Let's talk about the bad news and the way forward.
There was a Sybil attack for 4 years. The Freenet 0day has been around
for so long that LE contractors have built a kit around it. Forget
global adversaries or nation states, its so bad that local police
stations with shoelace budgets can attack the network. My guess, Frost's
spam issues make traffic tagging easy.
Before anyone gets started: "But, but.. Tor was also attacked!"
Yes, but responses are very different from what's going on here. They
immediately fixed the hole and evicted the Sybil nodes. They are
implementing code that will make future attempts much more difficult.
They did not add a line to the FAQ that said "shit happens" and shrug
their shoulders.
More on what you can do later.
"Securing Opennet is impossible, go Darknet mode or shut up!"
Taking your defeatist attitude to conclusion we can say anonymous
communication is a very hard problem so no point trying. Let's all use
the surveiled network and take our chance?
Of course not. You can raise costs to make it hard for any attack and
other projects proved it.
I understand you need more resources to turn things round. That can
change, but carrying a defeatist attitude can never improve anything.
Going Darknet mode only is not a real fix. Its like suggesting to people
to limit internet access only to their LAN to stay safe. The value of
the network becomes diminished. Darknet mode also exposes people's
social network to anyone watching enough of the internet. Its a
dangerous liability.
You can use the bad news to your advantage. Write your proposals around
it as one of your main goals. Say you need more funds to introduce
PISCES tunnels, some notion of node pinning, limiting the number of
nodes from address spaces, adding Tor transport support and updating
crypto primitives.
Questions:
Does making it impossible versus very hard, to know what a user have in
their datastore make attacks harder? As we saw, plausible deniability
wasn't much help. Without disk encryption it's over.
What can an attacker with DH 1024 cracking ability do to Freenet right
now?
_______________________________________________
Devl mailing list
[email protected]
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
