On 17/10/15 01:33, salutarydiacritica...@ruggedinbox.com wrote:
Right now Freenet discovers other clients on opennet by way of seed
nodes. Hypothetically you can run the nodes as hidden services and
embed the addresses in Freenet clients. Clients generate their own
hidden address keys and build routing tables from them.
I don't think hiding entire nodes behind tunnels makes sense. That is,
we don't want *every hop* on a hidden service. That would multiply the
number of hops by 4 (or was it 6?). And it would upset the Tor
developers - who already frown on the use of Bittorrent over Tor (which
is surprisingly hard to get right regardless). However, it might make
sense to use a tunnel *just on the first hop* when starting a request,
i.e. keep some subset of connections which are hidden nodes to start
requests on.
However, IMHO the focus for security should be on darknet, at least
until we sort out the major performance and usability issues with it.
Even if you DO know other people on Freenet, darknet is too slow and
too
hard.
No distributed system on I2P or Tor comes close to Freenet features.
Have you used them? I vaguely recall something called Syndie on I2P?
WoT, library, the plugin ecosystem and Opennet bring a lot of value
compared to other systems. Opennet is a big part of Freenet's
attraction and you shouldn't tear it out.
I'm certainly not proposing to tear out opennet.
The tunneling idea sounds great and it should get priority. Maybe you
should discuss it with the Tor developers and see if they can help.
PS what NSA documents mention contractors attacking Freenet?
I don't recall, was it on the Tor Stinks intro??
@Ian
Freenet has many selling points besides anonymity as I said. I'm
surprised you don't see that.
Tor is not easily blocked by China and people connect from behind the
Great Firewall everyday. They've been making all kinds of advancements
in bridge technology and obfuscated protocols to bypass DPI. They have
ways to distribute bridges and software packages that get around
censorship of their website. Infrastructure for your users
potentially.
Not true now AFAIK. China has been taking Tor seriously, so has Iran.
China came up with a 0day and used it for blocking at the protocol
level, but really, it's pretty easy to find all the bridges, it just
costs a few thousand Google accounts, which cost << 10 cents each. If
users can find the bridges then so can the bad guys, and cheaply too.
This is a fundamental problem with all end-user distributed systems on
the internet: Sybil always wins, because any resource (CAPTCHAs, Google
Phone Verified Accounts, hashcash, etc) is cheaper for an attacker than
a low-end user.
@Arne
I am a Freenet user. I care about Freenet and want it to be popular
with people facing most dangerous threats.
Tor is adding inter-relay adaptive padding soon to stop timing
attacks.
That would be neat. For many years it was believed that only full CBR
would make much difference against global traffic analysis - and even
then you have internal attacks. I understand there have been some
recent
papers about padding and chaff etc that make significant progress
without the cost of full CBR.
However, on Freenet, we could reasonably use Mixminion-style
high-latency tunnels (at least for inserts). It's not clear whether
this
is viable on opennet.
https://lists.torproject.org/pipermail/tor-dev/2015-September/009485.html
How did Freenet solve this? If a bad node can connect to you on
Opennet, they can do traffic analysis on your requests. With no guard
nodes an attacker can connect to everyone in short time. You can add
node pinning and tunnels but that's a lot of work.
We don't solve it. Freenet provides less anonymity than Tor right now -
at least in opennet mode, and depending on your assumptions. On the
other hand, running a freesite is easier than safely running a hidden
service.
In particular, connecting to every node on opennet and observing their
traffic is quite feasible for a moderately funded attacker. On the
other
hand, it appears that MAST (a theoretical, much cheaper attack that
worried me for many years) isn't feasible.
I do think we could provide better anonymity than Tor in the long run
though. But we can't prevent blocking - *any* peer-to-peer network
running over the regular Internet can be detected cheaply.
_______________________________________________
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
