On 30/11/15 13:40, Arne Babenhauserheide wrote: > Am Samstag, 28. November 2015, 14:52:23 schrieb Matthew Toseland: >> But then Freenet was always just one piece of the puzzle Okay, first, can we agree on this bit? "Freenet is one piece of the puzzle". It doesn't provide a secure operating system to run it on, good disk encryption, or an internet backbone! >> - a research project really. > I don’t think people contributed or donated for that. Also, and I > agree with earlier complaints about that, a research project does not > need an auto-updater, content-filters, support for websites, forums, a > full-fledged client-protocol, and so forth. That depends on the nature of your research. I think we have benefited considerably from having actual users testing the network. Even security testing it, if they do it in such a way that we can make use of it (e.g. Frost!).
We signal this tentative status in the first-time wizard, in the logs, in the FAQ, and in the version number being less than 1.0. We do not provide any guarantees of security. If your life depends on Freenet's security, either you're a fool, or you're in a really dark place. I do not approve of the hand-wavy simulations without source code school of research. Lots of papers are not only not implemented but probably not implementable. Such as PISCES. :( > I say it so clearly, because I think that calling Freenet a research > project is harming the project. > > Either we’re a research project, then we can strip out most of the > features in Freenet, tell our users that we don’t care about them and > let Freenet be replaced by the newest results of sensor network > research, or we’re a project which aims at providing the technical > foundation for freedom of the press, then we need to make Freenet easy > to use und robust, and we need to know and communicate for whom it can > already provide reasonable security. Is there a group of people for whom it can provide reasonable security? What is your threat model? If it doesn't include at least one state, it should: They usually are out to get you if you're doing anything at all controversial, as we've seen fairly frequently even in western countries! We don't provide protection against petty malware - that's somebody else's problem. And we don't provide a warm fuzzy feeling when accessing Facebook either, because we don't proxy! >> The problem with darknet is that Freenet is not socially acceptable >> and is technically challenging (it effectively requires a dedicated >> always on system), and currently is slow and inconvenient. There are >> lots of relatively easy ways we can improve the last point. The >> first is hard. > Technically challenging can be solved by making it easier to join — > all that is documented in the bugtracker. For *more* socially > acceptable we need more actively spidering indizes which only include > what the creator deems acceptable (nerdageddon does not count since it > does not spider itself). However, Freenet as “if you want to avoid > censorship, no one must be able to censor” is pretty acceptable. There are lots of reasons why it's hard to get darknet peers. 1. Freenet is uncensorable. Most people find this offensive. 2. Freenet needs an always-on always-connected device, especially on darknet. Most people don't have one, the costs are significant. 3. Darknet is slow. We can fix #3. Fixing #2 is hard; even if Freenet is popular enough that somebody can sell boxes for it, it will still slow down your internet. Fixing #1 is impossible. Also, #2 is likely to become more and more of a problem over time, until civilisation collapses under the weight of the housing market bubble. :) Unfortunately this is not exclusively a UK problem. More seriously the technical trend to everything mobile and cloud dependent is driven at least in part by wider social trends. >> I have no idea what you mean by "node pinning". > I guess it could be either reconnecting through old opennet peers, or > reusing the same seednode. Both would make it harder to start new > attacks against opennet users (as in “it would make it slower”). Marginally. Old opennet peer connections don't often work because when you want to reconnect your old peer probably doesn't - even if it hasn't changed its IP address. What would make a difference would be centralised restrictions on bootstrapping new identities. But this would break a lot of the decentralised pseudo-solutions, it would be a lot of work, and doesn't provide meaningful protection unless we can charge real money for joining opennet - or unless it's really hard for attackers to get widely distributed IP addresses. Is it? The attack on Tor last year used a single prefix. But then that was a university. Again it depends on your threat model. There may be distributed solutions, provided the attacker hasn't already taken over the network. E.g. we could have key types that involve checking connectivity, or nodes dedicated to this task (like ShadowWalker's shadow nodes), to enforce limits on the number of nodes in a given IP range. There are problems with both cases: A key type gives an attacker a fast way to get the IP addresses of a route to a specific keyspace location (unless we try to indirect it), and shadow nodes have the chicken-and-egg problem of needing Sybil-proof bootstrapping. Of course opennet is already centralised in practice, and a malicious seednode can capture everyone announcing to it. A distributed protocol for generating identities would probably be a good thing even if it meant we were more dependent on them... So we probably need more centralised mechanisms (but with stronger safeguards e.g. involving all the seeds in identity generation) as well as more distributed verification... And it would all be a huge amount of work - and without some real scarcity backing it it would achieve very little. What's cheap for real, lowest common denominator users but expensive for attackers? AFAICS nothing, not even IP addresses. That's the general Sybil Always Wins problem, the reason why opennet is irredeemable. If anyone has an answer I'd love to hear it. > Best wishes, > Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
