On Wed, Jan 4, 2023 at 4:20 AM Lloyd W <lloyd.wood=40yahoo.co.uk@xxxxxxxxxxxxxx> wrote:
There has been no mention of NAT in this thread as an obscuring technique.
There's probably scope for a 'best practices for preserving privacy for carrier grade NATs' or somesuch document -- I doubt much can be done at the low end for a NATted residential 192.168.1.1 network, but CGNAT for millions of users is a very different beast.
I don't think it is a useful term to use in this context.
Since London, I have completed a prototype of a transport layer which arguably provides the ultimate in traffic analysis protection and then backed it out as far too complex for most developers to tolerate at this point. I will try to get round to a write up.
It does look a bit like NAT if you squint. But only a very little bit.
Thing with NAT is that all packets are going through one ingress/egress point. If you are doing traffic analysis protection you want a nice fat branching tree. So all your outbound packets go to a single node but your inbound packets are coming from multiple exit nodes.
Another thing about NAT is that it is passive and in my scheme, every connection is brokered through an external service.
The only thing that it really has in common with NAT is that it has the same effect of allowing more efficient use of the IPv4 address space.
