On 18/10/15 10:03, Arne Babenhauserheide wrote: > Am Sonntag, 18. Oktober 2015, 01:47:05 schrieb > [email protected]: >> Adding latency is a bad idea and actually less effective than you >> believe compared to other ways. >> >> http://freehaven.net/anonbib/cache/ShWa-Timing06.pdf > As far as I can see by quick skimming, this is only about interactive > use of centralized services. “Latency is prohibitive” applies to a > much lower degree if the local service can do significant prefetching, > and if you can get stuff in massively parallel ways (like getting 20 > chunks of a 400 kiB file simultaneously from 20 different sources > using 20 different routes). Multi-sourcing does not improve anonymity - it tends to reduce it.
The point here is that *for some use cases*, where latency can be tolerated, Mixminion-style mixes work well. These cases include email (for some uses anyway) and big Freenet inserts (at least on darknet), where it will take a day or so anyway so delaying the insert isn't a big deal. Mixes are similar to onion routing but they are actual mixes - some number of messages go in and the same number go out, in some fixed time period. This gives them provable properties against traffic analysis. However I will have a look at the paper when I have time. >> Slowing down the network pushes away users and less trees in the forest >> degrades anonymity. >> >> See above. Which is a good reason to not multiply the hop count by 6, as you are proposing, by hiding *every* node behind a hidden service. I agree that it might make sense at some point to support optionally using Tor for initiating requests. If we were going to build something on top of a mixnet, it wouldn't be Freenet. You'd want a very shallow DHT - maybe even 1-hop - and to return data directly to the requestor, for large enough requests (probably increasing the block size to make this cheaper). But feel free to fork our client layer and replace the routing and connection levels. >> Freenet should move to secure crypto primitives right now. DH 1024 is >> dead and SHA1 should not be used for jar verification. > This is already happening. Why do we use SHA1 for Jar verification? Is this a JDK1.6 limitation? Nothing in Freenet itself uses SHA1. And yes, we need ECC-based SSKs. This has been discussed, there are bugs for it. There isn't funding for it right now. >> Are Freenet's papers on freehaven.net? > If not, it would be great if you could get them there: > https://freenetproject.org/papers.html?language=en > >> For funding you should include as many payment methods as you can to >> make donations convenient. Your new frontpage should include a >> fundraising bar for year base costs. Then you say for any extra money >> you direct users to a detailed roadmap for planned Freenet features with >> estimates for manhour costs to develop. A visual representation >> motivates donators and makes them feel they are giving money towards >> something defined. > What do you think about the donation bar on > https://testing.freenetproject.org? In general I agree, however IMHO we need people for base costs. Servers and accounts are cheap. But we can't spend money developing huge changes which then can't be merged because the volunteer release manager(s) don't have time to review them. And there will often be things that need doing quickly, or that aren't obviously important to donors. So I'm very sceptical about bounties. >> Go for research grants if you can and try talking at >> universities and privacy conferences to recruit researchers. > I applied at opentech.fund, but I can’t predict whether it will work > out. The CENO folks applied for a grant at another position, too, > which should include work from freenet developers, if they do get the > grant. If you have other places where people with limited experience > in running on grants can apply, please note them here. Agreed we should apply for grants. However in the more specific academic sense, research grants are important because they result in papers that occasionally have something we can deploy - last year we implemented simple but hugely important changes to opennet based on a published paper. What research grants don't do is result in usable code. We need to look at more general funding options, and I absolutely agree that we need more academic attention - but in recent years we seem to be getting it, which is great. If we're lucky, my academic project this year will fix load management. We've done a huge amount of work since 0.7.5. Why don't we try the traditional approach of releasing 0.8.0, getting some publicity and asking for donations? > Best wishes, > Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
