On Fri, 2015-11-27 at 18:07 -0500, [email protected] wrote: > Let's talk about the bad news and the way forward. > > There was a Sybil attack for 4 years. The Freenet 0day has been > around > for so long that LE contractors have built a kit around it. Forget > global adversaries or nation states, its so bad that local police > stations with shoelace budgets can attack the network. My guess, > Frost's > spam issues make traffic tagging easy. >
What's your source on this? Do you understand what Sybil is about? What makes it qualify as 0day (it's not documented on https://wiki.free netproject.org/Opennet_attacks ?) > > Before anyone gets started: "But, but.. Tor was also attacked!" > > Yes, but responses are very different from what's going on here. They > immediately fixed the hole and evicted the Sybil nodes. They are > implementing code that will make future attempts much more difficult. > They did not add a line to the FAQ that said "shit happens" and shrug > their shoulders. > > More on what you can do later. > > > "Securing Opennet is impossible, go Darknet mode or shut up!" > > Taking your defeatist attitude to conclusion we can say anonymous > communication is a very hard problem so no point trying. Let's all > use > the surveiled network and take our chance? > > Of course not. You can raise costs to make it hard for any attack and > other projects proved it. > > I understand you need more resources to turn things round. That can > change, but carrying a defeatist attitude can never improve anything. > > Going Darknet mode only is not a real fix. Can you define what is the attack and its real-fix then? > Its like suggesting to people > to limit internet access only to their LAN to stay safe. The value of > the network becomes diminished. Darknet mode also exposes people's > social network to anyone watching enough of the internet. Its a > dangerous liability. > The idea is that you're already exposing your social network regardless of whether you are using darknet or not... so on the contrary, you do *not* leak any information by connecting to your real-life social contacts. What needs changing is the terminology; "friends" might not be the adequate word to describe darknet peers. > You can use the bad news to your advantage. Write your proposals > around > it as one of your main goals. Say you need more funds to introduce > PISCES tunnels, some notion of node pinning, limiting the number of > nodes from address spaces, adding Tor transport support and updating > crypto primitives. > It's great that you're volunteering to do it. > Questions: > > Does making it impossible versus very hard, to know what a user have > in > their datastore make attacks harder? As we saw, plausible deniability > wasn't much help. Without disk encryption it's over. > Plausible deniability is all you get from pseudo-anonymous overlay networks; whether they're called Freenet, Tor, I2P or anything else doesn't change anything; whether they're perfect or not neither. Put it another way: if "any" probability is enough to get you "convicted/jailed/murdered/tortured" using any of these tools isn't going to do any good. > What can an attacker with DH 1024 cracking ability do to Freenet > right > now? Nothing in current freenet uses or relies on DH1024; Define "DH 1024 cracking ability" if you expect an answer. Florent
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
