@Ynthm{#1}{#2}} + +\def\@Ynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{#1}{\@Thm{\csname #1name\endcsname}{#3}{#4}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@Thm#1#2#3{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\@ifnextchar[{\@Ythm{#1}{#2}{#3}}{\@Xthm{#1}{#2}{#3}}} + +\def\@Xthm#1#2#3{\@Begintheorem{#1}{#2}{#3}\ignorespaces} + +\def\@Ythm#1#2#3[#4]{\@Opargbegintheorem{#1} + {#4}{#2}{#3}\ignorespaces} + +\def\@Begintheorem#1#2#3{#3\trivlist + \item[\hskip\labelsep{#2#1\@thmcounterend}]} + +\def\@Opargbegintheorem#1#2#3#4{#4\trivlist + \item[\hskip\labelsep{#3#1}]{#3(#2)\@thmcounterend\ }} + +\if@envcntsect + \def\(a)thmcountersep{.} + \spnewtheorem{theorem}{Theorem}[section]{\bfseries}{\itshape} +\else + \spnewtheorem{theorem}{Theorem}{\bfseries}{\itshape} + \if@envcntreset + \@addtoreset{theorem}{section} + \else + \@addtoreset{theorem}{chapter} + \fi +\fi + +%definition of divers theorem environments +\spnewtheorem*{claim}{Claim}{\itshape}{\rmfamily} +\spnewtheorem*{proof}{Proof}{\itshape}{\rmfamily} +\if@envcntsame % alle Umgebungen wie Theorem. + \def\spn@wtheorem#1#2#3#4{\@spothm{#1}[theorem]{#2}{#3}{#4}} +\else % alle Umgebungen mit eigenem Zaehler + \if@envcntsect % mit section numeriert + \def\spn@wtheorem#1#2#3#4{\@spxnthm{#1}{#2}[section]{#3}{#4}} + \else % nicht mit section numeriert + \if@envcntreset + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{section}} + \else + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{chapter}}% + \fi + \fi +\fi +\spn@wtheorem{case}{Case}{\itshape}{\rmfamily} +\spn@wtheorem{conjecture}{Conjecture}{\itshape}{\rmfamily} +\spn@wtheorem{corollary}{Corollary}{\bfseries}{\itshape} +\spn@wtheorem{definition}{Definition}{\bfseries}{\itshape} +\spn@wtheorem{example}{Example}{\itshape}{\rmfamily} +\spn@wtheorem{exercise}{Exercise}{\itshape}{\rmfamily} +\spn@wtheorem{lemma}{Lemma}{\bfseries}{\itshape} +\spn@wtheorem{note}{Note}{\itshape}{\rmfamily} +\spn@wtheorem{problem}{Problem}{\itshape}{\rmfamily} +\spn@wtheorem{property}{Property}{\itshape}{\rmfamily} +\spn@wtheorem{proposition}{Proposition}{\bfseries}{\itshape} +\spn@wtheorem{question}{Question}{\itshape}{\rmfamily} +\spn@wtheorem{solution}{Solution}{\itshape}{\rmfamily} +\spn@wtheorem{remark}{Remark}{\itshape}{\rmfamily} + +\def\@takefromreset#1#2{% + \def\@tempa{#1}% + \let\@tempd\@elt + \def\@elt##1{% + \def\@tempb{##1}% + \ifx\@tempa\@tempb\else + \@addtoreset{##1}{#2}% + \fi}% + \expandafter\expandafter\let\expandafter\@tempc\csname cl@#2\endcsname + \expandafter\def\csname cl@#2\endcsname{}% + \@tempc + \let\@elt\@tempd} + +\def\theopargself{\def\@spopargbegintheorem##1##2##3##4##5{\trivlist + \item[\hskip\labelsep{##4##1\ ##2}]{##4##3\@thmcounterend\ }##5} + \def\@Opargbegintheorem##1##2##3##4{##4\trivlist + \item[\hskip\labelsep{##3##1}]{##3##2\@thmcounterend\ }} + } + +\renewenvironment{abstract}{% + \list{}{\advance\topsep by0.35cm\relax\small + \leftmargin=1cm + \labelwidth=\z@ + \listparindent=\z@ + \itemindent\listparindent + \rightmargin\leftmargin}\item[\hskip\labelsep + \bfseries\abstractname]} + {\endlist} +\renewcommand{\abstractname}{Abstract} +\renewcommand{\contentsname}{Table of Contents} +\renewcommand{\figurename}{Fig.} +\renewcommand{\tablename}{Table} + +\newdimen\headlineindent % dimension for space between +\headlineindent=1.166cm % number and text of headings. + +\def\ps@headings{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \leftmark\hfil} + \def\@oddhead{\normalfont\small\hfil\rightmark\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\def\ps@titlepage{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \hfil} + \def\@oddhead{\normalfont\small\hfil\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\if@runhead\ps@headings\else +\ps@empty\fi + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\endinput + diff --git a/position-papers/HTTP3/usenix.sty b/position-papers/HTTP3/usenix.sty new file mode 100644 index 0000000..22935a7 --- /dev/null +++ b/position-papers/HTTP3/usenix.sty @@ -0,0 +1,97 @@ +% usenix-2e.sty - to be used with latex2e (the new one) for USENIX. +% To use this style file, do this: +% +% \documentclass[twocolumn]{article} +% \usepackage{usenix-2e} +% and put {\rm ....} around the author names. +% +% The following definitions are modifications of standard article.sty +% definitions, arranged to do a better job of matching the USENIX +% guidelines. +% It will automatically select two-column mode and the Times-Roman +% font. + +% +% USENIX papers are two-column. +% Times-Roman font is nice if you can get it (requires NFSS, +% which is in latex2e. + +%\if@twocolumn\else\input twocolumn.sty\fi +\usepackage{times} + +% +% USENIX wants margins of: 7/8" side, 1" bottom, and 3/4" top. +% 0.25" gutter between columns. +% Gives active areas of 6.75" x 9.25" +% +\setlength{\textheight}{9.0in} +\setlength{\columnsep}{0.25in} +\setlength{\textwidth}{6.75in} +%\setlength{\textwidth}{7.00in} +%\setlength{\footheight}{0.0in} +\setlength{\topmargin}{-0.25in} +\setlength{\headheight}{0.0in} +\setlength{\headsep}{0.0in} +\setlength{\evensidemargin}{-0.125in} +\setlength{\oddsidemargin}{-0.125in} + +% +% Usenix wants no page numbers for submitted papers, so that they can +% number them themselves. +% +\pagestyle{empty} + +% +% Usenix titles are in 14-point bold type, with no date, and with no +% change in the empty page headers. The whol author section is 12 point +% italic--- you must use {\rm } around the actual author names to get +% them in roman. +% +\def\maketitle{\par + \begingroup + \renewcommand\thefootnote{\fnsymbol{footnote}}% + \def\@makefnmark{\hbox to\z@{$\m@th^{\@thefnmark}$\hss}}% + \long\def\@makefntext##1{\parindent 1em\noindent + \hbox to1.8em{\hss$\m@th^{\@thefnmark}$}##1}% + \if@twocolumn + \twocolumn[\@maketitle]% + \else \newpage + \global\@topnum\z@ + \@maketitle \fi\@thanks + \endgroup + \setcounter{footnote}{0}% + \let\maketitle\relax + \let\@maketitle\relax + \gdef\@thanks{}\gdef\@author{}\gdef\@title{}\let\thanks\relax} + +\def\@maketitle{\newpage + %\vbox to 0.5in{ + \vbox to 1.5in{ + %\vspace*{\fill} + %\vskip 2em + \begin{center}% + {\Large\bf \@title \par}% + \vskip 0.250in minus 0.250in + {\large\it + \lineskip .5em + \begin{tabular}[t]{c}\@author + \end{tabular}\par}% + \end{center}% + \par + \vspace*{\fill} +% \vskip 1.5em + } +} + +% +% The abstract is preceded by a 12-pt bold centered heading +\def\abstract{\begin{center}% +{\large\bf \abstractname\vspace{-.5em}\vspace{\z@}}% +\end{center}} +\def\endabstract{} + +% +% Main section titles are 12-pt bold. Others can be same or smaller. +% +\def\section{\@startsection {section}{1}{\z(a)}{-3.5ex plus-1ex minus + -.2ex}{2.3ex plus.2ex}{\reset@font\large\bf}}

1 0

[tor-browser-spec/master] All your spells are checked to us!
by mikeperry＠torproject.org 04 May '15

04 May '15

commit 629233c1965860f535ccfe1678cf4b5ca2ae59f9 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Apr 30 21:10:25 2015 -0700 All your spells are checked to us! --- position-papers/HTTP3/HTTP3.tex | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/position-papers/HTTP3/HTTP3.tex b/position-papers/HTTP3/HTTP3.tex index 720bc25..6040902 100644 --- a/position-papers/HTTP3/HTTP3.tex +++ b/position-papers/HTTP3/HTTP3.tex @@ -101,12 +101,12 @@ point how complicated this isolation will be. We feel that it is very important that mechanisms for identifier usage, storage, and connection-related state keeping be cleanly abstracted and narrowly scoped within the HTTP protocol. However, we also recognize that to a -large degree identifier usage and the resulting linkability is primarly an +large degree identifier usage and the resulting linkability is primarily an implementation detail, and not specific to the protocol itself. Identifier linkability will become a problem if instances arise where the server is allowed to specify a setting or configuration property for a client -that must presist beyond the duration of the session. In these cases, care +that must persist beyond the duration of the session. In these cases, care must be taken to ensure that this data is cleared or isolated upon entry to private browsing mode, or when the user attempts to clear their private data. @@ -149,7 +149,7 @@ User agent fingerprinting arises from four sources: end-user configuration details, device and hardware characteristics, operating system vendor and version differences, and browser vendor and version differences. -The Tor Project is primarily concerned with minimzing the ability of websites +The Tor Project is primarily concerned with minimizing the ability of websites to obtain or infer end user configuration details and device characteristics. We concern ourselves with operating system fingerprinting only to the point of removing ways of detecting a specific operating system version. We make no @@ -171,7 +171,7 @@ alter our implementation's behavior accordingly. \subsection{Avoiding Future Fingerprinting Linkability} -It is concievable that more fingerprinting vectors could arise in future, +It is conceivable that more fingerprinting vectors could arise in future, especially if flow control and stream multiplexing decisions are delegated to the client, and depend on things like available system memory, available CPU cores, or other details. Care should be taken to avoid these situations, @@ -188,12 +188,12 @@ the Let's Encrypt Project should eliminate the remaining barriers to requiring authenticated encryption, as opposed to deploying opportunistic mechanisms. We are also interested in efforts to encrypt the ClientHello and ServerHello -messages in an initial forward-secure handshake, as described in the Encrytped +messages in an initial forward-secure handshake, as described in the Encrypted TLS Handshake proposal. If SNI, ALPN, and the ServerHello can be encrypted using an ephemeral exchange that is authenticated later in the handshake, the adversary loses a great deal of information about the user's intended destination site. When large scale CDNs and multi-site load balancers are -involved, the ulimate destination would be impossible to determine with this +involved, the ultimate destination would be impossible to determine with this type of handshake in place. This will aid in defenses against traffic fingerprinting and traffic analysis, which we describe detail in the next section. @@ -209,13 +209,13 @@ classification domain is limited by knowledge of the specific site being visited. Tor's fixed 512 byte packet size and large classification domain go a long way -to imede this attack for minimal overhead. The 512 byte packet size helps to +to impede this attack for minimal overhead. The 512 byte packet size helps to obscure some amount of length information, and Tor's link encryption conceals the destination website reduces classifier accuracy and capabilities, due largely to the Base Rate Fallacy. There was some initial controversy in the literature as to the exact degree to which this was the case, but after publicly requesting that these effects be studied in closer detail, recent -results have confirmed and quantized the benefits conferred by Tor's unique +results have confirmed and quantified the benefits conferred by Tor's unique link encryption. For this reason, we have been encouraging continued study of low-overhead @@ -249,11 +249,11 @@ purpose (such as redirects or Javascript), but these mechanisms can either be disabled by the user, reflected in UI activity, or otherwise mitigated by Tor Browser -In Tor Browser, we will likely close the connection after recieving some rate -of unsolicitied PING or SETTINGS updates, and introduce delay or jitter before +In Tor Browser, we will likely close the connection after receiving some rate +of unsolicited PING or SETTINGS updates, and introduce delay or jitter before responding to these requests before that point. However, lack of explicit guidance in the specification about this issue raises concerns about what -frequencies of these frames are likely to contitute attacks, or instead +frequencies of these frames are likely to constitute attacks, or instead represent normal server behavior in the wild due to overly-aggressive HTTP/2 implementations. @@ -267,7 +267,7 @@ frame size. In combination with researchers at the University of Leuven, the Tor Project has also developed a protocol and prototype implementation for communicating -statistical schedules for asynchonous padding from Tor clients to Tor relays. +statistical schedules for asynchronous padding from Tor clients to Tor relays. The research community is currently in the process of evaluating the efficacy of this protocol against traffic fingerprinting and other traffic analysis attacks. @@ -297,7 +297,7 @@ full network transition to UDP is at least five years away. % FIXME: Site Murdoch's UDP study While it will be technically possible to support the transit of UDP inside our -existing TCP overlay network without signficant anonymity risks within a +existing TCP overlay network without significant anonymity risks within a year's time or sooner, it is unlikely that this level of support will be sufficient to warrant the use of a finely-tuned UDP version of HTTP rather than a TCP variant. @@ -308,7 +308,7 @@ a UDP version of HTTP/3 may still end up performing poorly over higher-latency overlay networks such as ours. We are especially interested in ensuring that overlay networks are taken in to account in the design of any UDP-based future versions of HTTP, and would also prefer to retain the ability to use future -HTTP versions over TCP, should the UDP implementations prove suboptimal for +HTTP versions over TCP, should the UDP implementations prove sub-optimal for our use case.

1 0