Eleriseth has left, with a rant explaining his view of what our priorities should be: Fixing usability issues, securing opennet, and THEN working on darknet.
I've always taken the view that securing opennet is impossible, but there is a radical suggestion that might make it possible, and help the fibre filesharing brigade to get what they want, at the cost of making opennet Freenet somewhat more centralised, and excluding some users... Sybil on opennet From: toad-notrust@h2RzPS4fEzP0zU43GAfEgxqK2Y55~kEUNR01cWvYApI Date: Sunday 21 Jul 2013 12:06:48 Groups: freenet Followup-To: freenet Eleriseth@WPECGLtYbVi8Rl6Y7Vzl2Lvd2EUVW99v3yNV3IWROG8 wrote: > On Fri, 12 Jul 2013 13:57:52 -0000 > toad-notrust@h2RzPS4fEzP0zU43GAfEgxqK2Y55~kEUNR01cWvYApI wrote: >> SimpleGuy@gX68zIY3wPpj7PrlWyB5TulxnCxu6716dXcb8Uf5~p4 wrote: >> >>> adilson_lanpo@8AEGotJKXJ4ABJy1gKjls4SrrzpshQNoEMAbu0IFA94 wrote : >>>> On Wed, 10 Jul 2013 22:40:34 -0000 >>>> SimpleGuy@gX68zIY3wPpj7PrlWyB5TulxnCxu6716dXcb8Uf5~p4 wrote: >>>> >>>>> toad-notrust@h2RzPS4fEzP0zU43GAfEgxqK2Y55~kEUNR01cWvYApI wrote : >>>>>> The fact that I could build it. If I could, so could somebody else. >>>>>> There are plenty of smart people work for the various governments. >>>>> If I design some security software, of course I have a deep knowledge >>>>> of the internals of that software, so I'm the person most capable to >>>>> make a tool to break it. Just by memory I would know in what way is >>>>> more feasible to attack it, what are the weak points. If I have built >>>>> a car, I know the better way to immobilize it by memory, but the >>>>> regular joe doesn't know, even if a mechanic. Of course a mechanic >>>>> know some ways to stop it, but the designer knows the better way. >>>> Not true at all, it is much easier to develop a system that you can't >>>> break than one that can't be broken by anyone. >>>> >>>> Plenty of people have written cryptosystems or security security (or >>>> designed physical locks) that they thought were unbreakable, only to >>>> then be proven wrong. >>> Following the reverse path of this logic, Freenet developers not only >>> says Freenet protection on opennet isn't 100%, but they admit they made >>> a tool to identify opennet users. So, Freenet protection on opennet must >>> be very weak indeed. >> >> Hehe. I haven't built it. I know how to build it. >> >> Of course you shouldn't take my word for that! ;) >>> Worst yet, in the case the developers are forced by law to give away >>> info on Freenet users, this identifying tool becomes a menace to Freenet >>> users, reverting the protection Freenet is supposed to give, even if >>> weak. >> >> No, I have explained this on the FAQ, and posted it elsewhere in the >> thread: If we were compelled to add backdoors, we'd shut down the >> nonprofit and hope that somebody releases builds anonymously. Because the >> alternative is distributing weak builds *with the source code of the >> backdoors!*, which would be pretty pointless, or violating a lot of >> people's GPL copyrights, which would be dangerous (and IMHO immoral). >> >> Of course I can't speak for FPI. But I wouldn't want to cooperate with >> such bullshit. And the whole point of intercept warrants etc is to keep >> them secret; this would not be possible here. >> >> Conceivably I could be asked to provide the tools I referred to above. I >> don't think there is any law that would allow for that at the moment, but >> it could happen para-legally. >>> Now I ask some interesting information: if the only safe way to use >>> Freenet is through Darknet, and every darknet is a closed gang of >>> people, knowing there's mixed nodes around (Opennet and Darknet on the >>> same peer), is there some info about how many darknets are around? The >>> number of opennet peers it's easily quantifiable, but the number of >>> darknets in operation would be an interesting info. >> >> Darknets don't have to be "closed" in the long run. In the short run this >> is probably true. Possibly we could build some sort of probe requests to >> return this information, but how do you identify a single small darknet >> in a larger hybrid structure? >>> I ask because I think the situation of the majority of Freenet users is: >>> doesn't know even another trustable user 24/7 online to start a Darknet >>> group, and because of that, only connect to strangers. And if this >>> statement is true, is more benefit to the community to work on ways to >>> make Opennet more secure, instead of working on a Darknet that few >>> people would use. Just my two cents. >> >> See my other reply for detail on darknet vs opennet. However, as regards >> securing opennet, it's basically impossible. An attacker will always be >> able to add 20,000 of his own nodes. Nothing we do, short of requiring a >> sizeable > > Yes, with current size of opennet it is not prohibitively expensive to run > Sybil attack. No. The problem is, it will be possible to do a Sybil attack for a reasonable cost for ANY sized opennet. The reason for this is simple: - The amount of money an attacker is willing to spend rises as the size of the network increases. - The cost of bandwidth, IP addresses, CAPTCHAs, hashcash and hardware falls as your scale increases. And so does the cost of geeks, since the number of geeks needed doesn't scale linearly with the size of the attack. - We cannot require that nodes maintain a high bandwidth level to stay on the network without excluding a very large number of users on slower systems. Consequently, I am pretty confident that while a rich loner could probably Sybil the current network, a corporation or small agency project could Sybil a million node network. A bored student could MAST against the current network, under the right conditions. AFAICS the only way we could secure opennet is to: 1. Require that core opennet nodes maintain a high uptime and a high bandwidth per peer. Everyone else becomes a transient node. 2. Require a meaningful cost to join the network. By paying something (CAPTCHA, IP address scarcity, email scarcity or eventually real money - bitcoin or flattr, to FPI, possibly shared with other charities), you can obtain a bootstrapping certificate, which allows you to connect to a limited number of peers and announce to a fixed location. 3. Everyone who doesn't meet #1 or #2 becomes a transient node. 4. For a limited period transitional bootstrapping certificates are distributed to existing users on the basis of IP scarcity alone. They still need to meet criterion 1 however to stay as core routers. This would be a lot of work - which could be used to fix darknet and to fix usability problems. It would also exclude a lot of people from running core nodes. It might result in storage capacity dropping temporarily. On the other hand, it would increase performance for core routers significantly, which might result in more big nodes and more performance. And it might eventually generate significant revenue. Also, it will require a central (eventually federated) authority for creating bootstrapping certificates. We could probably ensure that nodes are not dependant on the central authority after that point. Note that we already have a centralised component to opennet - the seednodes. Hybrid nodes can pick up connections via path folding via their darknet peers, but if you don't have any the only way to announce is via the seeds. And finally, it still wouldn't enable strong tunneling. The best tunnel-on- DHT algorithms provide very limited security, and they rely on more robust / provable security from their underlying DHTs. Thoughts? I will seriously consider this if the community are interested. Of course I may need to convince Ian, which may be problematic. > Unfortunately, at same time, with current freenet population it will be > also impossible to bootstrap darknet - most people won't be able to find > sufficient number of potential darknet peers between their real-life > (publicly known) contacts. I believe it is possible to build darknets within particular sub- communities. I also note that we don't necessarily need a large number of darknet peers to greatly enhance security. We can use opennet at the same time; we can use FOAF darknet connections, so we only need 5 or so friend connections per node. > And when/if freenet population will raise to > point darknet bootstrap will be possible (over 1M nodes), it will at same > time render Sybil prohibitively expensive. With the current architecture, Sybil against a million node network would be very cheap: Much less than 100x the cost of Sybil against a 10,000 node network, because of economies of scale in bandwidth etc. However with the above architecture we might be able to make it somewhat expensive. > So, IMO, focus should be 1) > making freenet better performing (that is, fixing db4o, load management, > persistence, scheduler[?]/recent-failed/etc bugs, etc); I have a fix for RecentlyFailed on a branch. I agree fixing db4o is crucial. There are lots of other problems to fix too though sadly, many of them boring and unglamorous, like wininstaller stuff. > 2) securing > opennet - even if it will never be ideal, there should be some tricks to > make attacker life less pleasant; I propose above the only realistic option I can come up with for this. There are several major drawbacks. > 3) and securing darknet and making it > easier comes last; no matter how much darknet is "better", before freenet > gains few orders bigger population, it WON'T be realistic. > > And forget about Sybil for good - if network is small, darknet is > impossible anyway; and bigger population will both render Sybil and other > brute-force attacks much more expensive and will make transition to > darknet to be less of pipe dream. Unfortunately this is not true. Sybil is cheap for any sized network. It gets cheaper, per targeted user, as the network gets bigger. > >> donation for every new opennet identity, will deter this. And in >> practice, he probably doesn't need to connect to every node; MAST can be >> done with very little resources. Even with tunnels, the attacker can >> likely compromise routing and therefore route selection without having to >> add an unrealistic number of nodes. Tunneling on any DHT, even with >> rigorous/provable routing, is vulnerable to Sybil attacks.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
