On Monday 22 Jul 2013 17:01:08 Victor Denisov wrote: > A number of somewhat-connected observations from someone who had been > following Freenet since early 0.3 days: > > 1. Paying for becoming a "VIP" Freenet node is not out of the question > (people buy invites to elite torrent trackers for sizable amount of > money), but the benefits must be *very* obvious.
There's no point if it's only the handful of elite nodes. It needs to be the bulk of the network - everyone who routes requests where they could conceivably spy on other nodes. The benefits could be made obvious though: If we have a high bandwidth threshold then we'll have much higher average transfer rates, and people will have less need to hack their nodes to have 500 peers, as the Japanese are doing on Frost after Winny and Perfect Dark fell down. > > 2. However, any reasonable amount you can ask from users can easily be > matched by a dedicated attacker. If I'm correct and an attacker will > need to roughly match the network size for a successful attack, then > matching a network of 100K nodes, each of which had paid, say, $5 to > join, would require $500K - heck, even I, being a (relatively) poor > scientist, would probably be able to raise that money in a couple of > months (by, i.e., selling off all my property, getting to my eyeballs in > debt, etc) if I'd be really motivated (i.e., to find a pervert who raped > my daughter and posted video of that on Freenet, or something). Even if > nodes would be paying $50 to join (which I don't think is a realistic > amount), an attacker would still need to come up with just $5M, which > isn't that much for a middle-sized private company, and is chump change > for any government agency. True. Unfortunately the attacks that are possible right now are considerably cheaper, and remain so even on a bigger network. > > 2a. Yes, that means that, in my opinion, we can't look to money for > scarcity, it should be obtained from somewhere else. There isn't anything else. Except darknet. And everyone keeps telling me that darknet is impossible, at least until the network is much bigger. > To find it, I think > that threat model should be defined better. Fighting a bored millionaire > (or a vigilante, or a mad corporate head looking for a whistleblower) is > one thing; fighting a government agency is another. For example, it > would be difficult for a vigilante with money to come up with 100K valid > national ids; it would be completely trivial for a government agency. Right now we're at the "fighting a bored CS student" stage. Connect-to-every-node is a relatively small amount of money - hundreds of nodes, maybe tens of servers, maybe 3KB/sec/node (and there are cheats to reduce that further). As the network gets bigger you optimise it more heavily, and buy bandwidth more cheaply. > > 3. I also think that Freenet project has been getting it wrong for the > past couple of years. "Somewhat" secure opennet must come before *any* > attempt at building darknets, however "romantic" those seem to be on > paper. The reason is, IMHO, two-fold: Using IP scarcity is possible, though it will cause problems for some users. It will be a lot of work, for relatively little benefit: it will only slightly increase the cost of the comprehensive surveillance attack. > > a) most people *won't* trust their RL friends for most of the activities > that Freenet would *actually* be useful for. I may trust my friends > enough to let them know that I download warez (or porn, whatever); but > if I'm a government whistleblower (or a pedophile, or marijuana grower) > I *definitely* would like my friends to know about that last, not first. On opennet, your peers choose you. Hence MAST and connect-to-everyone surveillance. On darknet, you choose your peers. If you trust your friends less than you trust the jack-boots, then you probably don't have much to fear from the jack-boots. The other point here is that we can build a tunneling system that protects you from your direct peers, unless they conspire. But we can't do that unless we can beat Sybil. Which appears to be either impossible or politically unacceptable on opennet. > > b) we can't expect a well-connected darknet to form right from the > beginning; most likely, its growth will be organic, starting from small > non-connected cells - in this case, a well-working opennet will provide > the initial "glue" to connect those together. Probably true. > > In any case, I think it's not a good idea to work on darknet before > opennet works as well as can be (reasonably) expected - more on that > right below. > > 4. I think that performance issues *absolutely* should be handled before > anything else, even before security. I understand that many - even most > - will disagree with me, but if I found *one* thing from practice, it is > that people widely prefer less secure, but working, systems to more > secure, but non-working, ones. Right up until the point when somebody publishes a toolkit for MAST, and a list of paedophiles they busted with it. > > Right now, Freenet exhibits a level of performance which can only be > called "abysmal". I can download torrents at 4 MB/s, reliably, one after > another, from different trackers in different countries; considering > that in Freenet mine (and everyone's else) traffic should pass through > several nodes (say, 20 of them, worst case), Typically for requests it should be 5-7 or thereabouts. > I'd say Freenet should > provide around 200 KB/s of sustained download performance (with the rest > of my pipe being donated to other nodes, thus hiding my traffic). In > reality, in my tests, on a lightly-loaded and well-integrated node I'm > lucky to see speeds above 10 KB/s, with "typical" downloads making 2-3 > KB/s on average, start to finish. My node with 90 peers only consumes > around 200-250 KB/s (out of 1 MB/s allocated); my higher bandwidth > allocation is effectively *wasted* by the inefficient network. Most nodes have relatively low bandwidth limits. We could boost performance by excluding slow nodes (say under 40KB/sec). This is the first part of the proposal. Of course we'd lose a large number of nodes - but we'd probably gain more to compensate when performance improves. > > If another major rewrite of Freenet is ahead (which, I'd argue, is long > overdue), I'd be happy to provide more input (i.e., I think that > filesharing and social communication is *much* more important than > keyword search and site publishing), but I feel this email is already > too bloated :-(. Filesharing implies keyword search, no? At the very least it requires working forums. Also, IMHO site publishing is important. Anyway there hasn't been much work on it for years. Different people have different priorities... Feel free to rewrite Freenet, but I won't be around to do it. > > With best regards, > Victor Denisov.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
