On Friday 03 December 2010 14:09:04 Matthew Toseland wrote: > When a new opennet node is created, we create 40 ConnectionTokens. > > A ConnectionToken is basically just a public/private keypair. > > In order to validate the tokens and thus be able to use them, we ask 5 > seednodes to sign our tokens. The seednodes require CAPTCHAs or some similar > basic scarcity mechanism that can be dealt with during the installation > process (one CAPTCHA per node, to sign the whole batch of tokens). Unlike WoT > CAPTCHAs, these can be generated once for each challenge, with limits on how > many can be sent per connection and IP address (no more than N over period > T). These limits could perhaps be shared between the seednodes, possibly > stored on Freenet in a similar mechanism to what is described below. CAPTCHAs > would also have a time limit, to make it harder to reuse them or farm them > out. Also, we can use any kind of centralised or networked captcha - for > instance, the OCR-of-ancient-texts form - because the seednodes are not even > pretending to be invisible. If you need to be invisible you need to use > darknet, period.
http://motherjones.com/kevin-drum/2010/08/price-captcha Most of the sites are in russian, this one's in english: http://www.beatcaptchas.com/prices.html If we say $8/1000 captcha's, as on this site, assuming that's on the high end based on the market analysis above, and if we say each introduction requires one successful captcha for each of the 5 nodes, that means for $80 you can introduce 2,000 nodes i.e. be able to use 80,000 connections, for a cost of $0.001 per connection. So there is very little point in trying to protect this - or Freetalk! - with CAPTCHAs. IP address scarcity may be an option however. If an attacker needs a separate IP address for every group of 40 connections, how much will this cost him? A fast freenet node, 40 connections with 3KB/sec each, would be quite high monthly transfer, so cheaper personal VPN services might not be enough ... otoh there are a LOT of such services, and most of them allow p2p. Say you need 12,000 connections, and you're limiting each to 20 connections to limit bandwidth usage, that might be $6000-$12000/mo ... It is likely that this is significantly higher than the cost if there is no IP scarcity limitation... There will be difficulties scaling up both on the other hand I bet that any entity attacking an 80,000 node network probably has cheaper ways to get IP addresses than an average end user does... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101203/0977ec33/attachment.pgp>